# Copyright (C) all contributors # License: GPLv2 or later # # Used to read files from a git repository without excessive forking. # Used in our web interfaces as well as our -nntpd server. # This is based on code in Git.pm which is GPLv2+, but modified to avoid # dependence on environment variables for compatibility with mod_perl. # There are also API changes to simplify our usage and data set. package PublicInbox::Git; use strict; use v5.10.1; use parent qw(Exporter); use POSIX (); use IO::Handle; # ->autoflush use Errno qw(EINTR EAGAIN); use File::Glob qw(bsd_glob GLOB_NOSORT); use File::Spec (); use Time::HiRes qw(stat); use PublicInbox::Spawn qw(popen_rd which); use PublicInbox::Tmpfile; use IO::Poll qw(POLLIN); use Carp qw(croak carp); use PublicInbox::SHA (); use PublicInbox::DS qw(awaitpid); our @EXPORT_OK = qw(git_unquote git_quote); our $PIPE_BUFSIZ = 65536; # Linux default our $in_cleanup; our $RDTIMEO = 60_000; # milliseconds our $async_warn; # true in read-only daemons # 512: POSIX PIPE_BUF minimum (see pipe(7)) # 3: @$inflight is flattened [ $OID, $cb, $arg ] # 65: SHA-256 hex size + "\n" in preparation for git using non-SHA1 use constant { MAX_INFLIGHT => 512 * 3 / (65 + length('contents ')), BATCH_CMD_VER => (2 << 24 | 36 << 16), # git 2.36+ }; my %GIT_ESC = ( a => "\a", b => "\b", f => "\f", n => "\n", r => "\r", t => "\t", v => "\013", '"' => '"', '\\' => '\\', ); my %ESC_GIT = map { $GIT_ESC{$_} => $_ } keys %GIT_ESC; my $EXE_ST = ''; # pack('dd', st_ctime, st_size); my ($GIT_EXE, $GIT_VER); sub version { check_git_exe(); $GIT_VER; } sub check_git_exe () { $GIT_EXE = which('git') // die "git not found in $ENV{PATH}"; my @st = stat($GIT_EXE) or die "stat: $!"; my $st = pack('dd', $st[10], $st[7]); if ($st ne $EXE_ST) { my $rd = popen_rd([ $GIT_EXE, '--version' ]); my $v = readline($rd); $v =~ /\b([0-9]+(?:\.[0-9]+){2})/ or die "$GIT_EXE --version output: $v # unparseable"; my @v = split(/\./, $1, 3); $GIT_VER = ($v[0] << 24) | ($v[1] << 16) | $v[2]; $EXE_ST = $st; } } # unquote pathnames used by git, see quote.c::unquote_c_style.c in git.git sub git_unquote ($) { return $_[0] unless ($_[0] =~ /\A"(.*)"\z/); $_[0] = $1; $_[0] =~ s!\\([\\"abfnrtv]|[0-3][0-7]{2})!$GIT_ESC{$1}//chr(oct($1))!ge; $_[0]; } sub git_quote ($) { if ($_[0] =~ s/([\\"\a\b\f\n\r\t\013]|[^[:print:]])/ '\\'.($ESC_GIT{$1}||sprintf("%03o",ord($1)))/egs) { return qq{"$_[0]"}; } $_[0]; } sub new { my ($class, $git_dir) = @_; $git_dir =~ tr!/!/!s; $git_dir =~ s!/*\z!!s; # may contain {-tmp} field for File::Temp::Dir bless { git_dir => $git_dir }, $class } sub git_path ($$) { my ($self, $path) = @_; $self->{-git_path}->{$path} //= do { local $/ = "\n"; chomp(my $str = $self->qx(qw(rev-parse --git-path), $path)); # git prior to 2.5.0 did not understand --git-path if ($str eq "--git-path\n$path") { $str = "$self->{git_dir}/$path"; } $str; }; } sub alternates_changed { my ($self) = @_; my $alt = git_path($self, 'objects/info/alternates'); my @st = stat($alt) or return 0; # can't rely on 'q' on some 32-bit builds, but `d' works my $st = pack('dd', $st[10], $st[7]); # 10: ctime, 7: size return 0 if ($self->{alt_st} // '') eq $st; $self->{alt_st} = $st; # always a true value } sub object_format { $_[0]->{object_format} //= do { my $fmt = $_[0]->qx(qw(config extensions.objectformat)); $fmt eq "sha256\n" ? \'sha256' : \undef; } } sub last_check_err { my ($self) = @_; my $fh = $self->{err_c} or return; sysseek($fh, 0, 0) or $self->fail("sysseek failed: $!"); defined(sysread($fh, my $buf, -s $fh)) or $self->fail("sysread failed: $!"); $buf; } sub _bidi_pipe { my ($self, $batch, $in, $out, $pid, $err) = @_; if ($self->{$pid}) { if (defined $err) { # "err_c" my $fh = $self->{$err}; sysseek($fh, 0, 0) or $self->fail("sysseek failed: $!"); truncate($fh, 0) or $self->fail("truncate failed: $!"); } return; } pipe(my ($out_r, $out_w)) or $self->fail("pipe failed: $!"); my $rdr = { 0 => $out_r, pgid => 0 }; my $gd = $self->{git_dir}; if ($gd =~ s!/([^/]+/[^/]+)\z!/!) { $rdr->{-C} = $gd; $gd = $1; } # git 2.31.0+ supports -c core.abbrev=no, don't bother with # core.abbrev=64 since not many releases had SHA-256 prior to 2.31 my $abbr = $GIT_VER < (2 << 24 | 31 << 16) ? 40 : 'no'; my @cmd = ($GIT_EXE, "--git-dir=$gd", '-c', "core.abbrev=$abbr", 'cat-file', "--$batch"); if ($err) { my $id = "git.$self->{git_dir}.$batch.err"; my $fh = tmpfile($id) or $self->fail("tmpfile($id): $!"); $self->{$err} = $fh; $rdr->{2} = $fh; } # see lib/PublicInbox/ProcessPipe.pm for why we don't use that here my ($in_r, $p) = popen_rd(\@cmd, undef, $rdr); awaitpid($self->{$pid} = $p, undef); $self->{"$pid.owner"} = $$; $out_w->autoflush(1); if ($^O eq 'linux') { # 1031: F_SETPIPE_SZ fcntl($out_w, 1031, 4096); fcntl($in_r, 1031, 4096) if $batch eq 'batch-check'; } $out_w->blocking(0); $self->{$out} = $out_w; $self->{$in} = $in_r; } sub poll_in ($) { IO::Poll::_poll($RDTIMEO, fileno($_[0]), my $ev = POLLIN) } sub my_read ($$$) { my ($fh, $rbuf, $len) = @_; my $left = $len - length($$rbuf); my $r; while ($left > 0) { $r = sysread($fh, $$rbuf, $PIPE_BUFSIZ, length($$rbuf)); if ($r) { $left -= $r; } elsif (defined($r)) { # EOF return 0; } else { next if ($! == EAGAIN and poll_in($fh)); next if $! == EINTR; # may be set by sysread or poll_in return; # unrecoverable error } } my $no_pad = substr($$rbuf, 0, $len, ''); \$no_pad; } sub my_readline ($$) { my ($fh, $rbuf) = @_; while (1) { if ((my $n = index($$rbuf, "\n")) >= 0) { return substr($$rbuf, 0, $n + 1, ''); } my $r = sysread($fh, $$rbuf, $PIPE_BUFSIZ, length($$rbuf)) and next; # return whatever's left on EOF return substr($$rbuf, 0, length($$rbuf)+1, '') if defined($r); next if ($! == EAGAIN and poll_in($fh)); next if $! == EINTR; # may be set by sysread or poll_in return; # unrecoverable error } } sub cat_async_retry ($$) { my ($self, $inflight) = @_; # {inflight} may be non-existent, but if it isn't we delete it # here to prevent cleanup() from waiting: delete $self->{inflight}; cleanup($self); $self->{inflight} = $inflight; batch_prepare($self); my $buf = ''; for (my $i = 0; $i < @$inflight; $i += 3) { $buf .