2007-12-05 14:33:32 +01:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
|
|
|
# Copyright (c) 2007 Nguyễn Thái Ngọc Duy
|
|
|
|
#
|
|
|
|
|
|
|
|
test_description='Test repository version check'
|
|
|
|
|
tests: mark tests as passing with SANITIZE=leak
When the "ab/various-leak-fixes" topic was merged in [1] only t6021
would fail if the tests were run in the
"GIT_TEST_PASSING_SANITIZE_LEAK=check" mode, i.e. to check whether we
marked all leak-free tests with "TEST_PASSES_SANITIZE_LEAK=true".
Since then we've had various tests starting to pass under
SANITIZE=leak. Let's mark those as passing, this is when they started
to pass, narrowed down with "git bisect":
- t5317-pack-objects-filter-objects.sh: In
faebba436e6 (list-objects-filter: plug pattern_list leak, 2022-12-01).
- t3210-pack-refs.sh, t5613-info-alternate.sh,
t7403-submodule-sync.sh: In 189e97bc4ba (diff: remove parseopts member
from struct diff_options, 2022-12-01).
- t1408-packed-refs.sh: In ab91f6b7c42 (Merge branch
'rs/diff-parseopts', 2022-12-19).
- t0023-crlf-am.sh, t4152-am-subjects.sh, t4254-am-corrupt.sh,
t4256-am-format-flowed.sh, t4257-am-interactive.sh,
t5403-post-checkout-hook.sh: In a658e881c13 (am: don't pass strvec to
apply_parse_options(), 2022-12-13)
- t1301-shared-repo.sh, t1302-repo-version.sh: In b07a819c05f (reflog:
clear leftovers in reflog_expiry_cleanup(), 2022-12-13).
- t1304-default-acl.sh, t1410-reflog.sh,
t5330-no-lazy-fetch-with-commit-graph.sh, t5502-quickfetch.sh,
t5604-clone-reference.sh, t6014-rev-list-all.sh,
t7701-repack-unpack-unreachable.sh: In b0c61be3209 (Merge branch
'rs/reflog-expiry-cleanup', 2022-12-26)
- t3800-mktag.sh, t5302-pack-index.sh, t5306-pack-nobase.sh,
t5573-pull-verify-signatures.sh, t7612-merge-verify-signatures.sh: In
69bbbe484ba (hash-object: use fsck for object checks, 2023-01-18).
- t1451-fsck-buffer.sh: In 8e4309038f0 (fsck: do not assume
NUL-termination of buffers, 2023-01-19).
- t6501-freshen-objects.sh: In abf2bb895b4 (Merge branch
'jk/hash-object-fsck', 2023-01-30)
1. 9ea1378d046 (Merge branch 'ab/various-leak-fixes', 2022-12-14)
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2023-02-07 00:07:36 +01:00
|
|
|
TEST_PASSES_SANITIZE_LEAK=true
|
2007-12-05 14:33:32 +01:00
|
|
|
. ./test-lib.sh
|
|
|
|
|
2010-09-07 03:52:27 +02:00
|
|
|
test_expect_success 'setup' '
|
2020-05-25 21:59:13 +02:00
|
|
|
test_oid_cache <<-\EOF &&
|
|
|
|
version sha1:0
|
|
|
|
version sha256:1
|
|
|
|
EOF
|
2010-09-07 03:52:27 +02:00
|
|
|
cat >test.patch <<-\EOF &&
|
|
|
|
diff --git a/test.txt b/test.txt
|
|
|
|
new file mode 100644
|
|
|
|
--- /dev/null
|
|
|
|
+++ b/test.txt
|
|
|
|
@@ -0,0 +1 @@
|
|
|
|
+123
|
|
|
|
EOF
|
2007-12-05 14:33:32 +01:00
|
|
|
|
2010-09-07 03:52:27 +02:00
|
|
|
test_create_repo "test" &&
|
|
|
|
test_create_repo "test2" &&
|
2014-03-21 00:17:01 +01:00
|
|
|
git config --file=test2/.git/config core.repositoryformatversion 99
|
2010-09-07 03:52:27 +02:00
|
|
|
'
|
2007-12-05 14:33:32 +01:00
|
|
|
|
|
|
|
test_expect_success 'gitdir selection on normal repos' '
|
tests: make 'test_oid' print trailing newline
Unlike other test helper functions, 'test_oid' doesn't terminate its
output with a LF, but, alas, the reason for this, if any, is not
mentioned in 2c02b110da (t: add test functions to translate
hash-related values, 2018-09-13)).
