From 3f2e2297b9c88a6ab5fc4bff02cf2a07ce057589 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Fri, 1 Jul 2016 01:58:58 -0400 Subject: add an extra level of indirection to main() There are certain startup tasks that we expect every git process to do. In some cases this is just to improve the quality of the program (e.g., setting up gettext()). In others it is a requirement for using certain functions in libgit.a (e.g., system_path() expects that you have called git_extract_argv0_path()). Most commands are builtins and are covered by the git.c version of main(). However, there are still a few external commands that use their own main(). Each of these has to remember to include the correct startup sequence, and we are not always consistent. Rather than just fix the inconsistencies, let's make this harder to get wrong by providing a common main() that can run this standard startup. We basically have two options to do this: - the compat/mingw.h file already does something like this by adding a #define that replaces the definition of main with a wrapper that calls mingw_startup(). The upside is that the code in each program doesn't need to be changed at all; it's rewritten on the fly by the preprocessor. The downside is that it may make debugging of the startup sequence a bit more confusing, as the preprocessor is quietly inserting new code. - the builtin functions are all of the form cmd_foo(), and git.c's main() calls them. This is much more explicit, which may make things more obvious to somebody reading the code. It's also more flexible (because of course we have to figure out _which_ cmd_foo() to call). The downside is that each of the builtins must define cmd_foo(), instead of just main(). This patch chooses the latter option, preferring the more explicit approach, even though it is more invasive. We introduce a new file common-main.c, with the "real" main. It expects to call cmd_main() from whatever other objects it is linked against. We link common-main.o against anything that links against libgit.a, since we know that such programs will need to do this setup. Note that common-main.o can't actually go inside libgit.a, as the linker would not pick up its main() function automatically (it has no callers). The rest of the patch is just adjusting all of the various external programs (mostly in t/helper) to use cmd_main(). I've provided a global declaration for cmd_main(), which means that all of the programs also need to match its signature. In particular, many functions need to switch to "const char **" instead of "char **" for argv. This effect ripples out to a few other variables and functions, as well. This makes the patch even more invasive, but the end result is much better. We should be treating argv strings as const anyway, and now all programs conform to the same signature (which also matches the way builtins are defined). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- git.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'git.c') diff --git a/git.c b/git.c index 968a8a4645..e2444046f5 100644 --- a/git.c +++ b/git.c @@ -630,9 +630,8 @@ static void restore_sigpipe_to_default(void) signal(SIGPIPE, SIG_DFL); } -int main(int argc, char **av) +int cmd_main(int argc, const char **argv) { - const char **argv = (const char **) av; const char *cmd; int done_help = 0; -- cgit v1.2.3 From 650c449250d7279dcbfe2f7cc23624955d53d339 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Fri, 1 Jul 2016 02:04:04 -0400 Subject: common-main: call git_extract_argv0_path() Every program which links against libgit.a must call this function, or risk hitting an assert() in system_path() that checks whether we have configured argv0_path (though only when RUNTIME_PREFIX is defined, so essentially only on Windows). Looking at the diff, you can see that putting it into the common main() saves us having to do it individually in each of the external commands. But what you can't see are the cases where we _should_ have been doing so, but weren't (e.g., git-credential-store, and all of the t/helper test programs). This has been an accident-waiting-to-happen for a long time, but wasn't