From: Joey Hess Date: Fri, 5 Sep 2025 18:06:15 +0000 (-0400) Subject: update X-Git-Tag: archive/raspbian/10.20251029-1+rpi1~1^2~3^2~136 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=9a2013a2e794fc96baa54ac58b4058a1c7724ee6;p=git-annex.git update --- diff --git a/doc/bugs/35_failed_tests_on_beegfs/comment_10_74f2d24f21bdeb6a05dfbef5d558d950._comment b/doc/bugs/35_failed_tests_on_beegfs/comment_10_74f2d24f21bdeb6a05dfbef5d558d950._comment new file mode 100644 index 0000000000..5144dce82a --- /dev/null +++ b/doc/bugs/35_failed_tests_on_beegfs/comment_10_74f2d24f21bdeb6a05dfbef5d558d950._comment @@ -0,0 +1,32 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 10""" + date="2025-09-05T17:42:02Z" + content=""" +I've made all OsPath operations in git-annex set the close-on-exec flag. + +This will largely fix the problem when git-annex is built with the OsPath build +flag. Which has now become default, but it's still possible for git-annex +to be built without that build flag. Check `git-annex version` for "OsPath" +to know if your git-annex was built with this. +I think it will probably pass the test suite on beegfs at this point. + +(However, the openTempFile implementation sets the flag only after opening +the file, so is still vulnerable to a race where the fd can leak to an +execed process. That could use more work, but at least is a quite +narrow race window.) + +Also the few ByteString readFile/writeFile calls were converted to the OsPath +operations. + +What remains to be done to fully fix this: + +* Checking haskell libraries as listed in comment #8 +* All the FilePath versions of readFile, writeFile, etc, still + don't set the close-on-exec flag. There are a few hundred such calls + still in of git-annex. Those will all have to be wrapped with versions + that do set the close-on-exec flag, or converted to the OsPath versions. + +So, this bug is now tied to [[OsPath conversion|todo/RawFilePath_conversion]] +in 2 ways. +"""]]