aboutsummaryrefslogtreecommitdiff
path: root/Utility
Commit message (Collapse)AuthorAge
* Merge branch 'master' into smudgeGravatar Joey Hess2015-12-21
|\
| * fix build warnings under ghc 7.10Gravatar Joey Hess2015-12-19
| | | | | | | | | | | | Caused by AMP.. Since I've finally upgraded my dev laptop to 7.10, I may start missing imports that are not needed with it but are with older versions..
* | Merge branch 'master' into smudgeGravatar Joey Hess2015-12-16
|\|
| * bring back some deleted functions that git-repair usesGravatar Joey Hess2015-12-15
| |
| * improve temp dir securityGravatar Joey Hess2015-12-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | http://bugs.debian.org/807341 * Fix insecure temporary permissions when git-annex repair is used in in a corrupted git repository. Other calls to withTmpDir didn't leak any potentially private data, but repair clones the git repository to a temp directory which is made using the user's umask. Thus, it might expose a git repo that is otherwise locked down. * Fix potential denial of service attack when creating temp dirs. Since withTmpDir used easily predictable temporary directory names, an attacker could create foo.0, foo.1, etc and as long as it managed to keep ahead of it, could prevent it from ever returning. I'd rate this as a low utility DOS attack. Most attackers in a position to do this could just fill up the disk /tmp is on to prevent anything from writing temp files. And few parts of git-annex use withTmpDir anyway, so DOS potential is quite low. Examined all callers of withTmpDir and satisfied myself that switching to mkdtmp and so getting a mode 700 temp dir wouldn't break any of them. Note that withTmpDirIn continues to not force temp dir to 700. But it's only used for temp directories inside .git/annex/wherever/ so that is not a problem. Also re-audited all other uses of temp files and dirs in git-annex.
* | use InodeCache when dropping a key to see if a pointer file can be safely resetGravatar Joey Hess2015-12-09
|/ | | | | | | | | | | | | | | | The Keys database can hold multiple inode caches for a given key. One for the annex object, and one for each pointer file, which may not be hard linked to it. Inode caches for a key are recorded when its content is added to the annex, but only if it has known pointer files. This is to avoid the overhead of maintaining the database when not needed. When the smudge filter outputs a file's content, the inode cache is not updated, because git's smudge interface doesn't let us write the file. So, dropping will fall back to doing an expensive verification then. Ideally, git's interface would be improved, and then the inode cache could be updated then too.
* cleanupGravatar Joey Hess2015-12-06
|
* avoid looping trying to make temp dir when the name is too longGravatar Joey Hess2015-12-06
| | | | | Only loop when directory creation fails due to the directory existing already.
* generalize catchHardwareFault to catchIOErrorTypeGravatar Joey Hess2015-12-06
|
* import Data.Time.Format to ensure its Read instance for LocalTime is availableGravatar Joey Hess2015-11-21
| | | | | Seems that Utility.SafeCommand loaded something that indirectly got that instance loaded on unix, but not on Windows recently.
* use intercalate instead of MissingH's joinGravatar Joey Hess2015-11-17
| | | | The two functions are identical.
* reorg quickcheck to a separate moduleGravatar Joey Hess2015-11-17
|
* refactorGravatar Joey Hess2015-11-16
|
* Display progress meter in -J mode when copying from a local git repo, to a ↵Gravatar Joey Hess2015-11-16
| | | | | | | | | | | | local git repo, and from a remote git repo. Had everything available, just didn't combine the progress meter with the other places progress is sent to update it. (And to a remote repo already did show progress.) Most special remotes should already display progress meters with -J, same as without it. One exception to this is the web, since it relies on wget/curl progress display without -J. Still todo..
* fix warningGravatar Joey Hess2015-11-16
|
* store abspath to the lock fileGravatar Joey Hess2015-11-16
| | | | Avoids problems if the program chdirs
* fix use of hifalutin terminologyGravatar Joey Hess2015-11-16
|
* avoid crashing in checkDaemon when fcntl locking is not supportedGravatar Joey Hess2015-11-16
| | | | | Instead, just assume the daemon isn't running. Since the pid file locking fails on such a filesystem, we know it's not running.
* clean up side lock files when we're done with themGravatar Joey Hess2015-11-16
| | | | | | | | | | | There's a potential race, but it's detected and just results in the other process failing to take the side lock, so possibly retrying one second later on. The race window is quite narrow so the extra delay is minor. Left the side lock files mode 666 because an interruption can leave a side lock file created by another user for a shared repository. When this happens, the non-owning user can't delete it (+t) but can still lock it, and so the code falls back to acting as it did before this commit.