= "$inflight->[$i]\n"; } $self->{out}->blocking(1); # brand new pipe, should never block print { $self->{out} } $buf or $self->fail("write error: $!"); $self->{out}->blocking(0); my $req = shift @$inflight; unshift(@$inflight, \$req); # \$ref to indicate retried cat_async_step($self, $inflight); # take one step } # returns true if prefetch is successful sub async_prefetch { my ($self, $oid, $cb, $arg) = @_; my $inflight = $self->{inflight} or return; return if @$inflight; substr($oid, 0, 0) = 'contents ' if $self->{-bc}; write_all($self, $self->{out}, "$oid\n", \&cat_async_step, $inflight); push(@$inflight, $oid, $cb, $arg); } sub cat_async_step ($$) { my ($self, $inflight) = @_; die 'BUG: inflight empty or odd' if scalar(@$inflight) < 3; my ($req, $cb, $arg) = @$inflight[0, 1, 2]; my $rbuf = delete($self->{rbuf}) // \(my $new = ''); my ($bref, $oid, $type, $size); my $head = my_readline($self->{in}, $rbuf); my $cmd = ref($req) ? $$req : $req; # ->fail may be called via Gcf2Client.pm my $bc = $self->{-bc}; if ($head =~ /^([0-9a-f]{40,}) (\S+) ([0-9]+)$/) { ($oid, $type, $size) = ($1, $2, $3 + 0); unless ($bc && $cmd =~ /\Ainfo /) { # --batch-command $bref = my_read($self->{in}, $rbuf, $size + 1) or $self->fail(defined($bref) ? 'read EOF' : "read: $!"); chop($$bref) eq "\n" or $self->fail('LF missing after blob'); } } elsif ($bc && $cmd =~ /\Ainfo / && $head =~ / (missing|ambiguous)\n/) { $type = $1; $oid = substr($cmd, 5); } elsif ($head =~ s/ missing\n//s) { $oid = $head; # ref($req) indicates it's already been retried # -gcf2 retries internally, so it never hits this path: if (!ref($req) && !$in_cleanup && $self->alternates_changed) { return cat_async_retry($self, $inflight); } $type = 'missing'; if ($oid eq '') { $oid = $cmd; $oid =~ s/\A(?:contents|info) // if $bc; } } else { my $err = $! ? " ($!)" : ''; $self->fail("bad result from async cat-file: $head$err"); } $self->{rbuf} = $rbuf if $$rbuf ne ''; splice(@$inflight, 0, 3); # don't retry $cb on ->fail if ($bc && $cmd =~ /\Ainfo /) { eval { $cb->($oid, $type, $size, $arg, $self) }; async_err($self, $req, $oid, $@, 'check') if $@; } else { eval { $cb->($bref, $oid, $type, $size, $arg) }; async_err($self, $req, $oid, $@, 'cat') if $@; } } sub cat_async_wait ($) { my ($self) = @_; my $inflight = $self->{inflight} or return; while (scalar(@$inflight)) { cat_async_step($self, $inflight); } } sub batch_prepare ($) { my ($self) = @_; check_git_exe(); if ($GIT_VER >= BATCH_CMD_VER) { _bidi_pipe($self, qw(batch-command in out pid err_c)); $self->{-bc} = 1; } else { _bidi_pipe($self, qw(batch in out pid)); } $self->{inflight} = []; } sub _cat_file_cb { my ($bref, $oid, $type, $size, $result) = @_; @$result = ($bref, $oid, $type, $size); } sub cat_file { my ($self, $oid) = @_; my $result = []; cat_async($self, $oid, \&_cat_file_cb, $result); cat_async_wait($self); wantarray ? @$result : $result->[0]; } sub check_async_step ($$) { my ($self, $inflight_c) = @_; die 'BUG: inflight empty or odd' if scalar(@$inflight_c) < 3; my ($req, $cb, $arg) = @$inflight_c[0, 1, 2]; my $rbuf = delete($self->{rbuf_c}) // \(my $new = ''); chomp(my $line = my_readline($self->{in_c}, $rbuf)); my ($hex, $type, $size) = split(/ /, $line); # git <2.21 would show `dangling' (2.21+ shows `ambiguous') # https://public-inbox.org/git/20190118033845.s2vlrb3wd3m2jfzu@dcvr/T/ if ($hex eq 'dangling') { my $ret = my_read($self->{in_c}, $rbuf, $type + 1); $self->fail(defined($ret) ? 'read EOF' : "read: $!") if !