feat: checkout respects options for core.protectHFS and `core.prote…

…ctNTFS`. This also adds `gitoxide.core.protectWindows` as a way to enforce additional restrictions that are usually only available on Windows. Note that `core.protectNFS` is always enabled by default, just like [it is in Git](git/git@9102f95).
GitoxideLabs · May 19, 2024 · 886d6b5 · 886d6b5
1 parent 1ca6a3c
commit 886d6b5
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 9 deletions.
diff --git a/gix/src/config/cache/access.rs b/gix/src/config/cache/access.rs
@@ -271,6 +271,35 @@ impl Cache {
         })
     }
 
+    fn protect_options(&self) -> Result<gix_validate::path::component::Options, config::boolean::Error> {
+        const IS_WINDOWS: bool = cfg!(windows);
+        const IS_MACOS: bool = cfg!(target_os = "macos");
+        const ALWAYS_ON_FOR_SAFETY: bool = true;
+        Ok(gix_validate::path::component::Options {
+            protect_windows: config::tree::gitoxide::Core::PROTECT_WINDOWS
+                .enrich_error(
+                    self.resolved
+                        .boolean("gitoxide", Some("core".into()), "protectWindows")
+                        .unwrap_or(Ok(IS_WINDOWS)),
+                )
+                .with_lenient_default_value(self.lenient_config, IS_WINDOWS)?,
+            protect_hfs: config::tree::Core::PROTECT_HFS
+                .enrich_error(
+                    self.resolved
+                        .boolean("core", None, "protectHFS")
+                        .unwrap_or(Ok(IS_MACOS)),
+                )
+                .with_lenient_default_value(self.lenient_config, IS_MACOS)?,
+            protect_ntfs: config::tree::Core::PROTECT_NTFS
+                .enrich_error(
+                    self.resolved
+                        .boolean("core", None, "protectNTFS")
+                        .unwrap_or(Ok(ALWAYS_ON_FOR_SAFETY)),
+                )
+                .with_lenient_default_value(self.lenient_config, ALWAYS_ON_FOR_SAFETY)?,
+        })
+    }
+
     /// Collect everything needed to checkout files into a worktree.
     /// Note that some of the options being returned will be defaulted so safe settings, the caller might have to override them
     /// depending on the use-case.
@@ -310,7 +339,7 @@ impl Cache {
         };
         Ok(gix_worktree_state::checkout::Options {
             filter_process_delay,
-            validate: Default::default(), // TODO: derive these from configuration
+            validate: self.protect_options()?,
             filters,
             attributes: self
                 .assemble_attribute_globals(git_dir, attributes_source, self.attributes)?

diff --git a/gix/src/config/tree/sections/core.rs b/gix/src/config/tree/sections/core.rs
@@ -44,6 +44,10 @@ impl Core {
     /// Needs application to use [`env::args_os`][crate::env::args_os()] to conform all input paths before they are used.
     pub const PRECOMPOSE_UNICODE: keys::Boolean = keys::Boolean::new_boolean("precomposeUnicode", &config::Tree::CORE)
         .with_note("application needs to conform all program input by using gix::env::args_os()");
+    /// The `core.protectHFS` key.
+    pub const PROTECT_HFS: keys::Boolean = keys::Boolean::new_boolean("protectHFS", &config::Tree::CORE);
+    /// The `core.protectNTFS` key.
+    pub const PROTECT_NTFS: keys::Boolean = keys::Boolean::new_boolean("protectNTFS", &config::Tree::CORE);
     /// The `core.repositoryFormatVersion` key.
     pub const REPOSITORY_FORMAT_VERSION: keys::UnsignedInteger =
         keys::UnsignedInteger::new_unsigned_integer("repositoryFormatVersion", &config::Tree::CORE);
@@ -116,6 +120,8 @@ impl Section for Core {
             &Self::SYMLINKS,
             &Self::TRUST_C_TIME,
             &Self::WORKTREE,
+            &Self::PROTECT_HFS,
+            &Self::PROTECT_NTFS,
             &Self::ASKPASS,
             &Self::EXCLUDES_FILE,
             &Self::ATTRIBUTES_FILE,

diff --git a/gix/src/config/tree/sections/gitoxide.rs b/gix/src/config/tree/sections/gitoxide.rs
@@ -103,6 +103,10 @@ mod subsections {
         pub const USE_STDEV: keys::Boolean = keys::Boolean::new_boolean("useStdev", &Gitoxide::CORE)
             .with_note("A runtime version of the USE_STDEV build flag.");
 
+        /// The `gitoxide.core.protectWindows` key.
+        pub const PROTECT_WINDOWS: keys::Boolean = keys::Boolean::new_boolean("protectWindows", &Gitoxide::CORE)
+            .with_note("enable protections that are enabled by default on Windows");
+
         /// The `gitoxide.core.shallowFile` key.
         pub const SHALLOW_FILE: keys::Path = keys::Path::new_path("shallowFile", &Gitoxide::CORE)
             .with_environment_override("GIT_SHALLOW_FILE")
@@ -142,6 +146,7 @@ mod subsections {
                 &Self::USE_NSEC,
                 &Self::USE_STDEV,
                 &Self::SHALLOW_FILE,
+                &Self::PROTECT_WINDOWS,
                 &Self::FILTER_PROCESS_DELAY,
                 &Self::EXTERNAL_COMMAND_STDERR,
                 &Self::REFS_NAMESPACE,

diff --git a/src/plumbing/progress.rs b/src/plumbing/progress.rs
@@ -94,14 +94,6 @@ static GIT_CONFIG: &[Record] = &[
         config: "core.loosecompression",
         usage: Planned("")
     },
-    Record {
-        config: "core.protectHFS",
-        usage: Planned("relevant for checkout on MacOS, and possibly on networked drives")
-    },
-    Record {
-        config: "core.protectNTFS",
-        usage: Planned("relevant for checkout on Windows, and possibly networked drives")
-    },
     Record {
         config: "core.sparseCheckout",
         usage: Planned("we want to support huge repos and be the fastest in doing so")