Mercurial > hg

view rust/hg-core/src/checkexec.rs @ 51181:dcaa2df1f688

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
changelog: never inline changelog The test suite mostly use small repositories, that implies that most changelog in the tests are inlined. As a result, non-inlined changelog are quite poorly tested. Since non-inline changelog are most common case for serious repositories, this lack of testing is a significant problem that results in high profile issue like the one recently fixed by 66417f55ea33 and 849745d7da89. Inlining the changelog does not bring much to the table, the number of total file saved is negligible, and the changelog will be read by most operation anyway. So this changeset is make it so we never inline the changelog, and de-inline the one that are still inlined whenever we touch them. By doing that, we remove the "dual code path" situation for writing new entry to the changelog and move to a "single code path" situation. Having a single code path simplify the code and make sure it is covered by test (if test cover that situation obviously) This impact all tests that care about the number of file and the exchange size, but there is nothing too complicated in them just a lot of churn. The churn is made "worse" by the fact rust will use the persistent nodemap on any changelog now. Which is overall a win as it means testing the persistent nodemap more and having less special cases. In short, having inline changelog is mostly useless and an endless source of pain. We get rid of it.
author Pierre-Yves David <pierre-yves.david@octobus.net>
date Mon, 11 Dec 2023 22:27:59 +0100
parents e2c8b30ab4e7
children
line wrap: on
line source

use std::fs;
use std::io;
use std::os::unix::fs::{MetadataExt, PermissionsExt};
use std::path::Path;

const EXECFLAGS: u32 = 0o111;

fn is_executable(path: impl AsRef<Path>) -> Result<bool, io::Error> {
    let metadata = fs::metadata(path)?;
    let mode = metadata.mode();
    Ok(mode & EXECFLAGS != 0)
}

fn make_executable(path: impl AsRef<Path>) -> Result<(), io::Error> {
    let mode = fs::metadata(path.as_ref())?.mode();
    fs::set_permissions(
        path,
        fs::Permissions::from_mode((mode & 0o777) | EXECFLAGS),
    )?;
    Ok(())
}

fn copy_mode(
    src: impl AsRef<Path>,
    dst: impl AsRef<Path>,
) -> Result<(), io::Error> {
    let mode = match fs::symlink_metadata(src) {
        Ok(metadata) => metadata.mode(),
        Err(e) if e.kind() == io::ErrorKind::NotFound =>
        // copymode in python has a more complicated handling of FileNotFound
        // error, which we don't need because all it does is applying
        // umask, which the OS already does when we mkdir.
        {
            return Ok(())
        }
        Err(e) => return Err(e),
    };
    fs::set_permissions(dst, fs::Permissions::from_mode(mode))?;
    Ok(())
}

fn check_exec_impl(path: impl AsRef<Path>) -> Result<bool, io::Error> {
    let basedir = path.as_ref().join(".hg");
    let cachedir = basedir.join("wcache");
    let storedir = basedir.join("store");

    if !cachedir.exists() {
        // we want to create the 'cache' directory, not the '.hg' one.
        // Automatically creating '.hg' directory could silently spawn
        // invalid Mercurial repositories. That seems like a bad idea.
        fs::create_dir(&cachedir)
            .and_then(|()| {
                if storedir.exists() {
                    copy_mode(&storedir, &cachedir)
                } else {
                    copy_mode(&basedir, &cachedir)
                }
            })
            .ok();
    }

    let leave_file: bool;
    let checkdir: &Path;
    let checkisexec = cachedir.join("checkisexec");
    let checknoexec = cachedir.join("checknoexec");
    if cachedir.is_dir() {
        // Check if both files already exist in cache and have correct
        // permissions. if so, we assume that permissions work.
        // If not, we delete the files and try again.
        match is_executable(&checkisexec) {
            Err(e) if e.kind() == io::ErrorKind::NotFound => (),
            Err(e) => return Err(e),
            Ok(is_exec) => {
                if is_exec {
                    let noexec_is_exec = match is_executable(&checknoexec) {
                        Err(e) if e.kind() == io::ErrorKind::NotFound => {
                            fs::write(&checknoexec, "")?;
                            is_executable(&checknoexec)?
                        }
                        Err(e) => return Err(e),
                        Ok(exec) => exec,
                    };
                    if !noexec_is_exec {
                        // check-exec is exec and check-no-exec is not exec
                        return Ok(true);
                    }
                    fs::remove_file(&checknoexec)?;
                }
                fs::remove_file(&checkisexec)?;
            }
        }
        checkdir = &cachedir;
        leave_file = true;
    } else {
        // no cache directory (probably because .hg doesn't exist):
        // check directly in `path` and don't leave the temp file behind
        checkdir = path.as_ref();
        leave_file = false;
    };

    let tmp_file = tempfile::NamedTempFile::new_in(checkdir)?;
    if !is_executable(tmp_file.path())? {
        make_executable(tmp_file.path())?;
        if is_executable(tmp_file.path())? {
            if leave_file {
                tmp_file.persist(checkisexec).ok();
            }
            return Ok(true);
        }
    }

    Ok(false)
}

/// This function is a Rust rewrite of the `checkexec` function from
/// `posix.py`.
///
/// Returns `true` if the filesystem supports execute permissions.
pub fn check_exec(path: impl AsRef<Path>) -> bool {
    check_exec_impl(path).unwrap_or(false)
}