$ret; } $self->{rbuf_c} = $rbuf if $$rbuf ne ''; splice(@$inflight_c, 0, 3); # don't retry $cb on ->fail eval { $cb->($hex, $type, $size, $arg, $self) }; async_err($self, $req, $hex, $@, 'check') if $@; } sub check_async_wait ($) { my ($self) = @_; return cat_async_wait($self) if $self->{-bc}; my $inflight_c = $self->{inflight_c} or return; check_async_step($self, $inflight_c) while (scalar(@$inflight_c)); } sub check_async_begin ($) { my ($self) = @_; die 'BUG: already in async check' if $self->{inflight_c}; cleanup($self) if alternates_changed($self); check_git_exe(); if ($GIT_VER >= BATCH_CMD_VER) { _bidi_pipe($self, qw(batch-command in out pid err_c)); $self->{-bc} = 1; $self->{inflight} = []; } else { _bidi_pipe($self, qw(batch-check in_c out_c pid_c err_c)); $self->{inflight_c} = []; } } sub write_all { my ($self, $out, $buf, $read_step, $inflight) = @_; $read_step->($self, $inflight) while @$inflight >= MAX_INFLIGHT; do { my $w = syswrite($out, $buf); if (defined $w) { return if $w == length($buf); substr($buf, 0, $w, ''); # sv_chop } elsif ($! != EAGAIN) { $self->fail("write: $!"); } $read_step->($self, $inflight); } while (1); } sub check_async ($$$$) { my ($self, $oid, $cb, $arg) = @_; my $inflight = $self->{-bc} ? ($self->{inflight} // cat_async_begin($self)) : ($self->{inflight_c} // check_async_begin($self)); if ($self->{-bc}) { substr($oid, 0, 0) = 'info '; write_all($self, $self->{out}, "$oid\n", \&cat_async_step, $inflight); } else { write_all($self, $self->{out_c}, "$oid\n", \&check_async_step, $inflight); } push(@$inflight, $oid, $cb, $arg); } sub _check_cb { # check_async callback my ($hex, $type, $size, $result) = @_; @$result = ($hex, $type, $size); } sub check { my ($self, $oid) = @_; my $result = []; check_async($self, $oid, \&_check_cb, $result); check_async_wait($self); my ($hex, $type, $size) = @$result; # git <2.21 would show `dangling' (2.21+ shows `ambiguous') # https://public-inbox.org/git/20190118033845.s2vlrb3wd3m2jfzu@dcvr/T/ return if $type =~ /\A(?:missing|ambiguous)\z/ || $hex eq 'dangling'; ($hex, $type, $size); } sub _destroy { my ($self, $pid, @rest) = @_; # rest = rbuf, in, out, err my ($p) = delete @$self{($pid, @rest)}; # GitAsyncCat::event_step may delete {$pid} awaitpid($p) if defined($p) && $$ == $self->{"$pid.owner"}; } sub async_abort ($) { my ($self) = @_; while (scalar(@{$self->{inflight_c} // []}) || scalar(@{$self->{inflight} // []})) { for my $c ('', '_c') { my $q = $self->{"inflight$c"} or next; while (@$q) { my ($req, $cb, $arg) = splice(@$q, 0, 3); $req = $$req if ref($req); $self->{-bc} and $req =~ s/\A(?:contents|info) //; $req =~ s/ .*//; # drop git_dir for Gcf2Client eval { $cb->(undef, $req, undef, undef, $arg) }; warn "E: (in abort) $req: $@" if $@; } delete $self->{"inflight$c"}; delete $self->{"rbuf$c"}; } } cleanup($self); } sub fail { # may be augmented in subclasses my ($self, $msg) = @_; async_abort($self); croak(ref($self) . ' ' . ($self->{git_dir} // '') . ": $msg"); } sub async_err ($$$$$) { my ($self, $req, $oid, $err, $action) = @_; $req = $$req if ref($req); # retried my $msg = "E: $action $req ($oid): $err"; $async_warn ? carp($msg) : $self->fail($msg); } # $git->popen(qw(show f00)); # or # $git->popen(qw(show f00), { GIT_CONFIG => ... }, { 2 => ... }); sub popen { my ($self, $cmd) = splice(@_, 0, 2); $cmd = [ 