mirror of
https://github.com/git/git.git
synced 2024-11-16 14:04:52 +01:00
f08b3b0e2e
In order to make the generated tar files more friendly to users who extract them as root using GNU tar and its implied -p option, change the default umask to 002 and change the owner name and group name to root. This ensures that a) the extracted files and directories are not world-writable and b) that they belong to user and group root. Before they would have been assigned to a user and/or group named git if it existed. This also answers the question in the removed comment: uid=0, gid=0, uname=root, gname=root is exactly what we want. Normal users who let tar apply their umask while extracting are only affected if their umask allowed the world to change their files (e.g. a umask of zero). This case is so unlikely and strange that we don't need to support it. Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx> Signed-off-by: Junio C Hamano <junkio@cox.net>
323 lines
8.1 KiB
C
323 lines
8.1 KiB
C
/*
|
|
* Copyright (c) 2005, 2006 Rene Scharfe
|
|
*/
|
|
#include "cache.h"
|
|
#include "commit.h"
|
|
#include "strbuf.h"
|
|
#include "tar.h"
|
|
#include "builtin.h"
|
|
#include "archive.h"
|
|
|
|
#define RECORDSIZE (512)
|
|
#define BLOCKSIZE (RECORDSIZE * 20)
|
|
|
|
static char block[BLOCKSIZE];
|
|
static unsigned long offset;
|
|
|
|
static time_t archive_time;
|
|
static int tar_umask = 002;
|
|
static int verbose;
|
|
|
|
/* writes out the whole block, but only if it is full */
|
|
static void write_if_needed(void)
|
|
{
|
|
if (offset == BLOCKSIZE) {
|
|
write_or_die(1, block, BLOCKSIZE);
|
|
offset = 0;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* queues up writes, so that all our write(2) calls write exactly one
|
|
* full block; pads writes to RECORDSIZE
|
|
*/
|
|
static void write_blocked(const void *data, unsigned long size)
|
|
{
|
|
const char *buf = data;
|
|
unsigned long tail;
|
|
|
|
if (offset) {
|
|
unsigned long chunk = BLOCKSIZE - offset;
|
|
if (size < chunk)
|
|
chunk = size;
|
|
memcpy(block + offset, buf, chunk);
|
|
size -= chunk;
|
|
offset += chunk;
|
|
buf += chunk;
|
|
write_if_needed();
|
|
}
|
|
while (size >= BLOCKSIZE) {
|
|
write_or_die(1, buf, BLOCKSIZE);
|
|
size -= BLOCKSIZE;
|
|
buf += BLOCKSIZE;
|
|
}
|
|
if (size) {
|
|
memcpy(block + offset, buf, size);
|
|
offset += size;
|
|
}
|
|
tail = offset % RECORDSIZE;
|
|
if (tail) {
|
|
memset(block + offset, 0, RECORDSIZE - tail);
|
|
offset += RECORDSIZE - tail;
|
|
}
|
|
write_if_needed();
|
|
}
|
|
|
|
/*
|
|
* The end of tar archives is marked by 2*512 nul bytes and after that
|
|
* follows the rest of the block (if any).
|
|
*/
|
|
static void write_trailer(void)
|
|
{
|
|
int tail = BLOCKSIZE - offset;
|
|
memset(block + offset, 0, tail);
|
|
write_or_die(1, block, BLOCKSIZE);
|
|
if (tail < 2 * RECORDSIZE) {
|
|
memset(block, 0, offset);
|
|
write_or_die(1, block, BLOCKSIZE);
|
|
}
|
|
}
|
|
|
|
static void strbuf_append_string(struct strbuf *sb, const char *s)
|
|
{
|
|
int slen = strlen(s);
|
|
int total = sb->len + slen;
|
|
if (total > sb->alloc) {
|
|
sb->buf = xrealloc(sb->buf, total);
|
|
sb->alloc = total;
|
|
}
|
|
memcpy(sb->buf + sb->len, s, slen);
|
|
sb->len = total;
|
|
}
|
|
|
|
/*
|
|
* pax extended header records have the format "%u %s=%s\n". %u contains
|
|
* the size of the whole string (including the %u), the first %s is the
|
|
* keyword, the second one is the value. This function constructs such a
|
|
* string and appends it to a struct strbuf.
