View Javadoc
1   /*
2    * Copyright (C) 2010, Robin Rosenberg
3    * and other copyright owners as documented in the project's IP log.
4    *
5    * This program and the accompanying materials are made available
6    * under the terms of the Eclipse Distribution License v1.0 which
7    * accompanies this distribution, is reproduced below, and is
8    * available at http://www.eclipse.org/org/documents/edl-v10.php
9    *
10   * All rights reserved.
11   *
12   * Redistribution and use in source and binary forms, with or
13   * without modification, are permitted provided that the following
14   * conditions are met:
15   *
16   * - Redistributions of source code must retain the above copyright
17   *   notice, this list of conditions and the following disclaimer.
18   *
19   * - Redistributions in binary form must reproduce the above
20   *   copyright notice, this list of conditions and the following
21   *   disclaimer in the documentation and/or other materials provided
22   *   with the distribution.
23   *
24   * - Neither the name of the Eclipse Foundation, Inc. nor the
25   *   names of its contributors may be used to endorse or promote
26   *   products derived from this software without specific prior
27   *   written permission.
28   *
29   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
30   * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
31   * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
32   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
34   * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
35   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
36   * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
37   * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
38   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39   * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
41   * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42   */
43  package org.eclipse.jgit.util;
44  
45  import java.io.BufferedReader;
46  import java.io.File;
47  import java.io.IOException;
48  import java.io.InputStreamReader;
49  import java.io.PrintStream;
50  import java.nio.charset.Charset;
51  import java.nio.file.Files;
52  import java.nio.file.Path;
53  import java.nio.file.Paths;
54  import java.nio.file.attribute.PosixFilePermission;
55  import java.text.MessageFormat;
56  import java.util.ArrayList;
57  import java.util.Arrays;
58  import java.util.List;
59  import java.util.Optional;
60  import java.util.Set;
61  import java.util.UUID;
62  
63  import org.eclipse.jgit.annotations.Nullable;
64  import org.eclipse.jgit.api.errors.JGitInternalException;
65  import org.eclipse.jgit.errors.CommandFailedException;
66  import org.eclipse.jgit.errors.ConfigInvalidException;
67  import org.eclipse.jgit.internal.JGitText;
68  import org.eclipse.jgit.lib.ConfigConstants;
69  import org.eclipse.jgit.lib.Constants;
70  import org.eclipse.jgit.lib.Repository;
71  import org.eclipse.jgit.storage.file.FileBasedConfig;
72  import org.slf4j.Logger;
73  import org.slf4j.LoggerFactory;
74  
75  /**
76   * Base FS for POSIX based systems
77   *
78   * @since 3.0
79   */
80  public class FS_POSIX extends FS {
81  	private final static Logger LOG = LoggerFactory.getLogger(FS_POSIX.class);
82  
83  	private static final int DEFAULT_UMASK = 0022;
84  	private volatile int umask = -1;
85  
86  	private volatile boolean supportsUnixNLink = true;
87  
88  	private volatile Boolean supportsAtomicCreateNewFile;
89  
90  	/** Default constructor. */
91  	protected FS_POSIX() {
92  	}
93  
94  	/**
95  	 * Constructor
96  	 *
97  	 * @param src
98  	 *            FS to copy some settings from
99  	 */
100 	protected FS_POSIX(FS src) {
101 		super(src);
102 		if (src instanceof FS_POSIX) {
103 			umask = ((FS_POSIX) src).umask;
104 		}
105 	}
106 
107 	@SuppressWarnings("boxing")
108 	private void determineAtomicFileCreationSupport() {
109 		// @TODO: enhance SystemReader to support this without copying code
110 		Boolean ret = getAtomicFileCreationSupportOption(
111 				SystemReader.getInstance().openUserConfig(null, this));
112 		if (ret == null && StringUtils.isEmptyOrNull(SystemReader.getInstance()
113 				.getenv(Constants.GIT_CONFIG_NOSYSTEM_KEY))) {
114 			ret = getAtomicFileCreationSupportOption(
115 					SystemReader.getInstance().openSystemConfig(null, this));
116 		}
117 		supportsAtomicCreateNewFile = (ret == null) || ret;
118 	}
119 
120 	private Boolean getAtomicFileCreationSupportOption(FileBasedConfig config) {
121 		try {
122 			config.load();
123 			String value = config.getString(ConfigConstants.CONFIG_CORE_SECTION,
124 					null,
125 					ConfigConstants.CONFIG_KEY_SUPPORTSATOMICFILECREATION);
126 			if (value == null) {
127 				return null;
128 			}
129 			return Boolean.valueOf(StringUtils.toBoolean(value));
130 		} catch (IOException | ConfigInvalidException e) {
131 			return Boolean.TRUE;
132 		}
133 	}
134 
135 	@Override
136 	public FS newInstance() {
137 		return new FS_POSIX(this);
138 	}
139 
140 	/**
141 	 * Set the umask, overriding any value observed from the shell.
