Merge pull request #1864 from pjbgf/v5-issue-55

pjbgf · web-flow · commit bdf06885bdaa · 2026-02-25T12:41:51.000Z
storage: filesystem, Avoid overwriting loose obj files
diff --git a/go.mod b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/emirpasic/gods v1.18.1
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376
-	github.com/go-git/go-billy/v5 v5.6.2
+	github.com/go-git/go-billy/v5 v5.8.0
 	github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8
 	github.com/google/go-cmp v0.7.0
diff --git a/go.sum b/go.sum
@@ -25,8 +25,8 @@ github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
 github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
-github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
+github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0=
+github.com/go-git/go-billy/v5 v5.8.0/go.mod h1:RpvI/rw4Vr5QA+Z60c6d6LXH0rYJo0uD5SqfmrrheCY=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
 github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
diff --git a/storage/filesystem/dotgit/dotgit_test.go b/storage/filesystem/dotgit/dotgit_test.go
@@ -18,6 +18,7 @@ import (
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/storage"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	. "gopkg.in/check.v1"
 )
 
@@ -1094,3 +1095,61 @@ func (s *SuiteDotGit) TestSetPackedRef(c *C) {
 	c.Assert(err, IsNil)
 	c.Assert(looseCount, Equals, 1)
 }
+
+func TestIssue55(t *testing.T) {
+	t.Parallel()
+
+	writeObject := func(fs billy.Filesystem) {
+		t.Helper()
+
+		dir := New(fs)
+		err := dir.Initialize()
+		require.NoError(t, err)
+
+		w, err := dir.NewObject()
+		require.NoError(t, err)
+
+		err = w.WriteHeader(plumbing.BlobObject, 14)
+		require.NoError(t, err)
+		n, err := w.Write([]byte("this is a test"))
+		require.NoError(t, err)
+		assert.Equal(t, 14, n)
+
+		assert.Equal(t, "a8a940627d132695a9769df883f85992f0ff4a43", w.Hash().String())
+
+		err = w.Close()
+		require.NoError(t, err)
+	}
+
+	for _, tc := range []struct {
+		name string
+		fs   billy.Filesystem
+	}{
+		{"BoundOS", osfs.New(t.TempDir(), osfs.WithBoundOS())},
+		{"ChrootOS", osfs.New(t.TempDir(), osfs.WithChrootOS())},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+			path := filepath.Join("objects", "a8", "a940627d132695a9769df883f85992f0ff4a43")
+
+			writeObject(tc.fs)
+			i, err := tc.fs.Stat(path)
+			require.NoError(t, err)
+			assert.Equal(t, int64(34), i.Size())
+
+			ro, err := isReadOnly(tc.fs, path)
+			require.NoError(t, err)
+			assert.True(t, ro, "file %q is not read-only", path)
+
+			// Recreate the same object.
+			writeObject(tc.fs)
+			i, err = tc.fs.Stat(path)
+			require.NoError(t, err)
+			assert.Equal(t, int64(34), i.Size())
+
+			ro, err = isReadOnly(tc.fs, path)
+			require.NoError(t, err)
+			assert.True(t, ro, "file %q is not read-only", path)
+		})
+	}
+}
diff --git a/storage/filesystem/dotgit/writers.go b/storage/filesystem/dotgit/writers.go
@@ -3,6 +3,7 @@ package dotgit
 import (
 	"fmt"
 	"io"
+	"os"
 	"sync/atomic"
 
 	"github.com/go-git/go-git/v5/plumbing"
@@ -137,14 +138,22 @@ func (w *PackWriter) save() error {
 	}
 
 	if err := w.encodeIdx(idx); err != nil {
+		_ = idx.Close()
 		return err
 	}
 
 	if err := idx.Close(); err != nil {
 		return err
 	}
+	fixPermissions(w.fs, fmt.Sprintf("%s.idx", base))
 
-	return w.fs.Rename(w.fw.Name(), fmt.Sprintf("%s.pack", base))
+	packPath := fmt.Sprintf("%s.pack", base)
+	if err := w.fs.Rename(w.fw.Name(), packPath); err != nil {
+		return err
+	}
+	fixPermissions(w.fs, packPath)
+
+	return nil
 }
 
 func (w *PackWriter) encodeIdx(writer io.Writer) error {
@@ -281,5 +290,17 @@ func (w *ObjectWriter) save() error {
 	hex := w.Hash().String()
 	file := w.fs.Join(objectsPath, hex[0:2], hex[2:hash.HexSize])
 
-	return w.fs.Rename(w.f.Name(), file)
+	// Loose objects are content addressable, if they already exist
+	// we can safely delete the temporary file and short-circuit the
+	// operation.
+	if _, err := w.fs.Stat(file); err == nil || os.IsExist(err) {
+		return w.fs.Remove(w.f.Name())
+	}
+
+	if err := w.fs.Rename(w.f.Name(), file); err != nil {
+		return err
+	}
+	fixPermissions(w.fs, file)
+
+	return nil
 }
diff --git a/storage/filesystem/dotgit/writers_test.go b/storage/filesystem/dotgit/writers_test.go
@@ -4,13 +4,18 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"path/filepath"
 	"strconv"
+	"testing"
 