Now, in the vast majority of cases 'test_oid' is invoked in a command
substitution that is part of a heredoc or supplies an argument to a
command or the value to a variable, and the command substitution would
chop off any trailing LFs, so in these cases the lack or presence of a
trailing LF in its output doesn't matter. However:
- There appear to be only three cases where 'test_oid' is not
invoked in a command substitution:
$ git grep '\stest_oid ' -- ':/t/*.sh'
t0000-basic.sh: test_oid zero >actual &&
t0000-basic.sh: test_oid zero >actual &&
t0000-basic.sh: test_oid zero >actual &&
These are all in test cases checking that 'test_oid' actually
works, and that the size of its output matches the size of the
corresponding hash function with conditions like
test $(wc -c <actual) -eq 40
In these cases the lack of trailing LF does actually matter,
though they could be trivially updated to account for the presence
of a trailing LF.
- There are also a few cases where the lack of trailing LF in
'test_oid's output actually hurts, because tests need to compare
its output with LF terminated file contents, forcing developers to
invoke it as 'echo $(test_oid ...)' to append the missing LF:
$ git grep 'echo "\?$(test_oid ' -- ':/t/*.sh'
t1302-repo-version.sh: echo $(test_oid version) >expect &&
t1500-rev-parse.sh: echo "$(test_oid algo)" >expect &&
t4044-diff-index-unique-abbrev.sh: echo "$(test_oid val1)" > foo &&
t4044-diff-index-unique-abbrev.sh: echo "$(test_oid val2)" > foo &&
t5313-pack-bounds-checks.sh: echo $(test_oid oidfff) >file &&
And there is yet another similar case in an in-flight topic at:
https://public-inbox.org/git/813e81a058227bd373cec802e443fcd677042fb4.1670862677.git.gitgitgadget@gmail.com/
Arguably we would be better off if 'test_oid' terminated its output
with a LF. So let's update 'test_oid' accordingly, update its tests
in t0000 to account for the extra character in those size tests, and
remove the now unnecessary 'echo $(...)' command substitutions around
'test_oid' invocations as well.
Signed-off-by: SZEDER Gábor <szeder.dev@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-12-18 17:29:05 +01:00
|
|
|
test_oid version >expect &&
|
2010-09-07 03:52:27 +02:00
|
|
|
git config core.repositoryformatversion >actual &&
|
2016-09-13 05:24:00 +02:00
|
|
|
git -C test config core.repositoryformatversion >actual2 &&
|
2010-09-07 03:52:27 +02:00
|
|
|
test_cmp expect actual &&
|
|
|
|
test_cmp expect actual2
|
|
|
|
'
|
2007-12-05 14:33:32 +01:00
|
|
|
|
|
|
|
test_expect_success 'gitdir selection on unsupported repo' '
|
2010-09-07 03:52:27 +02:00
|
|
|
# Make sure it would stop at test2, not trash
|
config: only read .git/config from configured repos
When git_config() runs, it looks in the system, user-wide,
and repo-level config files. It gets the latter by calling
git_pathdup(), which in turn calls get_git_dir(). If we
haven't set up the git repository yet, this may simply
return ".git", and we will look at ".git/config". This
seems like it would be helpful (presumably we haven't set up
the repository yet, so it tries to find it), but it turns
out to be a bad idea for a few reasons:
- it's not sufficient, and therefore hides bugs in a
confusing way. Config will be respected if commands are
run from the top-level of the working tree, but not from
a subdirectory.
- it's not always true that we haven't set up the
repository _yet_; we may not want to do it at all. For
instance, if you run "git init /some/path" from inside
another repository, it should not load config from the
existing repository.
- there might be a path ".git/config", but it is not the
actual repository we would find via setup_git_directory().
This may happen, e.g., if you are storing a git
repository inside another git repository, but have
munged one of the files in such a way that the
inner repository is not valid (e.g., by removing HEAD).
