From: Tian Yuchen <a3205153416@gmail.com>
To: git@vger.kernel.org
Cc: gitster@pobox.com, karthik.188@gmail.com, phillip.wood@dunelm.org.uk
Subject: [PATCH v12] setup: improve error diagnosis for invalid .git files
Date: Wed, 4 Mar 2026 22:15:26 +0800 [thread overview]
Message-ID: <20260304141526.37764-1-a3205153416@gmail.com> (raw)
In-Reply-To: <20260223074410.917523-1-a3205153416@gmail.com>
'read_gitfile_gently()' treats any non-regular file as
'READ_GITFILE_ERR_NOT_A_FILE' and fails to discern between 'ENOENT'
and other stat failures. This flawed error reporting is noted by two
'NEEDSWORK' comments.
Address these comments by introducing two new error codes:
'READ_GITFILE_ERR_MISSING'(which groups the "file missing" scenarios
together) and 'READ_GITFILE_ERR_IS_A_DIR':
1. Update 'read_gitfile_error_die()' to treat 'IS_A_DIR', 'MISSING',
'NOT_A_FILE' and 'STAT_FAILED' as non-fatal no-ops. This accommodates
intentional non-repo scenarios (e.g., GIT_DIR=/dev/null).
2. Explicitly catch 'NOT_A_FILE' and 'STAT_FAILED' during
discovery and call 'die()' if 'die_on_error' is set.
3. Unconditionally pass '&error_code' to 'read_gitfile_gently()'.
4. Only invoke 'is_git_directory()' when we explicitly receive
'READ_GITFILE_ERR_IS_A_DIR', avoiding redundant checks.
Additionally, audit external callers of 'read_gitfile_gently()' in
'submodule.c' and 'worktree.c' to accommodate the refined error codes.
Signed-off-by: Tian Yuchen <a3205153416@gmail.com>
---
To be honest, I've really gotten myself all tangled up.
Skill issue :(
Feel free to point out all the stupid mistakes I made.
I'm very uncertain about whether my changes in
setup_git_directory_gently_1() are appropriate.
But least all CI tests passed.
By the way, the replies in my email inbox look particularly messy.
When sending a new patch, which email should I reply to? Should I
reply to the previous patch, or, start a new thread?
setup.c | 47 ++++++++++++++++-----
setup.h | 2 +
submodule.c | 2 +-
t/meson.build | 1 +
t/t0009-git-dir-validation.sh | 77 +++++++++++++++++++++++++++++++++++
worktree.c | 6 ++-
6 files changed, 121 insertions(+), 14 deletions(-)
create mode 100755 t/t0009-git-dir-validation.sh
diff --git a/setup.c b/setup.c
index c8336eb20e..3bf96516ba 100644
--- a/setup.c
+++ b/setup.c
@@ -897,8 +897,10 @@ int verify_repository_format(const struct repository_format *format,
void read_gitfile_error_die(int error_code, const char *path, const char *dir)
{
switch (error_code) {
- case READ_GITFILE_ERR_STAT_FAILED:
case READ_GITFILE_ERR_NOT_A_FILE:
+ case READ_GITFILE_ERR_STAT_FAILED:
+ case READ_GITFILE_ERR_MISSING:
+ case READ_GITFILE_ERR_IS_A_DIR:
/* non-fatal; follow return path */
break;
case READ_GITFILE_ERR_OPEN_FAILED:
@@ -941,8 +943,14 @@ const char *read_gitfile_gently(const char *path, int *return_error_code)
static struct strbuf realpath = STRBUF_INIT;
if (stat(path, &st)) {
- /* NEEDSWORK: discern between ENOENT vs other errors */
- error_code = READ_GITFILE_ERR_STAT_FAILED;
+ if (errno == ENOENT || errno == ENOTDIR)
+ error_code = READ_GITFILE_ERR_MISSING;
+ else
+ error_code = READ_GITFILE_ERR_STAT_FAILED;
+ goto cleanup_return;
+ }
+ if (S_ISDIR(st.st_mode)) {
+ error_code = READ_GITFILE_ERR_IS_A_DIR;
goto cleanup_return;
}
if (!S_ISREG(st.st_mode)) {
@@ -1578,20 +1586,37 @@ static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
if (offset > min_offset)
strbuf_addch(dir, '/');
strbuf_addstr(dir, DEFAULT_GIT_DIR_ENVIRONMENT);
- gitdirenv = read_gitfile_gently(dir->buf, die_on_error ?