142 	 *
143 	 * @param umask
144 	 *            mask to apply when creating files.
145 	 * @since 4.0
146 	 */
147 	public void setUmask(int umask) {
148 		this.umask = umask;
149 	}
150 
151 	private int umask() {
152 		int u = umask;
153 		if (u == -1) {
154 			u = readUmask();
155 			umask = u;
156 		}
157 		return u;
158 	}
159 
160 	/** @return mask returned from running {@code umask} command in shell. */
161 	private static int readUmask() {
162 		try {
163 			Process p = Runtime.getRuntime().exec(
164 					new String[] { "sh", "-c", "umask" }, //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
165 					null, null);
166 			try (BufferedReader lineRead = new BufferedReader(
167 					new InputStreamReader(p.getInputStream(), Charset
168 							.defaultCharset().name()))) {
169 				if (p.waitFor() == 0) {
170 					String s = lineRead.readLine();
171 					if (s != null && s.matches("0?\\d{3}")) { //$NON-NLS-1$
172 						return Integer.parseInt(s, 8);
173 					}
174 				}
175 				return DEFAULT_UMASK;
176 			}
177 		} catch (Exception e) {
178 			return DEFAULT_UMASK;
179 		}
180 	}
181 
182 	@Override
183 	protected File discoverGitExe() {
184 		String path = SystemReader.getInstance().getenv("PATH"); //$NON-NLS-1$
185 		File gitExe = searchPath(path, "git"); //$NON-NLS-1$
186 
187 		if (gitExe == null) {
188 			if (SystemReader.getInstance().isMacOS()) {
189 				if (searchPath(path, "bash") != null) { //$NON-NLS-1$
190 					// On MacOSX, PATH is shorter when Eclipse is launched from the
191 					// Finder than from a terminal. Therefore try to launch bash as a
192 					// login shell and search using that.
193 					String w;
194 					try {
195 						w = readPipe(userHome(),
196 							new String[]{"bash", "--login", "-c", "which git"}, // //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$
197 							Charset.defaultCharset().name());
198 					} catch (CommandFailedException e) {
199 						LOG.warn(e.getMessage());
200 						return null;
201 					}
202 					if (!StringUtils.isEmptyOrNull(w)) {
203 						gitExe = new File(w);
204 					}
205 				}
206 			}
207 		}
208 
209 		return gitExe;
210 	}
211 
212 	@Override
213 	public boolean isCaseSensitive() {
214 		return !SystemReader.getInstance().isMacOS();
215 	}
216 
217 	@Override
218 	public boolean supportsExecute() {
219 		return true;
220 	}
221 
222 	@Override
223 	public boolean canExecute(File f) {
224 		return FileUtils.canExecute(f);
225 	}
226 
227 	@Override
228 	public boolean setExecute(File f, boolean canExecute) {
229 		if (!isFile(f))
230 			return false;
231 		if (!canExecute)
232 			return f.setExecutable(false);
233 
234 		try {
235 			Path path = f.toPath();
236 			Set<PosixFilePermission> pset = Files.getPosixFilePermissions(path);
237 
238 			// owner (user) is always allowed to execute.
