e911104c84
If two references that D/F conflict (e.g., "refs/foo" and "refs/foo/bar") are created in a single transaction, the old code discovered the problem only after the "commit" phase of ref_transaction_commit() had already begun. This could leave some references updated and others not, which violates the promise of atomicity. Instead, check for such conflicts during the "locking" phase: * Teach is_refname_available() to take an "extras" parameter that can contain extra reference names with which the specified refname must not conflict. * Change lock_ref_sha1_basic() to take an "extras" parameter, which it passes through to is_refname_available(). * Change ref_transaction_commit() to pass "affected_refnames" to lock_ref_sha1_basic() as its "extras" argument. This change fixes a test case in t1404. This code is a bit stricter than it needs to be. We could conceivably allow reference "refs/foo/bar" to be created in the same transaction as "refs/foo" is deleted (or vice versa). But that would be complicated to implement, because it is not possible to lock "refs/foo/bar" while "refs/foo" exists as a loose reference, but on the other hand we don't want to delete some references before adding others (because that could leave a gap during which required objects are unreachable). There is also a complication that reflog files' paths can conflict. Any less-strict implementation would probably require tricks like the packing of all references before the start of the real transaction, or the use of temporary intermediate reference names. So for now let's accept too-strict checks. Some reference update transactions will be rejected unnecessarily, but they will be rejected in their entirety rather than leaving the repository in an intermediate state, as would happen now. Please note that there is still one kind of D/F conflict that is *not* handled correctly. If two processes are running at the same time, and one tries to create "refs/foo" at the same time that the other tries to create "refs/foo/bar", then they can race with each other. Both processes can obtain their respective locks ("refs/foo.lock" and "refs/foo/bar.lock"), proceed to the "commit" phase of ref_transaction_commit(), and then the slower process will discover that it cannot rename its lockfile into place (after possibly having committed changes to other references). There appears to be no way to fix this race without changing the locking policy, which in turn would require a change to *all* Git clients. Signed-off-by: Michael Haggerty <mhagger@alum.mit.edu>
108 lines
2.5 KiB
Bash
Executable File
108 lines
2.5 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
test_description='Test git update-ref with D/F conflicts'
|
|
. ./test-lib.sh
|
|
|
|
test_update_rejected () {
|
|
prefix="$1" &&
|
|
before="$2" &&
|
|
pack="$3" &&
|
|
create="$4" &&
|
|
error="$5" &&
|
|
printf "create $prefix/%s $C\n" $before |
|
|
git update-ref --stdin &&
|
|
git for-each-ref $prefix >unchanged &&
|
|
if $pack
|
|
then
|
|
git pack-refs --all
|
|
fi &&
|
|
printf "create $prefix/%s $C\n" $create >input &&
|
|
test_must_fail git update-ref --stdin <input 2>output.err &&
|
|
grep -F "$error" output.err &&
|
|
git for-each-ref $prefix >actual &&
|
|
test_cmp unchanged actual
|
|
}
|
|
|
|
Q="'"
|
|
|
|
test_expect_success 'setup' '
|
|
|
|
git commit --allow-empty -m Initial &&
|
|
C=$(git rev-parse HEAD)
|
|
|
|
'
|
|
|
|
test_expect_success 'existing loose ref is a simple prefix of new' '
|
|
|
|
prefix=refs/1l &&
|
|
test_update_rejected $prefix "a c e" false "b c/x d" \
|
|
"unable to resolve reference $prefix/c/x: Not a directory"
|
|
|
|
'
|
|
|
|
test_expect_success 'existing packed ref is a simple prefix of new' '
|
|
|
|
prefix=refs/1p &&
|
|
test_update_rejected $prefix "a c e" true "b c/x d" \
|
|
"$Q$prefix/c$Q exists; cannot create $Q$prefix/c/x$Q"
|
|
|
|
'
|
|
|
|
test_expect_success 'existing loose ref is a deeper prefix of new' '
|
|
|
|
prefix=refs/2l &&
|
|
test_update_rejected $prefix "a c e" false "b c/x/y d" \
|
|
"unable to resolve reference $prefix/c/x/y: Not a directory"
|
|
|
|
'
|
|
|
|
test_expect_success 'existing packed ref is a deeper prefix of new' '
|
|
|
|
prefix=refs/2p &&
|
|
test_update_rejected $prefix "a c e" true "b c/x/y d" \
|
|
"$Q$prefix/c$Q exists; cannot create $Q$prefix/c/x/y$Q"
|
|
|
|
'
|
|
|
|
test_expect_success 'new ref is a simple prefix of existing loose' '
|
|
|
|
prefix=refs/3l &&
|
|
test_update_rejected $prefix "a c/x e" false "b c d" \
|
|
"there are still refs under $Q$prefix/c$Q"
|
|
|
|
'
|
|
|
|
test_expect_success 'new ref is a simple prefix of existing packed' '
|
|
|
|
prefix=refs/3p &&
|
|
test_update_rejected $prefix "a c/x e" true "b c d" \
|
|
"$Q$prefix/c/x$Q exists; cannot create $Q$prefix/c$Q"
|
|
|
|
'
|
|
|
|
test_expect_success 'new ref is a deeper prefix of existing loose' '
|
|
|
|
prefix=refs/4l &&
|
|
test_update_rejected $prefix "a c/x/y e" false "b c d" \
|
|
"there are still refs under $Q$prefix/c$Q"
|
|
|
|
'
|
|
|
|
test_expect_success 'new ref is a deeper prefix of existing packed' '
|
|
|
|
prefix=refs/4p &&
|
|
test_update_rejected $prefix "a c/x/y e" true "b c d" \
|
|
"$Q$prefix/c/x/y$Q exists; cannot create $Q$prefix/c$Q"
|
|
|
|
'
|
|
|
|
test_expect_success 'one new ref is a simple prefix of another' '
|
|
|
|
prefix=refs/5 &&
|
|
test_update_rejected $prefix "a e" false "b c c/x d" \
|
|
"cannot process $Q$prefix/c$Q and $Q$prefix/c/x$Q at the same time"
|
|
|
|
'
|
|
|
|
test_done
|