If a copy operation is started with `G_FILE_COPY_TARGET_DEFAULT_PERMS`,
don’t create the destination file as private. Instead, create it with
the process’ current umask (i.e. ‘default permissions’).
This is a partial re-work of commit d8f8f4d637, with
input from Ondrej Holy.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #174
It is expected that `g_file_move()` moves symlink file itself, not its
target. Unfortunately, copy and delete fallback passes `GFileCopyFlags`
and don't explicitly use `G_FILE_COPY_NOFOLLOW_SYMLINKS`. This may cause
that symlink target is copied and symlink itself is removed. Let's
explicitly pass `G_FILE_COPY_NOFOLLOW_SYMLINKS` to the copy operation to
prevent this unexpected behavior.
https://gitlab.gnome.org/GNOME/glib/issues/986
The `G_FILE_COPY_NOFOLLOW_SYMLINKS` flag doesn't make sense for move operation,
neither local implementation doesn't handle this flag in any way. Therefore
this paragraph should be removed from the docs (it was probably copy&pasted
from `g_file_copy()` docs by mistake).
Closes: https://gitlab.gnome.org/GNOME/glib/issues/986
file_copy_fallback creates new files with default permissions and
set the correct permissions after the operation is finished. This
might cause that the files can be accessible by more users during
the operation than expected. Use G_FILE_CREATE_PRIVATE for the new
files to limit access to those files.
The g_app_info_launch_uris_async() and g_app_info_launch_uris_finish()
functions are crucial to fix g_app_info_launch_default_for_uri_async()
to be really asynchronous.
This patch also adds GDesktopAppInfo implementation of that vfuncs.
The implementation may still use some synchronous calls to local MIME DB.
https://gitlab.gnome.org/GNOME/glib/issues/1347https://gitlab.gnome.org/GNOME/glib/issues/1249
This change increases throughput when copying files for some filesystems
(Modified by Philip Withnall <withnall@endlessm.com> to add more error
handling.)
https://bugzilla.gnome.org/show_bug.cgi?id=791457
This is a variant of g_file_get_path() which returns a const string to
the caller, rather than transferring ownership.
I've been carrying `gs_file_get_path_cached()` in libgsystem and it
has seen a lot of use in the ostree and flatpak codebases. There are
probably others too.
I think language bindings like Python/Gjs could also use this to avoid
an extra malloc (i.e. we could transparently replace
`g_file_get_path()` with `g_file_peek_path()`.
(Originally by Colin Walters. Tweaked by Philip Withnall to update to
2.56, change the function name and drop the locking.)
https://bugzilla.gnome.org/show_bug.cgi?id=767976
Try and make it a bit more obvious that g_file_query_exists() is
generally A Bad Idea.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Reviewed-by: nobody
This adds g_file_load_bytes() to make it more convenient to
load the contents of a GFile as GBytes.
It includes a special casing for gresources to increase the
chances that the GBytes directly references the embedded data
instead of copying to the heap.
https://bugzilla.gnome.org/show_bug.cgi?id=790272
Prevent the situation where errno is set by function A, then function B
is called (which is typically _(), but could be anything else) and it
overwrites errno, then errno is checked by the caller.
errno is a horrific API, and we need to be careful to save its value as
soon as a function call (which might set it) returns. i.e. Follow the
pattern:
int errsv, ret;
ret = some_call_which_might_set_errno ();
errsv = errno;
if (ret < 0)
puts (strerror (errsv));
This patch implements that pattern throughout GLib. There might be a few
places in the test code which still use errno directly. They should be
ported as necessary. It doesn’t modify all the call sites like this:
if (some_call_which_might_set_errno () && errno == ESOMETHING)
since the refactoring involved is probably more harmful than beneficial
there. It does, however, refactor other call sites regardless of whether
they were originally buggy.
https://bugzilla.gnome.org/show_bug.cgi?id=785577
The g_file_copy() documentation didn't mention if
G_FILE_COPY_ALL_METADATA was applicable or not, and users were led to
call g_file_copy_attributes() to specify it after the g_file_copy()
call, unless they checked the source (been there, done that).
https://bugzilla.gnome.org/show_bug.cgi?id=784037
This is small enough that it shouldn't cause problems on most machines
we support, but big enough to increase throughput on a lot of devices
and network protocols.
