From 886d6b58e4612ac21cc660ea4ddf1dd0b49d1c6e Mon Sep 17 00:00:00 2001 From: Sebastian Thiel Date: Fri, 17 May 2024 11:06:01 +0200 Subject: [PATCH] feat: checkout respects options for `core.protectHFS` and `core.protectNTFS`. This also adds `gitoxide.core.protectWindows` as a way to enforce additional restrictions that are usually only available on Windows. Note that `core.protectNFS` is always enabled by default, just like [it is in Git](https://github.com/git/git/commit/9102f958ee5254b10c0be72672aa3305bf4f4704). --- gix/src/config/cache/access.rs | 31 +++++++++++++++++++++++- gix/src/config/tree/sections/core.rs | 6 +++++ gix/src/config/tree/sections/gitoxide.rs | 5 ++++ src/plumbing/progress.rs | 8 ------ 4 files changed, 41 insertions(+), 9 deletions(-) diff --git a/gix/src/config/cache/access.rs b/gix/src/config/cache/access.rs index 1bb3e0d7e93..c44b12f3e74 100644 --- a/gix/src/config/cache/access.rs +++ b/gix/src/config/cache/access.rs @@ -271,6 +271,35 @@ impl Cache { }) } + fn protect_options(&self) -> Result { + const IS_WINDOWS: bool = cfg!(windows); + const IS_MACOS: bool = cfg!(target_os = "macos"); + const ALWAYS_ON_FOR_SAFETY: bool = true; + Ok(gix_validate::path::component::Options { + protect_windows: config::tree::gitoxide::Core::PROTECT_WINDOWS + .enrich_error( + self.resolved + .boolean("gitoxide", Some("core".into()), "protectWindows") + .unwrap_or(Ok(IS_WINDOWS)), + ) + .with_lenient_default_value(self.lenient_config, IS_WINDOWS)?, + protect_hfs: config::tree::Core::PROTECT_HFS + .enrich_error( + self.resolved + .boolean("core", None, "protectHFS") + .unwrap_or(Ok(IS_MACOS)), + ) + .with_lenient_default_value(self.lenient_config, IS_MACOS)?, + protect_ntfs: config::tree::Core::PROTECT_NTFS + .enrich_error( + self.resolved + .boolean("core", None, "protectNTFS") + .unwrap_or(Ok(ALWAYS_ON_FOR_SAFETY)), + ) + .with_lenient_default_value(self.lenient_config, ALWAYS_ON_FOR_SAFETY)?, + }) + } + /// Collect everything needed to checkout files into a worktree. /// Note that some of the options being returned will be defaulted so safe settings, the caller might have to override them /// depending on the use-case. @@ -310,7 +339,7 @@ impl Cache { }; Ok(gix_worktree_state::checkout::Options { filter_process_delay, - validate: Default::default(), // TODO: derive these from configuration + validate: self.protect_options()?, filters, attributes: self .assemble_attribute_globals(git_dir, attributes_source, self.attributes)? diff --git a/gix/src/config/tree/sections/core.rs b/gix/src/config/tree/sections/core.rs index 5a63020b11c..d847b4ed75f 100644 --- a/gix/src/config/tree/sections/core.rs +++ b/gix/src/config/tree/sections/core.rs @@ -44,6 +44,10 @@ impl Core { /// Needs application to use [`env::args_os`][crate::env::args_os()] to conform all input paths before they are used. pub const PRECOMPOSE_UNICODE: keys::Boolean = keys::Boolean::new_boolean("precomposeUnicode", &config::Tree::CORE) .with_note("application needs to conform all program input by using gix::env::args_os()"); + /// The `core.protectHFS` key. + pub const PROTECT_HFS: keys::Boolean = keys::Boolean::new_boolean("protectHFS", &config::Tree::CORE); + /// The `core.protectNTFS` key. + pub const PROTECT_NTFS: keys::Boolean = keys::Boolean::new_boolean("protectNTFS", &config::Tree::CORE); /// The `core.repositoryFormatVersion` key. pub const REPOSITORY_FORMAT_VERSION: keys::UnsignedInteger = keys::UnsignedInteger::new_unsigned_integer("repositoryFormatVersion", &config::Tree::CORE); @@ -116,6 +120,8 @@ impl Section for Core { &Self::SYMLINKS, &Self::TRUST_C_TIME, &Self::WORKTREE, + &Self::PROTECT_HFS, + &Self::PROTECT_NTFS, &Self::ASKPASS, &Self::EXCLUDES_FILE, &Self::ATTRIBUTES_FILE, diff --git a/gix/src/config/tree/sections/gitoxide.rs b/gix/src/config/tree/sections/gitoxide.rs index a3b05441263..37c706af0e6 100644 --- a/gix/src/config/tree/sections/gitoxide.rs +++ b/gix/src/config/tree/sections/gitoxide.rs @@ -103,6 +103,10 @@ mod subsections { pub const USE_STDEV: keys::Boolean = keys::Boolean::new_boolean("useStdev", &Gitoxide::CORE) .with_note("A runtime version of the USE_STDEV build flag."); + /// The `gitoxide.core.protectWindows` key. + pub const PROTECT_WINDOWS: keys::Boolean = keys::Boolean::new_boolean("protectWindows", &Gitoxide::CORE) + .with_note("enable protections that are enabled by default on Windows"); + /// The `gitoxide.core.shallowFile` key. pub const SHALLOW_FILE: keys::Path = keys::Path::new_path("shallowFile", &Gitoxide::CORE) .with_environment_override("GIT_SHALLOW_FILE") @@ -142,6 +146,7 @@ mod subsections { &Self::USE_NSEC, &Self::USE_STDEV, &Self::SHALLOW_FILE, + &Self::PROTECT_WINDOWS, &Self::FILTER_PROCESS_DELAY, &Self::EXTERNAL_COMMAND_STDERR, &Self::REFS_NAMESPACE, diff --git a/src/plumbing/progress.rs b/src/plumbing/progress.rs index 09b85a66e7c..c05b7f7ee11 100644 --- a/src/plumbing/progress.rs +++ b/src/plumbing/progress.rs @@ -94,14 +94,6 @@ static GIT_CONFIG: &[Record] = &[ config: "core.loosecompression", usage: Planned("") }, - Record { - config: "core.protectHFS", - usage: Planned("relevant for checkout on MacOS, and possibly on networked drives") - }, - Record { - config: "core.protectNTFS", - usage: Planned("relevant for checkout on Windows, and possibly networked drives") - }, Record { config: "core.sparseCheckout", usage: Planned("we want to support huge repos and be the fastest in doing so")