We have at least two bugs of the second type in git-init,
introduced by ae5f677 (lazily load core.sharedrepository,
2016-03-11). It causes init to use git_configset(), which
loads all of the config, including values from the current
repo (if any). This shows up in two ways:
1. If we happen to be in an existing repository directory,
we'll read and respect core.sharedrepository from it,
even though it should have no bearing on the new
repository. A new test in t1301 covers this.
2. Similarly, if we're in an existing repo that sets
core.logallrefupdates, that will cause init to fail to
set it in a newly created repository (because it thinks
that the user's templates already did so). A new test
in t0001 covers this.
We also need to adjust an existing test in t1302, which
gives another example of why this patch is an improvement.
That test creates an embedded repository with a bogus
core.repositoryformatversion of "99". It wants to make sure
that we actually stop at the bogus repo rather than
continuing upward to find the outer repo. So it checks that
"git config core.repositoryformatversion" returns 99. But
that only works because we blindly read ".git/config", even
though we _know_ we're in a repository whose vintage we do
not understand.
After this patch, we avoid reading config from the unknown
vintage repository at all, which is a safer choice. But we
need to tweak the test, since core.repositoryformatversion
will not return 99; it will claim that it could not find the
variable at all.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-09-13 05:24:15 +02:00
|
|
|
test_expect_code 1 git -C test2 config core.repositoryformatversion >actual
|
2010-09-07 03:52:27 +02:00
|
|
|
'
|
2007-12-05 14:33:32 +01:00
|
|
|
|
|
|
|
test_expect_success 'gitdir not required mode' '
|
2010-09-06 20:39:54 +02:00
|
|
|
git apply --stat test.patch &&
|
2016-09-13 05:24:00 +02:00
|
|
|
git -C test apply --stat ../test.patch &&
|
|
|
|
git -C test2 apply --stat ../test.patch
|
2010-09-07 03:42:54 +02:00
|
|
|
'
|
2007-12-05 14:33:32 +01:00
|
|
|
|
2010-09-07 03:52:27 +02:00
|
|
|
test_expect_success 'gitdir required mode' '
|
|
|
|
git apply --check --index test.patch &&
|
2016-09-13 05:24:00 +02:00
|
|
|
git -C test apply --check --index ../test.patch &&
|
|
|
|
test_must_fail git -C test2 apply --check --index ../test.patch
|
2008-02-01 10:50:53 +01:00
|
|
|
'
|
2007-12-05 14:33:32 +01:00
|
|
|
|
introduce "extensions" form of core.repositoryformatversion
Normally we try to avoid bumps of the whole-repository
core.repositoryformatversion field. However, it is
unavoidable if we want to safely change certain aspects of
git in a backwards-incompatible way (e.g., modifying the set
of ref tips that we must traverse to generate a list of
unreachable, safe-to-prune objects).
If we were to bump the repository version for every such
change, then any implementation understanding version `X`
would also have to understand `X-1`, `X-2`, and so forth,
even though the incompatibilities may be in orthogonal parts
of the system, and there is otherwise no reason we cannot
implement one without the other (or more importantly, that
the user cannot choose to use one feature without the other,
weighing the tradeoff in compatibility only for that
particular feature).
This patch documents the existing repositoryformatversion
strategy and introduces a new format, "1", which lets a
repository specify that it must run with an arbitrary set of
extensions. This can be used, for example:
- to inform git that the objects should not be pruned based
only on the reachability of the ref tips (e.g, because it
has "clone --shared" children)
- that the refs are stored in a format besides the usual
"refs" and "packed-refs" directories
Because we bump to format "1", and because format "1"
requires that a running git knows about any extensions
mentioned, we know that older versions of the code will not
do something dangerous when confronted with these new
formats.
For example, if the user chooses to use database storage for
refs, they may set the "extensions.refbackend" config to
"db". Older versions of git will not understand format "1"
and bail. Versions of git which understand "1" but do not
know about "refbackend", or which know about "refbackend"
but not about the "db" backend, will refuse to run. This is
annoying, of course, but much better than the alternative of
claiming that there are no refs in the repository, or
writing to a location that other implementations will not
read.
Note that we are only defining the rules for format 1 here.
We do not ever write format 1 ourselves; it is a tool that
is meant to be used by users and future extensions to
provide safety with older implementations.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-06-23 12:53:58 +02:00
|
|
|
check_allow () {
|
|
|
|
git rev-parse --git-dir >actual &&
|
|
|
|
echo .git >expect &&
|
|
|
|
test_cmp expect actual
|
|
|
|
}
|
|
|
|
|
|
|
|
check_abort () {
|
|
|
|
test_must_fail git rev-parse --git-dir
|
|
|
|
}
|
|
|
|
|
|
|
|
# avoid git-config, since it cannot be trusted to run
|
|
|
|
# in a repository with a broken version
|
|
|
|
mkconfig () {
|
|
|
|
echo '[core]' &&
|
|
|
|
echo "repositoryformatversion = $1" &&
|
|
|
|
shift &&
|
|
|
|
|
|
|
|
if test $# -gt 0; then
|
|
|
|
echo '[extensions]' &&
|
|
|
|
for i in "$@"; do
|
|
|
|
echo "$i"
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
while read outcome version extensions; do
|
|
|
|
test_expect_success "$outcome version=$version $extensions" "
|
|
|
|
mkconfig $version $extensions >.git/config &&
|
|
|
|
check_${outcome}
|
|
|
|
"
|
|
|
|
done <<\EOF
|
|
|
|
allow 0
|
|
|
|
allow 1
|
|
|
|
allow 1 noop
|
|
|
|
abort 1 no-such-extension
|
|
|
|
allow 0 no-such-extension
|
2020-07-16 14:25:13 +02:00
|
|
|
allow 0 noop
|
|
|
|
abort 0 noop-v1
|
|
|
|
allow 1 noop-v1
|
introduce "extensions" form of core.repositoryformatversion
Normally we try to avoid bumps of the whole-repository
core.repositoryformatversion field. However, it is
unavoidable if we want to safely change certain aspects of
git in a backwards-incompatible way (e.g., modifying the set
of ref tips that we must traverse to generate a list of
unreachable, safe-to-prune objects).
If we were to bump the repository version for every such
change, then any implementation understanding version `X`
would also have to understand `X-1`, `X-2`, and so forth,
even though the incompatibilities may be in orthogonal parts
of the system, and there is otherwise no reason we cannot
implement one without the other (or more importantly, that
the user cannot choose to use one feature without the other,
weighing the tradeoff in compatibility only for that
particular feature).
This patch documents the existing repositoryformatversion
strategy and introduces a new format, "1", which lets a
repository specify that it must run with an arbitrary set of
extensions. This can be used, for example:
- to inform git that the objects should not be pruned based
only on the reachability of the ref tips (e.g, because it
has "clone --shared" children)
- that the refs are stored in a format besides the usual
"refs" and "packed-refs" directories
Because we bump to format "1", and because format "1"
requires that a running git knows about any extensions
mentioned, we know that older versions of the code will not
do something dangerous when confronted with these new
formats.
For example, if the user chooses to use database storage for
refs, they may set the "extensions.refbackend" config to
"db". Older versions of git will not understand format "1"
and bail. Versions of git which understand "1" but do not
know about "refbackend", or which know about "refbackend"
but not about the "db" backend, will refuse to run. This is
annoying, of course, but much better than the alternative of
claiming that there are no refs in the repository, or
writing to a location that other implementations will not
read.
Note that we are only defining the rules for format 1 here.
We do not ever write format 1 ourselves; it is a tool that
is meant to be used by users and future extensions to
provide safety with older implementations.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-06-23 12:53:58 +02:00
|
|
|
EOF
|
|
|
|
|
2015-06-23 12:54:11 +02:00
|
|
|
test_expect_success 'precious-objects allowed' '
|
|
|
|
mkconfig 1 preciousObjects >.git/config &&
|
|
|
|
check_allow
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'precious-objects blocks destructive repack' '
|
|
|
|
test_must_fail git repack -ad
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'other repacks are OK' '
|
|
|
|
test_commit foo &&
|
|
|
|
git repack
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'precious-objects blocks prune' '
|
|
|
|
test_must_fail git prune
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'gc runs without complaint' '
|
|
|
|
git gc
|
|
|
|
'
|
|
|
|
|
2007-12-05 14:33:32 +01:00
|
|
|
test_done
|