|
|
*/
|
|
static void strbuf_append_ext_header(struct strbuf *sb, const char *keyword,
|
|
const char *value, unsigned int valuelen)
|
|
{
|
|
char *p;
|
|
int len, total, tmp;
|
|
|
|
/* "%u %s=%s\n" */
|
|
len = 1 + 1 + strlen(keyword) + 1 + valuelen + 1;
|
|
for (tmp = len; tmp > 9; tmp /= 10)
|
|
len++;
|
|
|
|
total = sb->len + len;
|
|
if (total > sb->alloc) {
|
|
sb->buf = xrealloc(sb->buf, total);
|
|
sb->alloc = total;
|
|
}
|
|
|
|
p = sb->buf;
|
|
p += sprintf(p, "%u %s=", len, keyword);
|
|
memcpy(p, value, valuelen);
|
|
p += valuelen;
|
|
*p = '\n';
|
|
sb->len = total;
|
|
}
|
|
|
|
static unsigned int ustar_header_chksum(const struct ustar_header *header)
|
|
{
|
|
char *p = (char *)header;
|
|
unsigned int chksum = 0;
|
|
while (p < header->chksum)
|
|
chksum += *p++;
|
|
chksum += sizeof(header->chksum) * ' ';
|
|
p += sizeof(header->chksum);
|
|
while (p < (char *)header + sizeof(struct ustar_header))
|
|
chksum += *p++;
|
|
return chksum;
|
|
}
|
|
|
|
static int get_path_prefix(const struct strbuf *path, int maxlen)
|
|
{
|
|
int i = path->len;
|
|
if (i > maxlen)
|
|
i = maxlen;
|
|
do {
|
|
i--;
|
|
} while (i > 0 && path->buf[i] != '/');
|
|
return i;
|
|
}
|
|
|
|
static void write_entry(const unsigned char *sha1, struct strbuf *path,
|
|
unsigned int mode, void *buffer, unsigned long size)
|
|
{
|
|
struct ustar_header header;
|
|
struct strbuf ext_header;
|
|
|
|
memset(&header, 0, sizeof(header));
|
|
ext_header.buf = NULL;
|
|
ext_header.len = ext_header.alloc = 0;
|
|
|
|
if (!sha1) {
|
|
*header.typeflag = TYPEFLAG_GLOBAL_HEADER;
|
|
mode = 0100666;
|
|
strcpy(header.name, "pax_global_header");
|
|
} else if (!path) {
|
|
*header.typeflag = TYPEFLAG_EXT_HEADER;
|
|
mode = 0100666;
|
|
sprintf(header.name, "%s.paxheader", sha1_to_hex(sha1));
|
|
} else {
|
|
if (verbose)
|
|
fprintf(stderr, "%.*s\n", path->len, path->buf);
|
|
if (S_ISDIR(mode)) {
|
|
*header.typeflag = TYPEFLAG_DIR;
|
|
mode = (mode | 0777) & ~tar_umask;
|
|
} else if (S_ISLNK(mode)) {
|
|
*header.typeflag = TYPEFLAG_LNK;
|
|
mode |= 0777;
|
|
} else if (S_ISREG(mode)) {
|
|
*header.typeflag = TYPEFLAG_REG;
|
|
mode = (mode | ((mode & 0100) ? 0777 : 0666)) & ~tar_umask;
|
|
} else {
|
|
error("unsupported file mode: 0%o (SHA1: %s)",
|
|
mode, sha1_to_hex(sha1));
|
|
return;
|
|
}
|
|
if (path->len > sizeof(header.name)) {
|
|
int plen = get_path_prefix(path, sizeof(header.prefix));
|
|
int rest = path->len - plen - 1;
|
|
if (plen > 0 && rest <= sizeof(header.name)) {
|
|
memcpy(header.prefix, path->buf, plen);
|
|
memcpy(header.name, path->buf + plen + 1, rest);
|
|
} else {
|
|
sprintf(header.name, "%s.data",
|
|
sha1_to_hex(sha1));
|
|
strbuf_append_ext_header(&ext_header, "path",
|
|
path->buf, path->len);
|
|
}
|
|
} else
|
|
memcpy(header.name, path->buf, path->len);
|
|
}
|
|
|
|
if (S_ISLNK(mode) && buffer) {
|
|
if (size > sizeof(header.linkname)) {
|
|
sprintf(header.linkname, "see %s.paxheader",
|
|
sha1_to_hex(sha1));
|
|
strbuf_append_ext_header(&ext_header, "linkpath",
|
|
buffer, size);
|
|
} else
|
|
memcpy(header.linkname, buffer, size);
|
|
}
|
|
|
|
sprintf(header.mode, "%07o", mode & 07777);
|
|
sprintf(header.size, "%011lo", S_ISREG(mode) ? size : 0);
