Merge branch 'davidkna-discover-x-fs'

Byron · Byron · commit 9abaeda2d22e · 2022-05-22T08:50:50.000+08:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/git-discover/Cargo.toml b/git-discover/Cargo.toml
@@ -25,3 +25,7 @@ thiserror = "1.0.26"
 [dev-dependencies]
 git-testtools = { path = "../tests/tools" }
 is_ci = "1.1.1"
+
+[target.'cfg(target_os = "macos")'.dev-dependencies]
+defer = "0.1.0"
+tempfile = "3.2.0"
diff --git a/git-discover/src/upwards.rs b/git-discover/src/upwards.rs
@@ -10,6 +10,8 @@ pub enum Error {
     NoGitRepository { path: PathBuf },
     #[error("Could find a git repository in '{}' or in any of its parents within ceiling height of {}", .path.display(), .ceiling_height)]
     NoGitRepositoryWithinCeiling { path: PathBuf, ceiling_height: usize },
+    #[error("Could find a git repository in '{}' or in any of its parents within device limits below '{}'", .path.display(), .limit.display())]
+    NoGitRepositoryWithinFs { path: PathBuf, limit: PathBuf },
     #[error("None of the passed ceiling directories prefixed the git-dir candidate, making them ineffective.")]
     NoMatchingCeilingDir,
     #[error("Could find a trusted git repository in '{}' or in any of its parents, candidate at '{}' discarded", .path.display(), .candidate.display())]
@@ -38,6 +40,11 @@ pub struct Options<'a> {
     pub ceiling_dirs: &'a [PathBuf],
     /// If true, and `ceiling_dirs` is not empty, we expect at least one ceiling directory to match or else there will be an error.
     pub match_ceiling_dir_or_error: bool,
+    /// if `true` avoid crossing filesystem boundaries.
+    /// Only supported on Unix-like systems.
+    // TODO: test on Linux
+    // TODO: Handle WASI once https://github.com/rust-lang/rust/issues/71213 is resolved
+    pub cross_fs: bool,
 }
 
 impl Default for Options<'_> {
@@ -46,11 +53,14 @@ impl Default for Options<'_> {
             required_trust: git_sec::Trust::Reduced,
             ceiling_dirs: &[],
             match_ceiling_dir_or_error: true,
+            cross_fs: false,
         }
     }
 }
 
 pub(crate) mod function {
+    #[cfg(unix)]
+    use std::fs;
     use std::path::{Path, PathBuf};
 
     use git_sec::Trust;
@@ -63,12 +73,14 @@ pub(crate) mod function {
     ///
     /// Fail if no valid-looking git repository could be found.
     // TODO: tests for trust-based discovery
+    #[cfg_attr(not(unix), allow(unused_variables))]
     pub fn discover_opts(
         directory: impl AsRef<Path>,
         Options {
             required_trust,
             ceiling_dirs,
             match_ceiling_dir_or_error,
+            cross_fs,
         }: Options<'_>,
     ) -> Result<(crate::repository::Path, Trust), Error> {
         // Absolutize the path so that `Path::parent()` _actually_ gives
@@ -77,7 +89,11 @@ pub(crate) mod function {
         // working with paths paths that contain '..'.)
         let cwd = std::env::current_dir().ok();
         let dir = git_path::absolutize(directory.as_ref(), cwd.as_deref());
-        if !dir.is_dir() {
+        let dir_metadata = dir.metadata().map_err(|_| Error::InaccessibleDirectory {
+            path: dir.to_path_buf(),
+        })?;
+
+        if !dir_metadata.is_dir() {
             return Err(Error::InaccessibleDirectory { path: dir.into_owned() });
         }
         let mut dir_made_absolute = cwd.as_deref().map_or(false, |cwd| {
@@ -101,6 +117,9 @@ pub(crate) mod function {
             None
         };
 
+        #[cfg(unix)]
+        let initial_device = device_id(&dir_metadata);
+
         let mut cursor = dir.clone().into_owned();
         let mut current_height = 0;
         'outer: loop {
@@ -112,6 +131,24 @@ pub(crate) mod function {
             }
             current_height += 1;
 
