On 11/23/2016 11:24 PM, Pierre-Yves David wrote:
On 11/23/2016 11:09 PM, Mads Kiilerich wrote:
# HG changeset patch
# User Mads Kiilerich <mad...@unity3d.com>
# Date 1479938505 -3600
# Wed Nov 23 23:01:45 2016 +0100
# Node ID 2841e0a6f97ba09dff5ffe7f42ac8c6e1b23338f
# Parent 8836f13e3c5b8eae765372708b659c55a044cbb4
posix: _really_ make sure .hg/cache/checklink points at a real file
8836f13e3c5b failed to do what it said; it did leave a dangling
symlink. As
promised, that broke setup.py sdist. It also broke stuff on Solaris
where "cp
-r" by default follows symlinks.
Instead, make it point at ../00changelog.i, which is the file that is
most
likely to exist. This adds some extra layering violation ... but not
much, in
an innocent way, and it works ...
Could we just create a empty file right next to this symlink and point
to that? That would seems more independant/robust.
Right.
Playing more around with this raise the question: Generally, when
running hg commands that create/write files, how do we make sure that
nobody fooled us and placed a symlink that can trick us to overwrite
arbitrary files? Should we and do we always take precautions for that?
/Mads
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