|
|
sprintf(header.mtime, "%011lo", archive_time);
|
|
|
|
sprintf(header.uid, "%07o", 0);
|
|
sprintf(header.gid, "%07o", 0);
|
|
strlcpy(header.uname, "root", sizeof(header.uname));
|
|
strlcpy(header.gname, "root", sizeof(header.gname));
|
|
sprintf(header.devmajor, "%07o", 0);
|
|
sprintf(header.devminor, "%07o", 0);
|
|
|
|
memcpy(header.magic, "ustar", 6);
|
|
memcpy(header.version, "00", 2);
|
|
|
|
sprintf(header.chksum, "%07o", ustar_header_chksum(&header));
|
|
|
|
if (ext_header.len > 0) {
|
|
write_entry(sha1, NULL, 0, ext_header.buf, ext_header.len);
|
|
free(ext_header.buf);
|
|
}
|
|
write_blocked(&header, sizeof(header));
|
|
if (S_ISREG(mode) && buffer && size > 0)
|
|
write_blocked(buffer, size);
|
|
}
|
|
|
|
static void write_global_extended_header(const unsigned char *sha1)
|
|
{
|
|
struct strbuf ext_header;
|
|
ext_header.buf = NULL;
|
|
ext_header.len = ext_header.alloc = 0;
|
|
strbuf_append_ext_header(&ext_header, "comment", sha1_to_hex(sha1), 40);
|
|
write_entry(NULL, NULL, 0, ext_header.buf, ext_header.len);
|
|
free(ext_header.buf);
|
|
}
|
|
|
|
static int git_tar_config(const char *var, const char *value)
|
|
{
|
|
if (!strcmp(var, "tar.umask")) {
|
|
if (!strcmp(value, "user")) {
|
|
tar_umask = umask(0);
|
|
umask(tar_umask);
|
|
} else {
|
|
tar_umask = git_config_int(var, value);
|
|
}
|
|
return 0;
|
|
}
|
|
return git_default_config(var, value);
|
|
}
|
|
|
|
static int write_tar_entry(const unsigned char *sha1,
|
|
const char *base, int baselen,
|
|
const char *filename, unsigned mode, int stage)
|
|
{
|
|
static struct strbuf path;
|
|
int filenamelen = strlen(filename);
|
|
void *buffer;
|
|
char type[20];
|
|
unsigned long size;
|
|
|
|
if (!path.alloc) {
|
|
path.buf = xmalloc(PATH_MAX);
|
|
path.alloc = PATH_MAX;
|
|
path.len = path.eof = 0;
|
|
}
|
|
if (path.alloc < baselen + filenamelen) {
|
|
free(path.buf);
|
|
path.buf = xmalloc(baselen + filenamelen);
|
|
path.alloc = baselen + filenamelen;
|
|
}
|
|
memcpy(path.buf, base, baselen);
|
|
memcpy(path.buf + baselen, filename, filenamelen);
|
|
path.len = baselen + filenamelen;
|
|
if (S_ISDIR(mode)) {
|
|
strbuf_append_string(&path, "/");
|
|
buffer = NULL;
|
|
size = 0;
|
|
} else {
|
|
buffer = read_sha1_file(sha1, type, &size);
|
|
if (!buffer)
|
|
die("cannot read %s", sha1_to_hex(sha1));
|
|
}
|
|
|
|
write_entry(sha1, &path, mode, buffer, size);
|
|
free(buffer);
|
|
|
|
return READ_TREE_RECURSIVE;
|
|
}
|
|
|
|
int write_tar_archive(struct archiver_args *args)
|
|
{
|
|
int plen = args->base ? strlen(args->base) : 0;
|
|
|
|
git_config(git_tar_config);
|
|
|
|
archive_time = args->time;
|
|
verbose = args->verbose;
|
|
|
|
if (args->commit_sha1)
|
|
write_global_extended_header(args->commit_sha1);
|
|
|
|
if (args->base && plen > 0 && args->base[plen - 1] == '/') {
|
|
char *base = xstrdup(args->base);
|
|
int baselen = strlen(base);
|
|
|
|
while (baselen > 0 && base[baselen - 1] == '/')
|
|
base[--baselen] = '\0';
|
|
write_tar_entry(args->tree->object.sha1, "", 0, base, 040777, 0);
|
|
free(base);
|
|
}
|
|
read_tree_recursive(args->tree, args->base, plen, 0,
|
|
args->pathspec, write_tar_entry);
|
|
write_trailer();
|
|
|
|
return 0;
|
|
}
|