[v2,1/2] setup: tweak upgrade policy to grandfather worktreeconfig
diff mbox series

Message ID 1b26d9710a7ffaca0bad1f4e1c1729f501ed1559.1594690017.git.gitgitgadget@gmail.com
State New
Headers show
Series
  • setup: warn if extensions exist on old format
Related show

Commit Message

Elijah Newren via GitGitGadget July 14, 2020, 1:26 a.m. UTC
From: Derrick Stolee <dstolee@microsoft.com>

Prior to 14c7fa269e4 (check_repository_format_gently(): refuse extensions
for old repositories, 2020-06-05), Git was honoring configured
extensions, even if core.repositoryFormatVersion was 0 (or unset). This
was incorrect, and is now fixed.

The issue now is that users who relied on that previously bad behavior
will upgrade to the next version of Git and suddently be in a bad
situation. In particular, users of the 'git sparse-checkout' command
will rely on the extensions.worktreeConfig for the core.sparseCheckout
and core.sparseCheckoutCone config options. Without that extension,
these users will suddenly have repositories stop acting like a sparse
repo.

What is worse is that a user will be confronted with the following
error if they try to run 'git sparse-checkout init' again:

	warning: unable to upgrade repository format from 0 to 1

This is because the logic in 14c7fa269e4 refuses to upgrae repos when
the version is unset but extensions exist.

One possible way to alert a user of this issue is to warn them when Git
notices an extension exists, but core.repositoryFormatVersion is not a
correct value. However,

 - it requires the end-user to read, understand and execute the
   manual upgrade

 - it encourages to follow the same procedure blindly, making the
   protection even less useful

Let's instead keep failing hard without teaching how to bypass the
repository protection, but allow upgrading even when only the
worktreeconfig extension exists in an old repository, which is
likely to be set by a broke version of Git that did not update the
repository version when setting the extension.

This change of behavior is made visible by testing how 'git
sparse-checkout init' behaves to upgrade the repository format version
even if the extension.worktreeConfig is already set. This would
previously fail without a clear way forward.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Derrick Stolee <dstolee@microsoft.com>
---
 cache.h                            |  2 +-
 setup.c                            | 12 ++++++++----
 t/t1091-sparse-checkout-builtin.sh | 12 ++++++++++++
 3 files changed, 21 insertions(+), 5 deletions(-)

Comments

Johannes Schindelin July 14, 2020, 8:22 p.m. UTC | #1
Hi Stolee,

On Tue, 14 Jul 2020, Derrick Stolee via GitGitGadget wrote:

> This is because the logic in 14c7fa269e4 refuses to upgrae repos when
> the version is unset but extensions exist.

s/upgrae/upgrade/

The rest looks good to me.

Thank you for working on this,
Dscho

> One possible way to alert a user of this issue is to warn them when Git
> notices an extension exists, but core.repositoryFormatVersion is not a
> correct value. However,
>
>  - it requires the end-user to read, understand and execute the
>    manual upgrade
>
>  - it encourages to follow the same procedure blindly, making the
>    protection even less useful
>
> Let's instead keep failing hard without teaching how to bypass the
> repository protection, but allow upgrading even when only the
> worktreeconfig extension exists in an old repository, which is
> likely to be set by a broke version of Git that did not update the
> repository version when setting the extension.
>
> This change of behavior is made visible by testing how 'git
> sparse-checkout init' behaves to upgrade the repository format version
> even if the extension.worktreeConfig is already set. This would
> previously fail without a clear way forward.
>
> Signed-off-by: Junio C Hamano <gitster@pobox.com>
> Signed-off-by: Derrick Stolee <dstolee@microsoft.com>
> ---
>  cache.h                            |  2 +-
>  setup.c                            | 12 ++++++++----
>  t/t1091-sparse-checkout-builtin.sh | 12 ++++++++++++
>  3 files changed, 21 insertions(+), 5 deletions(-)
>
> diff --git a/cache.h b/cache.h
> index e5885cc9ea..8ff46857f6 100644
> --- a/cache.h
> +++ b/cache.h
> @@ -1042,8 +1042,8 @@ struct repository_format {
>  	int worktree_config;
>  	int is_bare;
>  	int hash_algo;
> -	int has_extensions;
>  	char *work_tree;
> +	int has_unallowed_extensions;
>  	struct string_list unknown_extensions;
>  };
>
> diff --git a/setup.c b/setup.c
> index eb066db6d8..65270440a9 100644
> --- a/setup.c
> +++ b/setup.c
> @@ -455,12 +455,13 @@ static int check_repo_format(const char *var, const char *value, void *vdata)
>  	if (strcmp(var, "core.repositoryformatversion") == 0)
>  		data->version = git_config_int(var, value);
>  	else if (skip_prefix(var, "extensions.", &ext)) {
> -		data->has_extensions = 1;
>  		/*
>  		 * record any known extensions here; otherwise,
>  		 * we fall through to recording it as unknown, and
>  		 * check_repository_format will complain
>  		 */
> +		int is_unallowed_extension = 1;
> +
>  		if (!strcmp(ext, "noop"))
>  			;
>  		else if (!strcmp(ext, "preciousobjects"))
> @@ -469,10 +470,13 @@ static int check_repo_format(const char *var, const char *value, void *vdata)
>  			if (!value)
>  				return config_error_nonbool(var);
>  			data->partial_clone = xstrdup(value);
> -		} else if (!strcmp(ext, "worktreeconfig"))
> +		} else if (!strcmp(ext, "worktreeconfig")) {
>  			data->worktree_config = git_config_bool(var, value);
> -		else
> +			is_unallowed_extension = 0;
> +		} else
>  			string_list_append(&data->unknown_extensions, ext);
> +
> +		data->has_unallowed_extensions |= is_unallowed_extension;
>  	}
>
>  	return read_worktree_config(var, value, vdata);
> @@ -560,7 +564,7 @@ int upgrade_repository_format(int target_version)
>  		return 0;
>
>  	if (verify_repository_format(&repo_fmt, &err) < 0 ||
> -	    (!repo_fmt.version && repo_fmt.has_extensions)) {
> +	    (!repo_fmt.version && repo_fmt.has_unallowed_extensions)) {
>  		warning("unable to upgrade repository format from %d to %d: %s",
>  			repo_fmt.version, target_version, err.buf);
>  		strbuf_release(&err);
> diff --git a/t/t1091-sparse-checkout-builtin.sh b/t/t1091-sparse-checkout-builtin.sh
> index 88cdde255c..6e339c7c8e 100755
> --- a/t/t1091-sparse-checkout-builtin.sh
> +++ b/t/t1091-sparse-checkout-builtin.sh
> @@ -68,6 +68,18 @@ test_expect_success 'git sparse-checkout init' '
>  	check_files repo a
>  '
>
> +test_expect_success 'git sparse-checkout works if repository format is wrong' '
> +	test_when_finished git -C repo config core.repositoryFormatVersion 1 &&
> +	git -C repo config --unset core.repositoryFormatVersion &&
> +	git -C repo sparse-checkout init &&
> +	git -C repo config core.repositoryFormatVersion >actual &&
> +	echo 1 >expect &&
> +	git -C repo config core.repositoryFormatVersion 0 &&
> +	git -C repo sparse-checkout init &&
> +	git -C repo config core.repositoryFormatVersion >actual &&
> +	test_cmp expect actual
> +'
> +
>  test_expect_success 'git sparse-checkout list after init' '
>  	git -C repo sparse-checkout list >actual &&
>  	cat >expect <<-\EOF &&
> --
> gitgitgadget
>
>