'git', "--git-dir=$self->{git_dir}", ref($cmd) ? @$cmd : ($cmd, grep { defined && !ref } @_) ]; popen_rd($cmd, grep { !defined || ref } @_); # env and opt } # same args as popen above sub qx { my $fh = popen(@_); if (wantarray) { my @ret = <$fh>; close $fh; # caller should check $? @ret; } else { local $/; my $ret = <$fh>; close $fh; # caller should check $? $ret; } } sub date_parse { my $self = shift; map { substr($_, length('--max-age='), -1) } $self->qx('rev-parse', map { "--since=$_" } @_); } # check_async and cat_async may trigger the other, so ensure they're # both completely done by using this: sub async_wait_all ($) { my ($self) = @_; while (scalar(@{$self->{inflight_c} // []}) || scalar(@{$self->{inflight} // []})) { check_async_wait($self); cat_async_wait($self); } } # returns true if there are pending "git cat-file" processes sub cleanup { my ($self, $lazy) = @_; return 1 if $lazy && (scalar(@{$self->{inflight_c} // []}) || scalar(@{$self->{inflight} // []})); local $in_cleanup = 1; delete @$self{qw(async_cat async_chk)}; async_wait_all($self); delete @$self{qw(inflight inflight_c -bc)}; _destroy($self, qw(pid rbuf in out err_c)); _destroy($self, qw(pid_c rbuf_c in_c out_c err_c)); undef; } # assuming a well-maintained repo, this should be a somewhat # accurate estimation of its size # TODO: show this in the WWW UI as a hint to potential cloners sub packed_bytes { my ($self) = @_; my $n = 0; my $pack_dir = git_path($self, 'objects/pack'); foreach my $p (bsd_glob("$pack_dir/*.pack", GLOB_NOSORT)) { $n += -s $p; } $n } sub DESTROY { cleanup(@_) } sub local_nick ($) { # don't show full FS path, basename should be OK: $_[0]->{nick} // ($_[0]->{git_dir} =~ m!/([^/]+?)(?:/*\.git/*)?\z! ? "$1.git" : undef); } sub host_prefix_url ($$) { my ($env, $url) = @_; return $url if index($url, '//') >= 0; my $host_port = $env->{HTTP_HOST} // "$env->{SERVER_NAME}:$env->{SERVER_PORT}"; my $sn = $env->{SCRIPT_NAME} // ''; "$env->{'psgi.url_scheme'}://$host_port$sn/$url"; } sub base_url { # for coderepos, PSGI-only my ($self, $env) = @_; # env - PSGI env my $nick = $self->{nick} // return undef; my $url = host_prefix_url($env, ''); # for mount in Plack::Builder $url .= '/' if substr($url, -1, 1) ne '/'; $url . $nick . '/'; } sub isrch {} # TODO sub pub_urls { my ($self, $env) = @_; if (my $urls = $self->{cgit_url}) { map { host_prefix_url($env, $_) } @$urls; } else { (base_url($self, $env) // '???'); } } sub cat_async_begin { my ($self) = @_; cleanup($self) if $self->alternates_changed; die 'BUG: already in async' if $self->{inflight}; batch_prepare($self); } sub cat_async ($$$;$) { my ($self, $oid, $cb, $arg) = @_; my $inflight = $self->{inflight} // cat_async_begin($self); substr($oid, 0, 0) = 'contents ' if $self->{-bc}; write_all($self, $self->{out}, $oid."