Note that the actual value is 256k minus malloc overhead, so that it
fits nicely in a 256k block (as suggested by Alexander Larsson).
See https://bugzilla.gnome.org/show_bug.cgi?id=773632https://bugzilla.gnome.org/show_bug.cgi?id=773823
If we have an input parameter (or return value) we need to use (nullable).
However, if it is an (inout) or (out) parameter, (optional) is sufficient.
It looks like (nullable) could be used for everything according to the
Annotation documentation, but (optional) is more specific.
gvfs commit b358ca "Make sure metadata is always returned by
query_writable_namespaces()" changed the
query_writable_namespaces vfunc to never return NULL, but the error
checking in g_daemon_file_query_writable_namespaces still assumes vfunc
failure implies NULL return value and GError set. This causes a memory
leak as on failure the GError will be set but the vfunc implementation
will have created its own default list so NULL will not be returned, and
the GError will never be cleared.
This commit directly checks if the GError is set to detect failures,
my_error is directly dereferenced in the error block anyway.
This also removes an unneeded call to g_file_attribute_info_new(); as
the vfunc always returns us a non-NULL GFileAttributeInfoList.
https://bugzilla.gnome.org/show_bug.cgi?id=747364
In g_file_make_directory_with_parents(), the my_error variable is used
for several different purposes throughout the whole function, not all of
which are obvious. This explains the situation with some comments.
https://bugzilla.gnome.org/show_bug.cgi?id=719455
So shortcut it.
I wrote this patch less as a performance optimization and more as a
clarification, so that people looking at the code can be assured of this
invariant.
https://bugzilla.gnome.org/show_bug.cgi?id=738374
A critical message is printed when a parameter of g_file_equal() is not
a GFile. When we read the documentation before this commit, we can think
that passing NULL or another type than GFile is allowed, but it is not
the case.
Another option is to allow NULL parameters. But for consistency with
e.g. g_str_equal(), it's probably better to keep the code as is.
https://bugzilla.gnome.org/show_bug.cgi?id=732357
Add a note to the documentation for g_file_new_for_commandline_arg()
that this function is intended to operate on strings already in the GLib
filename encoding on Windows.
This has been the case for a long time, but this documents the
requirement.
https://bugzilla.gnome.org/show_bug.cgi?id=722025
Usually async methods copy/ref its arguments so caller can
forget about them. g_file_replace_contents_async() and
g_output_stream_write_async() are exceptions.
https://bugzilla.gnome.org/show_bug.cgi?id=690525
Assume unix platforms support the original POSIX.1 standard.
Specifically, assume that if G_OS_UNIX, then we have chown(),
getcwd(), getgrgid(), getpwuid(), link(), <grp.h>, <pwd.h>,
<sys/types.h>, <sys/uio.h>, <sys/wait.h>, and <unistd.h>.
Additionally, since all versions of Windows that we care about also
have <sys/types.h>, we can remove HAVE_SYS_TYPES_H checks everywhere.
Also remove one include of <sys/times.h>, and the corresponding
configure check, since the include is not currently needed (and may
always have just been a typo for <sys/time.h>).
https://bugzilla.gnome.org/show_bug.cgi?id=710519
It's not difficult to do; not all backends implement it, and for some
it may be difficult to implement query_info_on_read(), so let's just
do both.
https://bugzilla.gnome.org/show_bug.cgi?id=706254
In the real_..._async wrapper for GFile.measure_disk_usage, skip the
wrapping of the progress callback in the case that the user gave a NULL
callback to the async function. This is a performance improvement
because the sync version won't have to do continuous sampling of the
clock to issue a call to the wrapper which will then do nothing.
Unfortunately, I made this simplifying assumption when writing the
wrapper, but forgot to actually implement it when making the sync call.
As a result, the wrapper is still called, and invokes the NULL callback,
causing a segfault.
Make sure we pass NULL if the user's callback was NULL.
https://bugzilla.gnome.org/show_bug.cgi?id=707787
Previously, g_file_copy() would (on Unix) create files with the
default mode of 644. For applications which might at user request
copy arbitrary private files such as ~/.ssh or /etc/shadow, a
world-readable copy would be temporarily exposed.
This patch is suboptimal in that it *only* fixes g_file_copy()
for the case where both source and destination are instances of
GLocalFile on Unix.