+	"github.com/go-git/go-billy/v5"
 	"github.com/go-git/go-billy/v5/osfs"
 	"github.com/go-git/go-billy/v5/util"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/format/idxfile"
 	"github.com/go-git/go-git/v5/plumbing/format/packfile"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	fixtures "github.com/go-git/go-git-fixtures/v4"
 	. "gopkg.in/check.v1"
@@ -135,3 +140,78 @@ func (s *SuiteDotGit) TestPackWriterUnusedNotify(c *C) {
 
 	c.Assert(w.Close(), IsNil)
 }
+
+func TestPackWriterPermissions(t *testing.T) {
+	t.Parallel()
+
+	for _, tc := range []struct {
+		name string
+		fs   billy.Filesystem
+	}{
+		{"BoundOS", osfs.New(t.TempDir(), osfs.WithBoundOS())},
+		{"ChrootOS", osfs.New(t.TempDir(), osfs.WithChrootOS())},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			f := fixtures.Basic().One()
+
+			dot := New(tc.fs)
+			require.NoError(t, dot.Initialize())
+
+			w, err := dot.NewObjectPack()
+			require.NoError(t, err)
+
+			_, err = io.Copy(w, f.Packfile())
+			require.NoError(t, err)
+
+			require.NoError(t, w.Close())
+
+			pfPath := filepath.Join("objects", "pack", fmt.Sprintf("pack-%s.pack", f.PackfileHash))
+			idxPath := filepath.Join("objects", "pack", fmt.Sprintf("pack-%s.idx", f.PackfileHash))
+
+			ro, err := isReadOnly(tc.fs, pfPath)
+			require.NoError(t, err)
+			assert.True(t, ro, "file %q is not read-only", pfPath)
+
+			ro, err = isReadOnly(tc.fs, idxPath)
+			require.NoError(t, err)
+			assert.True(t, ro, "file %q is not read-only", idxPath)
+		})
+	}
+}
+
+func TestObjectWriterPermissions(t *testing.T) {
+	t.Parallel()
+
+	for _, tc := range []struct {
+		name string
+		fs   billy.Filesystem
+	}{
+		{"BoundOS", osfs.New(t.TempDir(), osfs.WithBoundOS())},
+		{"ChrootOS", osfs.New(t.TempDir(), osfs.WithChrootOS())},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			dot := New(tc.fs)
+			require.NoError(t, dot.Initialize())
+
+			w, err := dot.NewObject()
+			require.NoError(t, err)
+
+			err = w.WriteHeader(plumbing.BlobObject, 14)
+			require.NoError(t, err)
+
+			_, err = w.Write([]byte("this is a test"))
+			require.NoError(t, err)
+
+			require.NoError(t, w.Close())
+
+			path := filepath.Join("objects", "a8", "a940627d132695a9769df883f85992f0ff4a43")
+			ro, err := isReadOnly(tc.fs, path)
+			require.NoError(t, err)
+			assert.True(t, ro, "file %q is not read-only", path)
+		})
+	}
+}
diff --git a/storage/filesystem/dotgit/writers_unix.go b/storage/filesystem/dotgit/writers_unix.go
@@ -0,0 +1,29 @@
+//go:build !windows
+
+package dotgit
+
+import (
+	"github.com/go-git/go-billy/v5"
+	"github.com/go-git/go-git/v5/utils/trace"
+)
+
+func fixPermissions(fs billy.Filesystem, path string) {
+	if chmodFS, ok := fs.(billy.Chmod); ok {
+		if err := chmodFS.Chmod(path, 0o444); err != nil {
+			trace.General.Printf("failed to chmod %s: %v", path, err)
+		}
+	}
+}
+
+func isReadOnly(fs billy.Filesystem, path string) (bool, error) {
+	fi, err := fs.Stat(path)
+	if err != nil {
+		return false, err
+	}
+
+	if fi.Mode().Perm() == 0o444 {
+		return true, nil
+	}
+
+	return false, nil
+}
diff --git a/storage/filesystem/dotgit/writers_windows.go b/storage/filesystem/dotgit/writers_windows.go
@@ -0,0 +1,58 @@
+//go:build windows
+
+package dotgit
+
+import (
+	"fmt"
+	"path/filepath"
+
+	"github.com/go-git/go-billy/v5"
+	"github.com/go-git/go-git/v5/utils/trace"
+	"golang.org/x/sys/windows"
+)
+
+func fixPermissions(fs billy.Filesystem, path string) {
+	fullpath := filepath.Join(fs.Root(), path)
+	p, err := windows.UTF16PtrFromString(fullpath)
+	if err != nil {
+		trace.General.Printf("failed to chmod %s: %v", fullpath, err)
+		return
+	}
+
+	attrs, err := windows.GetFileAttributes(p)
+	if err != nil {
+		trace.General.Printf("failed to chmod %s: %v", fullpath, err)
+		return
+	}
+
+	if attrs&windows.FILE_ATTRIBUTE_READONLY != 0 {
+		return
+	}
+
+	err = windows.SetFileAttributes(p,
+		attrs|windows.FILE_ATTRIBUTE_READONLY,
+	)
+
+	if err != nil {
+		trace.General.Printf("failed to chmod %s: %v", fullpath, err)
+	}
+}
+
+func isReadOnly(fs billy.Filesystem, path string) (bool, error) {
+	fullpath := filepath.Join(fs.Root(), path)
+	p, err := windows.UTF16PtrFromString(fullpath)
+	if err != nil {
+		return false, fmt.Errorf("%w: %q", err, fullpath)
+	}
+
+	attrs, err := windows.GetFileAttributes(p)
+	if err != nil {
+		return false, fmt.Errorf("%w: %q", err, fullpath)
+	}
+
+	if attrs&windows.FILE_ATTRIBUTE_READONLY != 0 {
+		return true, nil
+	}
+
+	return false, nil
+}