\n", \&cat_async_step, $inflight); push(@$inflight, $oid, $cb, $arg); } # returns the modified time of a git repo, same as the "modified" field # of a grokmirror manifest sub modified ($) { # committerdate:unix is git 2.9.4+ (2017-05-05), so using raw instead my $fh = popen($_[0], qw[for-each-ref --sort=-committerdate --format=%(committerdate:raw) --count=1]); (split(/ /, <$fh> // time))[0] + 0; # integerize for JSON } sub try_cat { my ($path) = @_; open(my $fh, '<', $path) or return ''; local $/; <$fh> // ''; } sub cat_desc ($) { my $desc = try_cat($_[0]); chomp $desc; utf8::decode($desc); $desc =~ s/\s+/ /smg; $desc eq '' ? undef : $desc; } sub description { cat_desc("$_[0]->{git_dir}/description") // 'Unnamed repository'; } sub cloneurl { my ($self, $env) = @_; $self->{cloneurl} // do { my @urls = split(/\s+/s, try_cat("$self->{git_dir}/cloneurl")); scalar(@urls) ? ($self->{cloneurl} = \@urls) : undef; } // [ substr(base_url($self, $env), 0, -1) ]; } # for grokmirror, which doesn't read gitweb.description # templates/hooks--update.sample and git-multimail in git.git # only match "Unnamed repository", not the full contents of # templates/this--description in git.git sub manifest_entry { my ($self, $epoch, $default_desc) = @_; my $fh = $self->popen('show-ref'); my $dig = PublicInbox::SHA->new(1); while (read($fh, my $buf, 65536)) { $dig->add($buf); } close $fh or return; # empty, uninitialized git repo undef $fh; # for open, below my $git_dir = $self->{git_dir}; my $ent = { fingerprint => $dig->hexdigest, reference => undef, modified => modified($self), }; chomp(my $owner = $self->qx('config', 'gitweb.owner')); utf8::decode($owner); $ent->{owner} = $owner eq '' ? undef : $owner; my $desc = description($self); if (defined $epoch && index($desc, 'Unnamed repository') == 0) { $desc = "$default_desc [epoch $epoch]"; } $ent->{description} = $desc; if (open($fh, '<', "$git_dir/objects/info/alternates")) { # n.b.: GitPython doesn't seem to handle comments or C-quoted # strings like native git does; and we don't for now, either. local $/ = "\n"; chomp(my @alt = <$fh>); # grokmirror only supports 1 alternate for "reference", if (scalar(@alt) == 1) { my $objdir = "$git_dir/objects"; my $ref = File::Spec->rel2abs($alt[0], $objdir); $ref =~ s!/[^/]+/?\z!!; # basename $ent->{reference} = $ref; } } $ent; } # returns true if there are pending cat-file processes sub cleanup_if_unlinked { my ($self) = @_; return cleanup($self, 1) if $^O ne 'linux'; # Linux-specific /proc/$PID/maps access # TODO: support this inside git.git my $ret = 0; for my $fld (qw(pid pid_c)) { my $pid = $self->{$fld} // next; open my $fh, '<', "/proc/$pid/maps" or return cleanup($self, 1); while (<$fh>) { # n.b. we do not restart for unlinked multi-pack-index # since it's not too huge, and the startup cost may # be higher. /\.(?:idx|pack) \(deleted\)$/ and return cleanup($self, 1); } ++$ret; } $ret; } 1; __END__ =pod =head1 NAME PublicInbox::Git - git wrapper =head1 VERSION version 1.0 =head1 SYNOPSIS use PublicInbox::Git; chomp(my $git_dir = `git rev-parse --git-dir`); $git_dir or die "GIT_DIR= must be specified\n"; my $git = PublicInbox::Git->new($git_dir); =head1 DESCRIPTION Unstable API outside of the L method. It requires L to be installed. =head1 METHODS =cut =head2 new my $git = PublicInbox::Git->new($git_dir); Initialize a new PublicInbox::Git object for use with L This is the only public API method we support. Everything else in this module is subject to change. =head1 SEE ALSO L, L =head1 CONTACT All feedback welcome via plain-text mail to L The mail archives are hosted at L =head1 COPYRIGHT Copyright (C) 2016 all contributors L License: AGPL-3.0+ L =cut