- NULL : &error_code);
+ gitdirenv = read_gitfile_gently(dir->buf, &error_code);
if (!gitdirenv) {
- if (die_on_error ||
- error_code == READ_GITFILE_ERR_NOT_A_FILE) {
- /* NEEDSWORK: fail if .git is not file nor dir */
+ switch (error_code) {
+ case READ_GITFILE_ERR_MISSING:
+ /* no .git in this directory, move on */
+ break;
+ case READ_GITFILE_ERR_IS_A_DIR:
if (is_git_directory(dir->buf)) {
gitdirenv = DEFAULT_GIT_DIR_ENVIRONMENT;
gitdir_path = xstrdup(dir->buf);
}
- } else if (error_code != READ_GITFILE_ERR_STAT_FAILED)
- return GIT_DIR_INVALID_GITFILE;
- } else
+ break;
+ case READ_GITFILE_ERR_STAT_FAILED:
+ if (die_on_error)
+ die(_("error reading '%s'"), dir->buf);
+ else
+ return GIT_DIR_INVALID_GITFILE;
+ case READ_GITFILE_ERR_NOT_A_FILE:
+ if (die_on_error)
+ die(_("not a regular file: '%s'"), dir->buf);
+ else
+ return GIT_DIR_INVALID_GITFILE;
+ default:
+ if (die_on_error)
+ read_gitfile_error_die(error_code, dir->buf, NULL);
+ else
+ return GIT_DIR_INVALID_GITFILE;
+ }
+ } else {
gitfile = xstrdup(dir->buf);
+ }
/*
* Earlier, we tentatively added DEFAULT_GIT_DIR_ENVIRONMENT
* to check that directory for a repository.
diff --git a/setup.h b/setup.h
index 0738dec244..76fb260c20 100644
--- a/setup.h
+++ b/setup.h
@@ -36,6 +36,8 @@ int is_nonbare_repository_dir(struct strbuf *path);
#define READ_GITFILE_ERR_NO_PATH 6
#define READ_GITFILE_ERR_NOT_A_REPO 7
#define READ_GITFILE_ERR_TOO_LARGE 8
+#define READ_GITFILE_ERR_MISSING 9
+#define READ_GITFILE_ERR_IS_A_DIR 10
void read_gitfile_error_die(int error_code, const char *path, const char *dir);
const char *read_gitfile_gently(const char *path, int *return_error_code);
#define read_gitfile(path) read_gitfile_gently((path), NULL)
diff --git a/submodule.c b/submodule.c
index 508938e4da..767d4c3c35 100644
--- a/submodule.c
+++ b/submodule.c
@@ -2559,7 +2559,7 @@ void absorb_git_dir_into_superproject(const char *path,
const struct submodule *sub;
struct strbuf sub_gitdir = STRBUF_INIT;
- if (err_code == READ_GITFILE_ERR_STAT_FAILED) {
+ if (err_code == READ_GITFILE_ERR_MISSING) {
/* unpopulated as expected */
strbuf_release(&gitdir);
return;
diff --git a/t/meson.build b/t/meson.build
index f80e366cff..c4afaacee5 100644
--- a/t/meson.build
+++ b/t/meson.build
@@ -80,6 +80,7 @@ integration_tests = [
't0006-date.sh',
't0007-git-var.sh',
't0008-ignores.sh',
+ 't0009-git-dir-validation.sh',
't0010-racy-git.sh',
't0012-help.sh',
't0013-sha1dc.sh',
diff --git a/t/t0009-git-dir-validation.sh b/t/t0009-git-dir-validation.sh
new file mode 100755
index 0000000000..33d21ed9ea
--- /dev/null
+++ b/t/t0009-git-dir-validation.sh
@@ -0,0 +1,77 @@
+#!/bin/sh
+
+test_description='setup: validation of .git file/directory types
+
+Verify that setup_git_directory() correctly handles:
+1. Valid .git directories (including symlinks to them).
+2. Invalid .git files (FIFOs, sockets) by erroring out.
+3. Invalid .git files (garbage) by erroring out.
+'
+
+. ./test-lib.sh
+
+test_expect_success 'setup: create parent git repository' '
+ git init parent &&
+ test_commit -C parent "root-commit"
+'
+
+test_expect_success SYMLINKS 'setup: .git as a symlink to a directory is valid' '
+ test_when_finished "rm -rf parent/link-to-dir" &&
+ mkdir -p parent/link-to-dir &&
+ (
+ cd parent/link-to-dir &&
+ git init real-repo &&
+ ln -s real-repo/.git .git &&
+ git rev-parse --git-dir >actual &&
+ echo .git >expect &&
+ test_cmp expect actual
+ )
+'
+
+test_expect_success PIPE 'setup: .git as a FIFO (named pipe) is rejected' '
+ test_when_finished "rm -rf parent/fifo-trap" &&
+ mkdir -p parent/fifo-trap &&
+ (
+ cd parent/fifo-trap &&
+ mkfifo .git &&
+ test_must_fail git rev-parse --git-dir 2>stderr &&
+ grep "not a regular file" stderr
+ )
+'
+
+test_expect_success SYMLINKS,PIPE 'setup: .git as a symlink to a FIFO is rejected' '
+ test_when_finished "rm -rf parent/symlink-fifo-trap" &&