* starting to get a handle on how to detect that mad gleam in lustre's eyeGravatar Joey Hess2015-11-13
|
* one more try to get sane behavior our of lustreGravatar Joey Hess2015-11-13
|
* fixed a fd double-closeGravatar Joey Hess2015-11-13
|
* also compare lock file contents to double-check link workedGravatar Joey Hess2015-11-13
| | | | | And it closes the tmp file before this. I don't know if this will help avoid lustre's craziness, but it can't hurt..
* use /tmp for sidelock file when no /dev/shmGravatar Joey Hess2015-11-13
|
* require the side lock be held to take pidlockGravatar Joey Hess2015-11-13
| | | | | | This is less portable, since currently sidelocks rely on /dev/shm. But, I've seen crazy lustre inconsistencies that make me not trust the link() method at all, so what can you do.
* avoid over-long filenames for side lock filesGravatar Joey Hess2015-11-13
|
* add stat checkGravatar Joey Hess2015-11-13
| | | | | | | | I have a strace taken on a lustre filesystem on which link() returned 0, but didn't actually succeed, since the file already existed. One of the linux man pages recommended using link followed by checking like this. I was reading it yesterday, but cannot find it now.
* clean up temp fileGravatar Joey Hess2015-11-13
|
* better lock dropping orderGravatar Joey Hess2015-11-13
|
* generalize to MonadIOGravatar Joey Hess2015-11-12
|
* pid locking configuration and abstraction layer for git-annexGravatar Joey Hess2015-11-12
| | | | (not actually used anywhere yet)
* add timeout for pid lock waitingGravatar Joey Hess2015-11-12
|
* refactorGravatar Joey Hess2015-11-12
|
* module for PidLocks in LockPoolGravatar Joey Hess2015-11-12
|
* make LockPool's LockHandle be able to support multiple different types of ↵Gravatar Joey Hess2015-11-12
| | | | file locks
* module for pid lock files with atomic stale lock file takeover when possibleGravatar Joey Hess2015-11-12
|
* quvi may output utf-8 encoded data when the conifigured locale doesn't ↵Gravatar Joey Hess2015-11-09
| | | | support that; avoid crashing on such invalid encoding.
* merge from propellorGravatar Joey Hess2015-10-28
|
* Symlink timestamp preservation code uses functions from unix-2.7.0 when ↵Gravatar Joey Hess2015-10-21
| | | | available, which should be more portable.
* Use statvfs on OSX.Gravatar Joey Hess2015-10-19
| | | | | | | | Fixes a recent-ish build warning on about 64 bit vs non. This is the method used by the disk-free-space library, and I tested it to yield the same results on even 10 tb drives on OSX -- so it's getting 64 bit values.
* refactorGravatar Joey Hess2015-10-15
|
* comment typoGravatar Joey Hess2015-10-12
|
* fix export list to work on windowsGravatar Joey Hess2015-10-12
|
* add lockContentSharedGravatar Joey Hess2015-10-08
| | | | | | | | Also, rename lockContent to lockContentExclusive inAnnexSafe should perhaps be eliminated, and instead use `lockContentShared inAnnex`. However, I'm waiting on that, as there are only 2 call sites for inAnnexSafe and it's fiddly.
* export FileMode typeGravatar Joey Hess2015-10-08
|
* add tryLockSharedGravatar Joey Hess2015-10-08
|
* open lock file ReadOnly when taking shared lockGravatar Joey Hess2015-10-08
| | | | It's only necessary to open a file for write when taking an exclusive lock.
* Merge branch 'winprocfix'Gravatar Joey Hess2015-10-04
|\
* | Ported disk free space checking code to work on Solaris.Gravatar Joey Hess2015-10-02
| | | | | | | | | | | | | | | | | | | | | | | | | | On Solaris, using f_bsize provided a value that is apparently much larger than the real block size. The solaris docs for statvfs say f_bsize is the "preferred" file system block size, and I guess the filesystem prefers larger blocks, but uses smaller ones or something. The docs also say that f_frsize is the "fundamental" block size. Switched to using f_frsize on Linux and kFreeBSD too, since I guess f_bsize could in theory vary the same way there too. Assuming that Solaris is not violating the posix spec, I guess the linux man page for statvfs is not as well written and I misunderstood it.
* | deal with more backward-compatible breaking renamings in conduitGravatar Joey Hess2015-10-02
| | | | | | | | | | | | This is the kind of annoying thing that makes me not want to use a library. conduitManagerSettings was a perfectly fine name and could have been kept forever.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-16 13:04:17 +0000