+            #[cfg(unix)]
+            if current_height != 0 && !cross_fs {
+                let metadata = if cursor.as_os_str().is_empty() {
+                    Path::new(".")
+                } else {
+                    cursor.as_ref()
+                }
+                .metadata()
+                .map_err(|_| Error::InaccessibleDirectory { path: cursor.clone() })?;
+
+                if device_id(&metadata) != initial_device {
+                    return Err(Error::NoGitRepositoryWithinFs {
+                        path: dir.into_owned(),
+                        limit: cursor.clone(),
+                    });
+                }
+            }
+
             for append_dot_git in &[false, true] {
                 if *append_dot_git {
                     cursor.push(".git");
@@ -217,6 +254,20 @@ pub(crate) mod function {
             .min()
     }
 
+    #[cfg(target_os = "linux")]
+    /// Returns the device ID of the directory.
+    fn device_id(m: &fs::Metadata) -> u64 {
+        use std::os::linux::fs::MetadataExt;
+        m.st_dev()
+    }
+
+    #[cfg(all(unix, not(target_os = "linux")))]
+    /// Returns the device ID of the directory.
+    fn device_id(m: &fs::Metadata) -> u64 {
+        use std::os::unix::fs::MetadataExt;
+        m.dev()
+    }
+
     /// Find the location of the git repository directly in `directory` or in any of its parent directories, and provide
     /// the trust level derived from Path ownership.
     ///
diff --git a/git-discover/tests/upwards/mod.rs b/git-discover/tests/upwards/mod.rs
@@ -195,6 +195,77 @@ fn from_existing_worktree() -> crate::Result {
     Ok(())
 }
 
+#[cfg(target_os = "macos")]
+#[test]
+fn cross_fs() -> crate::Result {
+    use git_discover::upwards::Options;
+    use std::os::unix::fs::symlink;
+    use std::process::Command;
+
+    let top_level_repo = git_testtools::scripted_fixture_repo_writable("make_basic_repo.sh")?;
+
+    let _cleanup = {
+        // Create an empty dmg file
+        let dmg_location = tempfile::tempdir()?;
+        let dmg_file = dmg_location.path().join("temp.dmg");
+        Command::new("hdiutil")
+            .args(&["create", "-size", "1m"])
+            .arg(&dmg_file)
+            .status()?;
+
+        // Mount dmg file into temporary location
+        let mount_point = tempfile::tempdir()?;
+        Command::new("hdiutil")
+            .args(&["attach", "-nobrowse", "-mountpoint"])
+            .arg(mount_point.path())
+            .arg(&dmg_file)
+            .status()?;
+
+        // Ensure that the mount point is always cleaned up
+        let cleanup = defer::defer({
+            let arg = mount_point.path().to_owned();
+            move || {
+                Command::new("hdiutil")
+                    .arg("detach")
+                    .arg(arg)
+                    .status()
+                    .expect("detach temporary test dmg filesystem successfully");
+            }
+        });
+
+        // Symlink the mount point into the repo
+        symlink(mount_point.path(), top_level_repo.path().join("remote"))?;
+        cleanup
+    };
+
+    let res = git_discover::upwards(top_level_repo.path().join("remote"))
+        .expect_err("the cross-fs option should prevent us from discovering the repo");
+    assert!(matches!(
+        res,
+        git_discover::upwards::Error::NoGitRepositoryWithinFs { .. }
+    ));
+
+    let (repo_path, _trust) = git_discover::upwards_opts(
+        &top_level_repo.path().join("remote"),
+        Options {
+            cross_fs: true,
+            ..Default::default()
+        },
+    )
+    .expect("the cross-fs option should allow us to discover the repo");
+
+    assert_eq!(
+        repo_path
+            .into_repository_and_work_tree_directories()
+            .1
+            .expect("work dir")
+            .file_name(),
+        top_level_repo.path().file_name()
+    );
+
+    Ok(())
+}
+
 fn repo_path() -> crate::Result<PathBuf> {
     git_testtools::scripted_fixture_repo_read_only("make_basic_repo.sh")
 }