+ mkdir -p parent/symlink-fifo-trap &&
+ (
+ cd parent/symlink-fifo-trap &&
+ mkfifo target-fifo &&
+ ln -s target-fifo .git &&
+ test_must_fail git rev-parse --git-dir 2>stderr &&
+ grep "not a regular file" stderr
+ )
+'
+
+test_expect_success 'setup: .git with garbage content is rejected' '
+ test_when_finished "rm -rf parent/garbage-trap" &&
+ mkdir -p parent/garbage-trap &&
+ (
+ cd parent/garbage-trap &&
+ echo "garbage" >.git &&
+ test_must_fail git rev-parse --git-dir 2>stderr &&
+ grep "invalid gitfile format" stderr
+ )
+'
+
+test_expect_success 'setup: .git as an empty directory is ignored' '
+ test_when_finished "rm -rf parent/empty-dir" &&
+ mkdir -p parent/empty-dir &&
+ (
+ cd parent/empty-dir &&
+ git rev-parse --git-dir >expect &&
+ mkdir .git &&
+ git rev-parse --git-dir >actual &&
+ test_cmp expect actual
+ )
+'
+
+test_done
diff --git a/worktree.c b/worktree.c
index 9308389cb6..d1165e1d1c 100644
--- a/worktree.c
+++ b/worktree.c
@@ -653,7 +653,8 @@ static void repair_gitfile(struct worktree *wt,
}
}
- if (err == READ_GITFILE_ERR_NOT_A_FILE)
+ if (err == READ_GITFILE_ERR_NOT_A_FILE ||
+ err == READ_GITFILE_ERR_IS_A_DIR)
fn(1, wt->path, _(".git is not a file"), cb_data);
else if (err)
repair = _(".git file broken");
@@ -833,7 +834,8 @@ void repair_worktree_at_path(const char *path,
strbuf_addstr(&backlink, dotgit_contents);
strbuf_realpath_forgiving(&backlink, backlink.buf, 0);
}
- } else if (err == READ_GITFILE_ERR_NOT_A_FILE) {
+ } else if (err == READ_GITFILE_ERR_NOT_A_FILE ||
+ err == READ_GITFILE_ERR_IS_A_DIR) {
fn(1, dotgit.buf, _("unable to locate repository; .git is not a file"), cb_data);
goto done;
} else if (err == READ_GITFILE_ERR_NOT_A_REPO) {
--
2.43.0
prev parent reply other threads:[~2026-03-04 14:15 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-18 12:46 [PATCH v6 0/2] setup: allow cwd/.git to be a symlink to a directory Tian Yuchen
2026-02-18 12:46 ` [PATCH v6 1/2] setup: distinguish ENOENT from other stat errors Tian Yuchen
2026-02-18 12:46 ` [PATCH v6 2/2] setup: allow cwd/.git to be a symlink to a directory Tian Yuchen
2026-02-19 7:16 ` [PATCH v7] " Tian Yuchen
2026-02-20 3:40 ` Junio C Hamano
2026-02-20 16:27 ` Tian Yuchen
2026-02-20 16:45 ` [PATCH v8] " Tian Yuchen
2026-02-20 18:00 ` Junio C Hamano
2026-02-21 8:10 ` Tian Yuchen
2026-02-21 17:20 ` Junio C Hamano
2026-02-22 3:22 ` Tian Yuchen
2026-02-21 8:30 ` [PATCH v9] setup: improve error diagnosis for invalid .git files Tian Yuchen
2026-02-22 5:42 ` Junio C Hamano
2026-02-22 10:28 ` Tian Yuchen
2026-02-22 10:29 ` [PATCH v10] " Tian Yuchen
2026-02-22 16:53 ` Karthik Nayak
2026-02-23 7:00 ` Tian Yuchen
2026-02-22 22:23 ` Junio C Hamano
2026-02-23 0:23 ` Junio C Hamano
2026-02-23 3:35 ` Tian Yuchen
2026-02-23 5:10 ` Junio C Hamano
2026-02-23 15:39 ` Junio C Hamano
2026-02-23 17:17 ` Tian Yuchen
2026-02-23 19:27 ` Junio C Hamano
2026-02-24 10:23 ` Tian Yuchen
2026-02-24 17:01 ` Tian Yuchen
2026-02-25 2:50 ` Junio C Hamano
2026-02-25 16:03 ` Tian Yuchen
2026-02-23 7:44 ` [PATCH v11] " Tian Yuchen
2026-02-26 23:03 ` Junio C Hamano
2026-02-27 5:26 ` Tian Yuchen
2026-02-27 22:20 ` Junio C Hamano
2026-02-28 4:38 ` Tian Yuchen
2026-03-02 16:26 ` Junio C Hamano
2026-03-03 19:31 ` Phillip Wood
2026-03-04 5:39 ` Junio C Hamano
2026-03-04 11:03 ` Tian Yuchen
2026-03-04 16:53 ` Junio C Hamano
2026-03-04 17:35 ` Tian Yuchen
2026-03-04 18:06 ` Junio C Hamano
2026-03-04 18:41 ` Tian Yuchen
2026-03-04 22:50 ` Junio C Hamano
2026-03-05 12:40 ` Tian Yuchen
2026-03-09 23:30 ` Junio C Hamano
2026-03-04 14:15 ` Tian Yuchen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260304141526.37764-1-a3205153416@gmail.com \
--to=a3205153416@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=karthik.188@gmail.com \
--cc=phillip.wood@dunelm.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox