worktree: teach repair to fix multi-directional breakage

`git worktree repair` knows how to repair the two-way links between the
repository and a worktree as long as a link in one or the other
direction is sound. For instance, if a linked worktree is moved (without
using `git worktree move`), repair is possible because the worktree
still knows the location of the repository even though the repository no
longer knows where the worktree is. Similarly, if the repository is
moved, repair is possible since the repository still knows the locations
of the worktrees even though the worktrees no longer know where the
repository is.

However, if both the repository and the worktrees are moved, then links
are severed in both directions, and no repair is possible. This is the
case even when the new worktree locations are specified as arguments to
`git worktree repair`. The reason for this limitation is twofold. First,
when `repair` consults the worktree's gitfile (/path/to/worktree/.git)
to determine the corresponding <repo>/worktrees/<id>/gitdir file to fix,
<repo> is the old path to the repository, thus it is unable to fix the
`gitdir` file at its new location since it doesn't know where it is.
Second, when `repair` consults <repo>/worktrees/<id>/gitdir to find the
location of the worktree's gitfile (/path/to/worktree/.git), the path
recorded in `gitdir` is the old location of the worktree's gitfile, thus
it is unable to repair the gitfile since it doesn't know where it is.

Fix these shortcomings by teaching `repair` to attempt to infer the new
location of the <repo>/worktrees/<id>/gitdir file when the location
recorded in the worktree's gitfile has become stale but the file is
otherwise well-formed. The inference is intentionally simple-minded.
For each worktree path specified as an argument, `git worktree repair`
manually reads the ".git" gitfile at that location and, if it is
well-formed, extracts the <id>. It then searches for a corresponding
<id> in <repo>/worktrees/ and, if found, concludes that there is a
reasonable match and updates <repo>/worktrees/<id>/gitdir to point at
the specified worktree path. In order for <repo> to be known, `git
worktree repair` must be run in the main worktree or bare repository.

`git worktree repair` first attempts to repair each incoming
/path/to/worktree/.git gitfile to point at the repository, and then
attempts to repair outgoing <repo>/worktrees/<id>/gitdir files to point
at the worktrees. This sequence was chosen arbitrarily when originally
implemented since the order of fixes is immaterial as long as one side
of the two-way link between the repository and a worktree is sound.
However, for this new repair technique to work, the order must be
reversed. This is because the new inference mechanism, when it is
successful, allows the outgoing <repo>/worktrees/<id>/gitdir file to be
repaired, thus fixing one side of the two-way link. Once that side is
fixed, the other side can be fixed by the existing repair mechanism,
hence the order of repairs is now significant.

Two safeguards are employed to avoid hijacking a worktree from a
different repository if the user accidentally specifies a foreign
worktree as an argument. The first, as described above, is that it
requires an <id> match between the repository and the worktree. That
itself is not foolproof for preventing hijack, so the second safeguard
is that the inference will only kick in if the worktree's
/path/to/worktree/.git gitfile does not point at a repository.

Signed-off-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Eric Sunshine 2020-12-21 03:16:01 -05:00 committed by Junio C Hamano
parent 6d3ef5b467
commit cf76baea41
4 changed files with 73 additions and 1 deletions

View File

@ -143,6 +143,11 @@ locate it. Running `repair` within the recently-moved working tree will
reestablish the connection. If multiple linked working trees are moved, reestablish the connection. If multiple linked working trees are moved,
running `repair` from any working tree with each tree's new `<path>` as running `repair` from any working tree with each tree's new `<path>` as
an argument, will reestablish the connection to all the specified paths. an argument, will reestablish the connection to all the specified paths.
+
If both the main working tree and linked working trees have been moved
manually, then running `repair` in the main working tree and specifying the
new `<path>` of each linked working tree will reestablish all connections
in both directions.
unlock:: unlock::

View File

@ -1052,10 +1052,10 @@ static int repair(int ac, const char **av, const char *prefix)
int rc = 0; int rc = 0;
ac = parse_options(ac, av, prefix, options, worktree_usage, 0); ac = parse_options(ac, av, prefix, options, worktree_usage, 0);
repair_worktrees(report_repair, &rc);
p = ac > 0 ? av : self; p = ac > 0 ? av : self;
for (; *p; p++) for (; *p; p++)
repair_worktree_at_path(*p, report_repair, &rc); repair_worktree_at_path(*p, report_repair, &rc);
repair_worktrees(report_repair, &rc);
return rc; return rc;
} }

View File

@ -104,6 +104,16 @@ test_expect_success 'repo not found; .git not file' '
test_i18ngrep ".git is not a file" err test_i18ngrep ".git is not a file" err
' '
test_expect_success 'repo not found; .git not referencing repo' '
test_when_finished "rm -rf side not-a-repo && git worktree prune" &&
git worktree add --detach side &&
sed s,\.git/worktrees/side$,not-a-repo, side/.git >side/.newgit &&
mv side/.newgit side/.git &&
mkdir not-a-repo &&
test_must_fail git worktree repair side 2>err &&
test_i18ngrep ".git file does not reference a repository" err
'
test_expect_success 'repo not found; .git file broken' ' test_expect_success 'repo not found; .git file broken' '
test_when_finished "rm -rf orig moved && git worktree prune" && test_when_finished "rm -rf orig moved && git worktree prune" &&
git worktree add --detach orig && git worktree add --detach orig &&
@ -176,4 +186,20 @@ test_expect_success 'repair multiple gitdir files' '
test_must_be_empty err test_must_be_empty err
' '
test_expect_success 'repair moved main and linked worktrees' '
test_when_finished "rm -rf main side mainmoved sidemoved" &&
test_create_repo main &&
test_commit -C main init &&
git -C main worktree add --detach ../side &&
sed "s,side/\.git$,sidemoved/.git," \
main/.git/worktrees/side/gitdir >expect-gitdir &&
sed "s,main/.git/worktrees/side$,mainmoved/.git/worktrees/side," \
side/.git >expect-gitfile &&
mv main mainmoved &&
mv side sidemoved &&
git -C mainmoved worktree repair ../sidemoved &&
test_cmp expect-gitdir mainmoved/.git/worktrees/side/gitdir &&
test_cmp expect-gitfile sidemoved/.git
'
test_done test_done

View File

@ -644,6 +644,42 @@ static int is_main_worktree_path(const char *path)
return !cmp; return !cmp;
} }
/*
* If both the main worktree and linked worktree have been moved, then the
* gitfile /path/to/worktree/.git won't point into the repository, thus we
* won't know which <repo>/worktrees/<id>/gitdir to repair. However, we may
* be able to infer the gitdir by manually reading /path/to/worktree/.git,
* extracting the <id>, and checking if <repo>/worktrees/<id> exists.
*/
static char *infer_backlink(const char *gitfile)
{
struct strbuf actual = STRBUF_INIT;
struct strbuf inferred = STRBUF_INIT;
const char *id;
if (strbuf_read_file(&actual, gitfile, 0) < 0)
goto error;
if (!starts_with(actual.buf, "gitdir:"))
goto error;
if (!(id = find_last_dir_sep(actual.buf)))
goto error;
strbuf_trim(&actual);
id++; /* advance past '/' to point at <id> */
if (!*id)
goto error;
strbuf_git_common_path(&inferred, the_repository, "worktrees/%s", id);
if (!is_directory(inferred.buf))
goto error;
strbuf_release(&actual);
return strbuf_detach(&inferred, NULL);
error:
strbuf_release(&actual);
strbuf_release(&inferred);
return NULL;
}
/* /*
* Repair <repo>/worktrees/<id>/gitdir if missing, corrupt, or not pointing at * Repair <repo>/worktrees/<id>/gitdir if missing, corrupt, or not pointing at
* the worktree's path. * the worktree's path.
@ -675,6 +711,11 @@ void repair_worktree_at_path(const char *path,
if (err == READ_GITFILE_ERR_NOT_A_FILE) { if (err == READ_GITFILE_ERR_NOT_A_FILE) {
fn(1, realdotgit.buf, _("unable to locate repository; .git is not a file"), cb_data); fn(1, realdotgit.buf, _("unable to locate repository; .git is not a file"), cb_data);
goto done; goto done;
} else if (err == READ_GITFILE_ERR_NOT_A_REPO) {
if (!(backlink = infer_backlink(realdotgit.buf))) {
fn(1, realdotgit.buf, _("unable to locate repository; .git file does not reference a repository"), cb_data);
goto done;
}
} else if (err) { } else if (err) {
fn(1, realdotgit.buf, _("unable to locate repository; .git file broken"), cb_data); fn(1, realdotgit.buf, _("unable to locate repository; .git file broken"), cb_data);
goto done; goto done;