The reason for this is that the public GFile APIs for creating files
allow very limited control over the access permissions for the created
file; one can either say a file is "private" or not. Fixing
this by adding e.g. g_file_create_with_attributes() would make sense,
except this would entail 8 new API calls for all the variants of
_create(), _create_async(), _replace(), _replace_async(),
_create_readwrite(), _create_readwrite_async(), _replace_readwrite(),
_replace_readwrite_async(). That can be done as a separate patch
later.
https://bugzilla.gnome.org/show_bug.cgi?id=699959
Previously, we called g_file_query_info() *again* on the source at the
very end of the copy. This has the lame semantics that if the source
happened to be deleted, we would fail to apply attributes to the
destination. This could even be a security flaw.
This commit changes things so that we query info from the source
*stream* after opening - i.e. on Unix we use the proper fstat() and
friends. That way we operate more atomically.
https://bugzilla.gnome.org/show_bug.cgi?id=699959
In the *_async_thread() functions, call the corresponding synchronous
function instead of calling the interface vfunc, which can be NULL.
In some cases the check for the vfunc == NULL was done, but to be
consistent it is better to always call the synchronous version (and the
code is simpler).
https://bugzilla.gnome.org/show_bug.cgi?id=548353
We need to close the stream *before* applying the file modes, because
g_file_replace() allocates a temporary file. At the moment we're
applying the modes to the extant file, then immediately rename()ing
over it with the default perms.
This regressed with commit 166766a89f.
The real fix here is to have g_file_create_with_info() so that we can
atomically create a file with the permissions we want.
https://bugzilla.gnome.org/show_bug.cgi?id=696014
There are two benefits to this:
1) We can centralize any operating system specific knowledge of
close-vs-EINTR handling. For example, while on Linux we should never
retry, if someone cared enough later about HP-UX, they could come by
and change this one spot.
2) For places that do care about the return value and want to provide
the caller with a GError, this function makes it convenient to do so.
Note that gspawn.c had an incorrect EINTR loop-retry around close().
https://bugzilla.gnome.org/show_bug.cgi?id=682819
Ok, this function was just an awful mess before. Now the problem
domain is not trivial, and I won't claim this new code is *beautiful*,
but it should fix the bug at hand, and be somewhat less prone to
failure for the next person who tries to modify it. There's only one
unref call for each object now.
https://bugzilla.gnome.org/show_bug.cgi?id=692408
When an error occurs while reading the file input stream in
g_file_load_contents (e.g. because the operation was cancelled), the
code is correctly calling g_task_return_error(), but in the callback
from the close operation, g_task_return_boolean() will be called again.
Code that cleans up its state in the async callback will then be called
twice, leading to invalid memory access.
https://bugzilla.gnome.org/show_bug.cgi?id=692202
The attached patch adds support for the btrfs "clone" ioctl which
makes Copy-on-Write reflinks, resulting in cheap O(1) copies when
source/destination are on the same filesystem. The ioctl itself is
quite straightforward, and GNU coreutils has had support since 7.5
(--reflink=auto --sparse=auto).
The ioctl only operates on regular files and symlinks, and always
follows symlinks; checks have been added accordingly.
This patch would be very useful for everyone who uses btrfs
filesystems (Meego folks for instance). On systems that don't have
btrfs, or if the the source is not on a btrfs filesystem, the ioctl
returns EINVAL, and the fallback code is triggered. Hence this will
cause no problems for non-btrfs users.
https://bugzilla.gnome.org/show_bug.cgi?id=626497
Add a new GFileMonitorFlag: G_FILE_MONITOR_WATCH_HARD_LINKS. When set,
changes made to the file via another hard link will be detected.
Implement the new flag for the inotify backend.
https://bugzilla.gnome.org/show_bug.cgi?id=532815
Add a pair of new APIs: one to GFile to create a new file from a
commandline arg relative to a given cwd and one to
GApplicationCommandLine to create a GFile from an arg, relative to the
cwd of the invoking commandline.
https://bugzilla.gnome.org/show_bug.cgi?id=689037
Reimplement gioscheduler in terms of GTask, and deprecate the original
gioscheduler methods. Update docs to point people to GTask rather than
gioscheduler and GSimpleAsyncResult, but don't actually formally
deprecate GSimpleAsyncResult yet.
https://bugzilla.gnome.org/show_bug.cgi?id=661767