239 			pset.add(PosixFilePermission.OWNER_EXECUTE);
240 
241 			int mask = umask();
242 			apply(pset, mask, PosixFilePermission.GROUP_EXECUTE, 1 << 3);
243 			apply(pset, mask, PosixFilePermission.OTHERS_EXECUTE, 1);
244 			Files.setPosixFilePermissions(path, pset);
245 			return true;
246 		} catch (IOException e) {
247 			// The interface doesn't allow to throw IOException
248 			final boolean debug = Boolean.parseBoolean(SystemReader
249 					.getInstance().getProperty("jgit.fs.debug")); //$NON-NLS-1$
250 			if (debug)
251 				System.err.println(e);
252 			return false;
253 		}
254 	}
255 
256 	private static void apply(Set<PosixFilePermission> set,
257 			int umask, PosixFilePermission perm, int test) {
258 		if ((umask & test) == 0) {
259 			// If bit is clear in umask, permission is allowed.
260 			set.add(perm);
261 		} else {
262 			// If bit is set in umask, permission is denied.
263 			set.remove(perm);
264 		}
265 	}
266 
267 	@Override
268 	public ProcessBuilder runInShell(String cmd, String[] args) {
269 		List<String> argv = new ArrayList<>(4 + args.length);
270 		argv.add("sh"); //$NON-NLS-1$
271 		argv.add("-c"); //$NON-NLS-1$
272 		argv.add(cmd + " \"$@\""); //$NON-NLS-1$
273 		argv.add(cmd);
274 		argv.addAll(Arrays.asList(args));
275 		ProcessBuilder proc = new ProcessBuilder();
276 		proc.command(argv);
277 		return proc;
278 	}
279 
280 	/**
281 	 * @since 4.0
282 	 */
283 	@Override
284 	public ProcessResult runHookIfPresent(Repository repository, String hookName,
285 			String[] args, PrintStream outRedirect, PrintStream errRedirect,
286 			String stdinArgs) throws JGitInternalException {
287 		return internalRunHookIfPresent(repository, hookName, args, outRedirect,
288 				errRedirect, stdinArgs);
289 	}
290 
291 	@Override
292 	public boolean retryFailedLockFileCommit() {
293 		return false;
294 	}
295 
296 	@Override
297 	public boolean supportsSymlinks() {
298 		return true;
299 	}
300 
301 	@Override
302 	public void setHidden(File path, boolean hidden) throws IOException {
303 		// no action on POSIX
304 	}
305 
306 	/**
307 	 * @since 3.3
308 	 */
309 	@Override
310 	public Attributes getAttributes(File path) {
311 		return FileUtils.getFileAttributesPosix(this, path);
312 	}
313 
314 	/**
315 	 * @since 3.3
316 	 */
317 	@Override
318 	public File normalize(File file) {
319 		return FileUtils.normalize(file);
320 	}
321 
322 	/**
323 	 * @since 3.3
324 	 */
325 	@Override
326 	public String normalize(String name) {
327 		return FileUtils.normalize(name);
328 	}
329 
330 	/**
331 	 * @since 3.7
332 	 */
333 	@Override
334 	public File findHook(Repository repository, String hookName) {
335 		final File gitdir = repository.getDirectory();
336 		if (gitdir == null) {
337 			return null;
338 		}
339 		final Path hookPath = gitdir.toPath().resolve(Constants.HOOKS)
340 				.resolve(hookName);
341 		if (Files.isExecutable(hookPath))
342 			return hookPath.toFile();
343 		return null;
344 	}
345 
346 	@Override
347 	public boolean supportsAtomicCreateNewFile() {
348 		if (supportsAtomicCreateNewFile == null) {
349 			determineAtomicFileCreationSupport();
350 		}
351 		return supportsAtomicCreateNewFile.booleanValue();
352 	}
353 
354 	@Override
355 	@SuppressWarnings("boxing")
356 	/**
357 	 * An implementation of the File#createNewFile() semantics which works also
358 	 * on NFS. If the config option
359 	 * {@code core.supportsAtomicCreateNewFile = true} (which is the default)
360 	 * then simply File#createNewFile() is called.
361 	 *
362 	 * But if {@code core.supportsAtomicCreateNewFile = false} then after
363 	 * successful creation of the lock file a hardlink to that lock file is
364 	 * created and the attribute nlink of the lock file is checked to be 2. If
365 	 * multiple clients manage to create the same lock file nlink would be
366 	 * greater than 2 showing the error.
367 	 *
368 	 * @see "https://www.time-travellers.org/shane/papers/NFS_considered_harmful.html"
369 	 *
370 	 * @deprecated use {@link FS_POSIX#createNewFileAtomic(File)} instead
371 	 * @since 4.5
372 	 */
373 	@Deprecated
374 	public boolean createNewFile(File lock) throws IOException {
375 		if (!lock.createNewFile()) {
376 			return false;
377 		}
378 		if (supportsAtomicCreateNewFile() || !supportsUnixNLink) {
379 			return true;
380 		}
381 		Path lockPath = lock.toPath();
382 		Path link = null;
383 		try {
384 			link = Files.createLink(
385 					Paths.get(lock.getAbsolutePath() + ".lnk"), //$NON-NLS-1$
386 					lockPath);
387 			Integer nlink = (Integer) (Files.getAttribute(lockPath,
388 					"unix:nlink")); //$NON-NLS-1$
389 			if (nlink > 2) {
390 				LOG.warn("nlink of link to lock file {0} was not 2 but {1}", //$NON-NLS-1$
391 						lock.getPath(), nlink);
392 				return false;
393 			} else if (nlink < 2) {
394 				supportsUnixNLink = false;
395 			}
396 			return true;
397 		} catch (UnsupportedOperationException | IllegalArgumentException e) {
398 			supportsUnixNLink = false;
399 			return true;
400 		} finally {
401 			if (link != null) {
402 				Files.delete(link);
403 			}
404 		}
405 	}
406 
407 	/**
408 	 * {@inheritDoc}
409 	 * <p>
410 	 * An implementation of the File#createNewFile() semantics which can create
411 	 * a unique file atomically also on NFS. If the config option
412 	 * {@code core.supportsAtomicCreateNewFile = true} (which is the default)
413 	 * then simply File#createNewFile() is called.
414 	 *
415 	 * But if {@code core.supportsAtomicCreateNewFile = false} then after
416 	 * successful creation of the lock file a hard link to that lock file is
417 	 * created and the attribute nlink of the lock file is checked to be 2. If
418 	 * multiple clients manage to create the same lock file nlink would be
419 	 * greater than 2 showing the error. The hard link needs to be retained
420 	 * until the corresponding file is no longer needed in order to prevent that
421 	 * another process can create the same file concurrently using another NFS
422 	 * client which might not yet see the file due to caching.
423 	 *
424 	 * @see "https://www.time-travellers.org/shane/papers/NFS_considered_harmful.html"
425 	 * @param file
426 	 *            the unique file to be created atomically
427 	 * @return LockToken this lock token must be held until the file is no
428 	 *         longer needed
429 	 * @throws IOException
430 	 * @since 5.0
431 	 */
432 	@Override
433 	public LockToken createNewFileAtomic(File file) throws IOException {
434 		if (!file.createNewFile()) {
435 			return token(false, null);
436 		}
437 		if (supportsAtomicCreateNewFile() || !supportsUnixNLink) {
438 			return token(true, null);
439 		}
440 		Path link = null;
441 		Path path = file.toPath();
442 		try {
443 			link = Files.createLink(Paths.get(uniqueLinkPath(file)), path);
444 			Integer nlink = (Integer) (Files.getAttribute(path,
445 					"unix:nlink")); //$NON-NLS-1$
446 			if (nlink.intValue() > 2) {
447 				LOG.warn(MessageFormat.format(
448 						JGitText.get().failedAtomicFileCreation, path, nlink));
449 				return token(false, link);
450 			} else if (nlink.intValue() < 2) {
451 				supportsUnixNLink = false;
452 			}
453 			return token(true, link);
454 		} catch (UnsupportedOperationException | IllegalArgumentException e) {
455 			supportsUnixNLink = false;
456 			return token(true, link);
457 		}
458 	}
459 
460 	private static LockToken token(boolean created, @Nullable Path p) {
461 		return ((p != null) && Files.exists(p))
462 				? new LockToken(created, Optional.of(p))
463 				: new LockToken(created, Optional.empty());
464 	}
465 
466 	private static String uniqueLinkPath(File file) {
467 		UUID id = UUID.randomUUID();
468 		return file.getAbsolutePath() + "." //$NON-NLS-1$
469 				+ Long.toHexString(id.getMostSignificantBits())
470 				+ Long.toHexString(id.getLeastSignificantBits());
471 	}
472 }