Patch
diff mbox series

diff --git a/cache.h b/cache.h
index e5885cc9ea..8ff46857f6 100644
--- a/cache.h
+++ b/cache.h
@@ -1042,8 +1042,8 @@  struct repository_format {
 	int worktree_config;
 	int is_bare;
 	int hash_algo;
-	int has_extensions;
 	char *work_tree;
+	int has_unallowed_extensions;
 	struct string_list unknown_extensions;
 };
 
diff --git a/setup.c b/setup.c
index eb066db6d8..65270440a9 100644
--- a/setup.c
+++ b/setup.c
@@ -455,12 +455,13 @@  static int check_repo_format(const char *var, const char *value, void *vdata)
 	if (strcmp(var, "core.repositoryformatversion") == 0)
 		data->version = git_config_int(var, value);
 	else if (skip_prefix(var, "extensions.", &ext)) {
-		data->has_extensions = 1;
 		/*
 		 * record any known extensions here; otherwise,
 		 * we fall through to recording it as unknown, and
 		 * check_repository_format will complain
 		 */
+		int is_unallowed_extension = 1;
+
 		if (!strcmp(ext, "noop"))
 			;
 		else if (!strcmp(ext, "preciousobjects"))
@@ -469,10 +470,13 @@  static int check_repo_format(const char *var, const char *value, void *vdata)
 			if (!value)
 				return config_error_nonbool(var);
 			data->partial_clone = xstrdup(value);
-		} else if (!strcmp(ext, "worktreeconfig"))
+		} else if (!strcmp(ext, "worktreeconfig")) {
 			data->worktree_config = git_config_bool(var, value);
-		else
+			is_unallowed_extension = 0;
+		} else
 			string_list_append(&data->unknown_extensions, ext);
+
+		data->has_unallowed_extensions |= is_unallowed_extension;
 	}
 
 	return read_worktree_config(var, value, vdata);
@@ -560,7 +564,7 @@  int upgrade_repository_format(int target_version)
 		return 0;
 
 	if (verify_repository_format(&repo_fmt, &err) < 0 ||
-	    (!repo_fmt.version && repo_fmt.has_extensions)) {
+	    (!repo_fmt.version && repo_fmt.has_unallowed_extensions)) {
 		warning("unable to upgrade repository format from %d to %d: %s",
 			repo_fmt.version, target_version, err.buf);
 		strbuf_release(&err);
diff --git a/t/t1091-sparse-checkout-builtin.sh b/t/t1091-sparse-checkout-builtin.sh
index 88cdde255c..6e339c7c8e 100755
--- a/t/t1091-sparse-checkout-builtin.sh
+++ b/t/t1091-sparse-checkout-builtin.sh
@@ -68,6 +68,18 @@  test_expect_success 'git sparse-checkout init' '
 	check_files repo a
 '
 
+test_expect_success 'git sparse-checkout works if repository format is wrong' '
+	test_when_finished git -C repo config core.repositoryFormatVersion 1 &&
+	git -C repo config --unset core.repositoryFormatVersion &&
+	git -C repo sparse-checkout init &&
+	git -C repo config core.repositoryFormatVersion >actual &&
+	echo 1 >expect &&
+	git -C repo config core.repositoryFormatVersion 0 &&
+	git -C repo sparse-checkout init &&
+	git -C repo config core.repositoryFormatVersion >actual &&
+	test_cmp expect actual
+'
+
 test_expect_success 'git sparse-checkout list after init' '
 	git -C repo sparse-checkout list >actual &&
 	cat >expect <<-\EOF &&