git-cache-proxy: housekeeping: check errno value from stat after deletion

[chiark-utils.git] / scripts / git-cache-proxy

diff --git a/scripts/git-cache-proxy b/scripts/git-cache-proxy
index 4d55233a5f1a70d9cddd8efee5022e5ce3357a9c..b0c9502f8554b8f3f15345f784a624aa5dd6b10f 100755 (executable)
--- a/scripts/git-cache-proxy
+++ b/scripts/git-cache-proxy
@@ -2,6 +2,12 @@
 #
 # git caching proxy
 
+# Suitable only for exposing to semi-trusted clients: clients are not
+# supposed to be able to take over the server.  However, clients can
+# probably deny service to each other because the current
+# implementation is not very good at handling various out-of-course
+# situations (notably, clients which are too slow).
+
 # usage: run it on some port, and then clone or fetch
 #  "git://<realhost>:<realport>/<real-git-url>[ <options>]"
 # where <real-git-url> is http://<host>/... or git://<host>/...
@@ -370,10 +376,10 @@ sub clonefetch () {
     servinfo "sharing";
     lockfile \*LOCK, $lock, LOCK_SH; # NB releases and relocks
 
-    if (chdir $gitd) {
+    if (stat $gitd) {
        return 1;
     }
-    $!==ENOENT or fail "chdir $gitd: $!";
+    $!==ENOENT or fail "stat $gitd: $!";
 
     # Well, err, someone must have taken the lock in between
     # and garbage collected it.  How annoying.
@@ -399,21 +405,33 @@ sub housekeeping () {
            next;
        }
        logm 'info', "housekeeping: subdirs $subdir: cleaning";
-       my $ok = 1;
-       foreach my $suffix (qw(tmp git)) {
-           my $dir = "${subdir}\\.$suffix";
-           my $errs;
-           remove_tree($dir, { safe=>1, error=>\$errs });
-           if (stat $dir) {
-               $ok = 0;
-               logm 'warning', "housekeeping: $dir: problems with".
-                   "deletion prevent cleanup:";
-               foreach my $err (@$errs) {
-                   logm 'info', "problem deleting: $err->[0]: $err->[1]";
+       eval {
+           foreach my $suffix (qw(tmp git)) {
+               my $dir = "${subdir}\\.$suffix";
+               my $tdir = "${subdir}\\.tmp";
+               if ($dir ne $tdir) {
+                   if (!rename $dir,$tdir) {
+                       next if $! == ENOENT;
+                       die "$dir: cannot rename to $tdir: $!\n";
+                   }
+               }
+               my $errs;
+               remove_tree($tdir, { safe=>1, error=>\$errs });
+               if (!stat $tdir) {
+                   foreach my $err (@$errs) {
+                       my ($file, $message) = %$err;
+                       logm 'info', "problem deleting: $file: $message";
+                   }
+                   die "$dir: problem deleting file(s)\n";
+               } elsif ($! != ENOENT) {
+                   die "$tdir: cannot stat after deletion: $!\n";
                }
            }
-       }
-       if ($ok) {
+       };
+       if (length $@) {
+           chomp $@;
+           logm 'warning', "housekeeping: $subdir: cleanup prevented: $@";
+       } else {
            unlink $lock or hkfail "remove $lock: $!";
        }
     }
@@ -457,6 +475,9 @@ sub housekeepingcheck ($$) {
 
 sub runcommand () {
     servinfo "serving";
+
+    chdir $gitd or fail "chdir $gitd: $!";
+
     exec qw(git-upload-pack --strict --timeout=1000 .)
        or fail "exec git-upload-pack: $!";
 }