When the current user does not have write permissions to the repository and
tries to darcs send, an incorrect error message appears. It is "incorrect" in
the sense that the message is not true, and also there should arguably be no
error at all.

Example:
jonathon:~$ cd /tmp
jonathon:/tmp$ darcs get http://path/to/some/repo
jonathon:/tmp$ chmod -R a+r repo/
jonathon:/tmp$ cd repo
jonathon:/tmp/repo$ darcs send
Creating patch to "http://path/to/some/repo"...
Patch bundle will be sent to: blah@blah.com
No recorded local changes to send!
jonathon:/tmp/repo$ su otheruser
otheruser:/tmp/repo$ darcs send

darcs failed:  Not a repository: http://path/to/some/repo


There certainly is a repository at that URL -- the actual error is that there is
no write access to the repo, so darcs presumably can't get a lock. However, is
there any reason to disallow sending from a read-only repo?

On Sun, Jan 01, 2006 at 02:45:27PM +0000, Jonathon Mah wrote:
> darcs failed:  Not a repository: http://path/to/some/repo
> 
> 
> There certainly is a repository at that URL -- the actual error is that
> there is no write access to the repo, so darcs presumably can't get a
> lock. However, is there any reason to disallow sending from a read-only
> repo?

Actually, the trouble is that darcs is creating a temporary file in the
repository itself while downloading from the remote repo, which causes the
download to fail.  We usually avoid creating temporaries in /tmp as a
measure to avoid /tmp race conditions, as it seems to be very hard to
securely use /tmp.  In particular, it seems that if you ever refer to the
name of a file (as we must, when using temporary files with external
programs), then in the presence of tmp-cleaners, you have a security risk.
On the other hand, I've also been told that tmp-cleaners themselves are a
huge security risk, so noone concerned with security would use them...

Basically, I don't understand all the issues involved with using /tmp, so I
avoid doing so when possible.
-- 
David Roundy
http://www.darcs.net

Could darcs maybe fall back on something like ${HOME}/.darcs/tmp?

It's a bit less transparent than dumping it in the repo root (in case something
goes wrong and we fail to clean it up, there could be lots of stuff piling up in
that hidden directory).  But at least we won't have a permissions problem.

Just another thought. Darcs could simply fail (if it can't create tmp files) with an error message asking the user to set DARCS_TMPDIR or TMPDIR.

Yeah, I could live with that.  It wouldn't be any more broken than one
we have now, but at least it won't give the wrong error message.

With Darcs 2, the error message when you try to send but don't have read access
to the current repo is different, but also could be improved:
###
darcs send

darcs failed:  Unable to "darcs send" here.

You need to be in a repository directory to run this command.
###

I like the line of thinking that you should still be able to send from a
read-only repo. Tommy had a reasonable suggestion, which kowey backed up:

"Darcs could simply fail (if it can't create tmp files) with an error message
asking the user to set DARCS_TMPDIR or TMPDIR."

Correction. The error message I gave before was incorrect and was due to
accidentally running darcs 1 in darcs 2 repo. The current error message with
darcs 2 is this:

darcs failed:  Not a repository: http://darcs.net/repos/unstable-hashed (Failed
to create temporary file darcs: permission denied (Permission denied))

###

Because the error message now states that the problem is with creating a
temporary file due to a permissions problem, I consider that sufficiently clear
to make this as "resolved-in-unstable". 

However, I thought it would be easy enough to further improve the error message
to mention possibly setting DARCS_TMPDIR or TMPDIR. The string to update seems
to be in src/Darcs/Compat.hs around line 68. The rub is that the documentation
doesn't seem to be documenting what the code is currently doing:

"If the environment variable DARCS_TMPDIR is defined, darcs will use that
directory for its temporaries. Otherwise it will use TMPDIR, if that is defined,
and if not that then /tmp and if /tmp doesn't exist, it'll put the temporaries
in _darcs."

In my case, "/tmp" would have be the path chosen, but was skipped, and "_darcs"
had writable permissions...it was the top level directory that was not writable. 

This seems inconsistent. Isn't either the docs or the code wrong here?

The following patch updated the status of issue76 to be resolved in the unstable branch:

* resolve issue76: update docs on temp directory creation. 

You can view the patch details online here: 
http://darcs.net/cgi-bin/darcs.cgi/unstable/?c=annotate&p=20080430175713-2067a-9dcb554a9babe0be1070f380cc72fd2e4b050c43.gz