triggered until recently because it involves one of those programs actually calling system_path(). That happened with git-credential-store in v2.8.0 with ae5f677 (lazily load core.sharedrepository, 2016-03-11). The program: - takes a lock file, which... - opens a tempfile, which... - calls adjust_shared_perm to fix permissions, which... - lazy-loads the config (as of ae5f677), which... - calls system_path() to find the location of /etc/gitconfig On systems with RUNTIME_PREFIX, this means credential-store reliably hits that assert() and cannot be used. We never noticed in the test suite, because we set GIT_CONFIG_NOSYSTEM there, which skips the system_path() lookup entirely. But if we were to tweak git_config() to find /etc/gitconfig even when we aren't going to open it, then the test suite shows multiple failures (for credential-store, and for some other test helpers). I didn't include that tweak here because it's way too specific to this particular call to be worth carrying around what is essentially dead code. The implementation is fairly straightforward, with one exception: there is exactly one caller (git.c) that actually cares about the result of the function, and not the side-effect of setting up argv0_path. We can accommodate that by simply replacing the value of argv[0] in the array we hand down to cmd_main(). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- common-main.c | 3 +++ daemon.c | 3 --- fast-import.c | 3 --- git.c | 2 +- http-backend.c | 1 - http-fetch.c | 2 -- http-push.c | 2 -- imap-send.c | 2 -- remote-curl.c | 1 - remote-testsvn.c | 1 - shell.c | 2 -- upload-pack.c | 1 - 12 files changed, 4 insertions(+), 19 deletions(-) (limited to 'git.c') diff --git a/common-main.c b/common-main.c index 2b96bbf436..57c912a78e 100644 --- a/common-main.c +++ b/common-main.c @@ -1,4 +1,5 @@ #include "git-compat-util.h" +#include "exec_cmd.h" int main(int argc, char **av) { @@ -8,5 +9,7 @@ int main(int argc, char **av) */ const char **argv = (const char **)av; + argv[0] = git_extract_argv0_path(argv[0]); + return cmd_main(argc, argv); } diff --git a/daemon.c b/daemon.c index e6b86d2153..f2bc7f43f6 100644 --- a/daemon.c +++ b/daemon.c @@ -1,6 +1,5 @@ #include "cache.h" #include "pkt-line.h" -#include "exec_cmd.h" #include "run-command.h" #include "strbuf.h" #include "string-list.h" @@ -1190,8 +1189,6 @@ int cmd_main(int argc, const char **argv) git_setup_gettext(); - git_extract_argv0_path(argv[0]); - for (i = 1; i < argc; i++) { const char *arg = argv[i]; const char *v; diff --git a/fast-import.c b/fast-import.c index bd649268b2..72d209c19a 100644 --- a/fast-import.c +++ b/fast-import.c @@ -164,7 +164,6 @@ Format of STDIN stream: #include "refs.h" #include "csum-file.h" #include "quote.h" -#include "exec_cmd.h" #include "dir.h" #define PACK_ID_BITS 16 @@ -3385,8 +3384,6 @@ int cmd_main(int argc, const char **argv) { unsigned int i; - git_extract_argv0_path(argv[0]); - git_setup_gettext(); if (argc == 2 && !strcmp(argv[1], "-h")) diff --git a/git.c b/git.c index e2444046f5..3b4e12d7c6 100644 --- a/git.c +++ b/git.c @@ -635,7 +635,7 @@ int cmd_main(int argc, const char **argv) const char *cmd; int done_help = 0; - cmd = git_extract_argv0_path(argv[0]); + cmd = argv[0]; if (!cmd) cmd = "git-help"; diff --git a/http-backend.c b/http-backend.c index 3249652b3d..2926d1f9e7 100644 --- a/http-backend.c +++ b/http-backend.c @@ -642,7 +642,6 @@ int cmd_main(int argc, const char **argv) git_setup_gettext(); - git_extract_argv0_path(argv[0]); set_die_routine(die_webcgi); set_die_is_recursing_routine(die_webcgi_recursing); diff --git a/http-fetch.c b/http-fetch.c index eb559eb83b..244cd0db5d 100644 --- a/http-fetch.c +++ b/http-fetch.c @@ -24,8 +24,6 @@ int cmd_main(int argc, const char **argv) git_setup_gettext(); - git_extract_argv0_path(argv[0]); - while (arg < argc && argv[arg][0] == '-') { if (argv[arg][1] == 't') { get_tree = 1; diff --git a/http-push.c b/http-push.c index 98228a4262..acfcd1f1ad 100644 --- a/http-push.c +++ b/http-push.c @@ -1711,8 +1711,6 @@ int cmd_main(int argc, const char **argv) git_setup_gettext(); - git_extract_argv0_path(argv[0]); - repo = xcalloc(1, sizeof(*repo)); argv++; diff --git a/imap-send.c b/imap-send.c index 890e1cbb64..125b2183a7 100644 --- a/imap-send.c +++ b/imap-send.c @@ -1500,8 +1500,6 @@ int cmd_main(int argc, const char **argv) int total; int nongit_ok; - git_extract_argv0_path(argv[0]); - git_setup_gettext(); setup_git_directory_gently(&nongit_ok); diff --git a/remote-curl.c b/remote-curl.c index 6ebc2a0c11..cdbaed1479 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -991,7 +991,6 @@ int cmd_main(int argc, const char **argv) git_setup_gettext(); - git_extract_argv0_path(argv[0]); setup_git_directory_gently(&nongit); if (argc < 2) { error("remote-curl: usage: git remote-curl []"); diff --git a/remote-testsvn.c b/remote-testsvn.c index 32631eb14a..f87bf851ba 100644 --- a/remote-testsvn.c +++ b/remote-testsvn.c @@ -292,7 +292,6 @@ int cmd_main(int argc, const char **argv) static struct remote *remote; const char *url_in; - git_extract_argv0_path(argv[0]); setup_git_directory(); if (argc < 2 || argc > 3) { usage("git-remote-svn []"); diff --git a/shell.c b/shell.c index 3dd7fdcfe6..ca00807d7e 100644 --- a/shell.c +++ b/shell.c @@ -147,8 +147,6 @@ int cmd_main(int argc, const char **argv) git_setup_gettext(); - git_extract_argv0_path(argv[0]); - /* * Always open file descriptors 0/1/2 to avoid clobbering files * in die(). It also avoids messing up when the pipes are dup'ed diff --git a/upload-pack.c b/upload-pack.c index 909ce68cfb..8f2dd7d49a 100644 --- a/upload-pack.c +++ b/upload-pack.c @@ -826,7 +826,6 @@ int cmd_main(int argc, const char **argv) git_setup_gettext(); packet_trace_identity("upload-pack"); - git_extract_argv0_path(argv[0]); check_replace_refs = 0; for (i = 1; i < argc; i++) { -- cgit v1.2.3 From 57f5d52a942e8bbfa82e2741faf050de0d6b3eb3 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Fri, 1 Jul 2016 02:06:02 -0400 Subject: common-main: call sanitize_stdfds() This is setup that should be done in every program for safety, but we never got around to adding it everywhere (so builtins benefited from the call in git.c, but any external commands did not). Putting it in the common main() gives us this safety everywhere. Note that the case in daemon.c is a little funny. We wait until we know whether we want to daemonize, and then either: - call daemonize(), which will close stdio and reopen it to /dev/null under the hood - sanitize_stdfds(), to fix up any odd cases But that is way too late; the point of sanitizing is to give us reliable descriptors on 0/1/2, and we will already have executed code, possibly called die(), etc. The sanitizing should be the very first thing that happens. With this patch, git-daemon will sanitize first, and can remove the call in the non-daemonize case. It does mean that daemonize() may just end up closing the descriptors we opened, but that's not a big deal (it's not wrong to do so, nor is it really less optimal than the case where our parent process redirected us from /dev/null ahead of time). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- common-main.c | 9 ++++++++- daemon.c | 3 +-- git.c | 7 ------- shell.c | 7 ------- 4 files changed, 9 insertions(+), 17 deletions(-) (limited to 'git.c') diff --git a/common-main.c b/common-main.c index 57c912a78e..353c6ea175 100644 --- a/common-main.c +++ b/common-main.c @@ -1,4 +1,4 @@ -#include "git-compat-util.h" +#include "cache.h" #include "exec_cmd.h" int main(int argc, char **av) @@ -9,6 +9,13 @@ int main(int argc, char **av) */ const char **argv = (const char **)av; + /* + * Always open file descriptors 0/1/2 to avoid clobbering files + * in die(). It also avoids messing up when the pipes are dup'ed + * onto stdin/stdout/stderr in the child processes we spawn. + */ + sanitize_stdfds(); + argv[0] = git_extract_argv0_path(argv[0]); return cmd_main(argc, argv); diff --git a/daemon.c b/daemon.c index f2bc7f43f6..981338414e 100644 --- a/daemon.c +++ b/daemon.c @@ -1364,8 +1364,7 @@ int cmd_main(int argc, const char **argv) if (detach) { if (daemonize()) die("--detach not supported on this platform"); - } else - sanitize_stdfds(); + } if (pid_file) write_file(pid_file, "%"PRIuMAX, (uintmax_t) getpid()); diff --git a/git.c b/git.c index 3b4e12d7c6..b65083ca97 100644 --- a/git.c +++ b/git.c @@ -639,13 +639,6 @@ int cmd_main(int argc, const char **argv) if (!cmd) cmd = "git-help"; - /* - * Always open file descriptors 0/1/2 to avoid clobbering files - * in die(). It also avoids messing up when the pipes are dup'ed - * onto stdin/stdout/stderr in the child processes we spawn. - */ - sanitize_stdfds(); - restore_sigpipe_to_default(); git_setup_gettext(); diff --git a/shell.c b/shell.c index ca00807d7e..5e70acb9a6 100644 --- a/shell.c +++ b/shell.c @@ -147,13 +147,6 @@ int cmd_main(int argc, const char **argv) git_setup_gettext(); - /* - * Always open file descriptors 0/1/2 to avoid clobbering files - * in die(). It also avoids messing up when the pipes are dup'ed - * onto stdin/stdout/stderr in the child processes we spawn. - */ - sanitize_stdfds(); - /* * Special hack to pretend to be a CVS server */ -- cgit v1.2.3 From 12e0437f237ad72df3a2f3f8b067cf8097d792f1 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Fri, 1 Jul 2016 02:06:35 -0400 Subject: common-main: call restore_sigpipe_to_default() This is another safety/sanity setup that should be in force everywhere, but which we only applied in git.c. This did catch most cases, since even external commands are typically run via "git ..." (and the restoration applies to sub-processes, too). But there were cases we missed, such as somebody calling git-upload-pack directly via ssh, or scripts which use dashed external commands directly. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- common-main.c | 23 +++++++++++++++++++++++ git.c | 23 ----------------------- 2 files changed, 23 insertions(+), 23 deletions(-) (limited to 'git.c') diff --git a/common-main.c b/common-main.c index 353c6ea175..20e55ef7d7 100644 --- a/common-main.c +++ b/common-main.c @@ -1,6 +1,27 @@ #include "cache.h" #include "exec_cmd.h" +/* + * Many parts of Git have subprograms communicate via pipe, expect the + * upstream of a pipe to die with SIGPIPE when the downstream of a + * pipe does not need to read all that is written. Some third-party + * programs that ignore or block SIGPIPE for their own reason forget + * to restore SIGPIPE handling to the default before spawning Git and + * break this carefully orchestrated machinery. + * + * Restore the way SIGPIPE is handled to default, which is what we + * expect. + */ +static void restore_sigpipe_to_default(void) +{ + sigset_t unblock; + + sigemptyset(&unblock); + sigaddset(&unblock, SIGPIPE); + sigprocmask(SIG_UNBLOCK, &unblock, NULL); + signal(SIGPIPE, SIG_DFL); +} + int main(int argc, char **av) { /* @@ -18,5 +39,7 @@ int main(int argc, char **av) argv[0] = git_extract_argv0_path(argv[0]); + restore_sigpipe_to_default(); + return cmd_main(argc, argv); } diff --git a/git.c b/git.c index b65083ca97..ccb24fd26a 100644 --- a/git.c +++ b/git.c @@ -609,27 +609,6 @@ static int run_argv(int *argcp, const char ***argv) return done_alias; } -/* - * Many parts of Git have subprograms communicate via pipe, expect the - * upstream of a pipe to die with SIGPIPE when the downstream of a - * pipe does not need to read all that is written. Some third-party - * programs that ignore or block SIGPIPE for their own reason forget - * to restore SIGPIPE handling to the default before spawning Git and - * break this carefully orchestrated machinery. - * - * Restore the way SIGPIPE is handled to default, which is what we - * expect. - */ -static void restore_sigpipe_to_default(void) -{ - sigset_t unblock; - - sigemptyset(&unblock); - sigaddset(&unblock, SIGPIPE); - sigprocmask(SIG_UNBLOCK, &unblock, NULL); - signal(SIGPIPE, SIG_DFL); -} - int cmd_main(int argc, const char **argv) { const char *cmd; @@ -639,8 +618,6 @@ int cmd_main(int argc, const char **argv) if (!cmd) cmd = "git-help"; - restore_sigpipe_to_default(); - git_setup_gettext(); trace_command_performance(argv); -- cgit v1.2.3 From 5ce5f5fa5ad3de3c36fdd00df2d5c045ad1d7f04 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Fri, 1 Jul 2016 02:07:01 -0400 Subject: common-main: call git_setup_gettext() This should be part of every program, as otherwise users do not get translated error messages. However, some external commands forgot to do so (e.g., git-credential-store). This fixes them, and eliminates the repeated code in programs that did remember to use it. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- common-main.c | 2 ++ daemon.c | 2 -- fast-import.c | 2 -- git.c | 2 -- http-backend.c | 2 -- http-fetch.c | 2 -- http-push.c | 2 -- imap-send.c | 2 -- remote-curl.c | 2 -- shell.c | 2 -- show-index.c | 2 -- upload-pack.c | 2 -- 12 files changed, 2 insertions(+), 22 deletions(-) (limited to 'git.c') diff --git a/common-main.c b/common-main.c index 20e55ef7d7..3be5ad18e1 100644 --- a/common-main.c +++ b/common-main.c @@ -37,6 +37,8 @@ int main(int argc, char **av) */ sanitize_stdfds(); + git_setup_gettext(); + argv[0] = git_extract_argv0_path(argv[0]); restore_sigpipe_to_default(); diff --git a/daemon.c b/daemon.c index 981338414e..569997c98f 100644 --- a/daemon.c +++ b/daemon.c @@ -1187,8 +1187,6 @@ int cmd_main(int argc, const char **argv) struct credentials *cred = NULL; int i; - git_setup_gettext(); - for (i = 1; i < argc; i++) { const char *arg = argv[i]; const char *v; diff --git a/fast-import.c b/fast-import.c index 72d209c19a..c434272566 100644 --- a/fast-import.c +++ b/fast-import.c @@ -3384,8 +3384,6 @@ int cmd_main(int argc, const char **argv) { unsigned int i; - git_setup_gettext(); - if (argc == 2 && !strcmp(argv[1], "-h")) usage(fast_import_usage); diff --git a/git.c b/git.c index ccb24fd26a..0f1937fd0c 100644 --- a/git.c +++ b/git.c @@ -618,8 +618,6 @@ int cmd_main(int argc, const char **argv) if (!cmd) cmd = "git-help"; - git_setup_gettext(); - trace_command_performance(argv); /* diff --git a/http-backend.c b/http-backend.c index 2926d1f9e7..5a17bcac87 100644 --- a/http-backend.c +++ b/http-backend.c @@ -640,8 +640,6 @@ int cmd_main(int argc, const char **argv) char *cmd_arg = NULL; int i; - git_setup_gettext(); - set_die_routine(die_webcgi); set_die_is_recursing_routine(die_webcgi_recursing); diff --git a/http-fetch.c b/http-fetch.c index 244cd0db5d..3b556d6619 100644 --- a/http-fetch.c +++ b/http-fetch.c @@ -22,8 +22,6 @@ int cmd_main(int argc, const char **argv) int get_verbosely = 0; int get_recover = 0; - git_setup_gettext(); - while (arg < argc && argv[arg][0] == '-') { if (argv[arg][1] == 't') { get_tree = 1; diff --git a/http-push.c b/http-push.c index acfcd1f1ad..366794d707 100644 --- a/http-push.c +++ b/http-push.c @@ -1709,8 +1709,6 @@ int cmd_main(int argc, const char **argv) int new_refs; struct ref *ref, *local_refs; - git_setup_gettext(); - repo = xcalloc(1, sizeof(*repo)); argv++; diff --git a/imap-send.c b/imap-send.c index 125b2183a7..9cbe27fcd4 100644 --- a/imap-send.c +++ b/imap-send.c @@ -1500,8 +1500,6 @@ int cmd_main(int argc, const char **argv) int total; int nongit_ok; - git_setup_gettext(); - setup_git_directory_gently(&nongit_ok); git_imap_config(); diff --git a/remote-curl.c b/remote-curl.c index cdbaed1479..46a55d28f5 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -989,8 +989,6 @@ int cmd_main(int argc, const char **argv) struct strbuf buf = STRBUF_INIT; int nongit; - git_setup_gettext(); - setup_git_directory_gently(&nongit); if (argc < 2) { error("remote-curl: usage: git remote-curl []"); diff --git a/shell.c b/shell.c index 5e70acb9a6..464ee1a201 100644 --- a/shell.c +++ b/shell.c @@ -145,8 +145,6 @@ int cmd_main(int argc, const char **argv) struct commands *cmd; int count; - git_setup_gettext(); - /* * Special hack to pretend to be a CVS server */ diff --git a/show-index.c b/show-index.c index 575f9c5894..1ead41e211 100644 --- a/show-index.c +++ b/show-index.c @@ -11,8 +11,6 @@ int cmd_main(int argc, const char **argv) unsigned int version; static unsigned int top_index[256]; - git_setup_gettext(); - if (argc != 1) usage(show_index_usage); if (fread(top_index, 2 * 4, 1, stdin) != 1) diff --git a/upload-pack.c b/upload-pack.c index 8f2dd7d49a..f0a0fdaf71 100644 --- a/upload-pack.c +++ b/upload-pack.c @@ -823,8 +823,6 @@ int cmd_main(int argc, const char **argv) int i; int strict = 0; - git_setup_gettext(); - packet_trace_identity("upload-pack"); check_replace_refs = 0; -- cgit v1.2.3