[darcs-devel] [patch1738] resolve issue1959: catch permission errors when access...

[Ben Franksen]

Ben Franksen <ben.franksen at online.de> added the comment:

> If the index file isn't writable how can we remove anything?

IIRC, on Unix-like systems, you need only write access to the parent
directory to remove a file for which you have at least user or group
ownership. Even if that fails you can definitely rename the file.

> My original comment was implicitly assuming that we can just fail
> on the functions that would be called in a repository-modifying 
> operation, but now I think about it again, I guess those aren't 
> easily distinguished - this code  always confuses me.

Same here.

> Perhaps we need to do it more explicitly and pass down an explicit
> flag?

I am strictly against that. We would end up adding the parameter to
*many* functions, i.e. almost everything in D.R.State and who knows what
else. We do have a perfectly fine mechanism for making this distiction,
namely whether we run in a transaction or not. We just have to make sure
that when we start a transaction we test writability up front, so we can
gracefully fail. This is quite similar to what we do if we can't take
the repo lock. The rest of the code can then silently ignore permission
errors for _darcs/index and related files. This isn't perfect but IMO
still the best we can do apart from fixing the index API (and its code).

Cheers
Ben

__________________________________
Darcs bug tracker <bugs at darcs.net>
<http://bugs.darcs.net/patch1738>
__________________________________