From 00a09d57eb8a041e6a6b0470c53533719c049bab Mon Sep 17 00:00:00 2001 From: Jeff King Date: Tue, 23 Jun 2015 06:53:58 -0400 Subject: introduce "extensions" form of core.repositoryformatversion Normally we try to avoid bumps of the whole-repository core.repositoryformatversion field. However, it is unavoidable if we want to safely change certain aspects of git in a backwards-incompatible way (e.g., modifying the set of ref tips that we must traverse to generate a list of unreachable, safe-to-prune objects). If we were to bump the repository version for every such change, then any implementation understanding version `X` would also have to understand `X-1`, `X-2`, and so forth, even though the incompatibilities may be in orthogonal parts of the system, and there is otherwise no reason we cannot implement one without the other (or more importantly, that the user cannot choose to use one feature without the other, weighing the tradeoff in compatibility only for that particular feature). This patch documents the existing repositoryformatversion strategy and introduces a new format, "1", which lets a repository specify that it must run with an arbitrary set of extensions. This can be used, for example: - to inform git that the objects should not be pruned based only on the reachability of the ref tips (e.g, because it has "clone --shared" children) - that the refs are stored in a format besides the usual "refs" and "packed-refs" directories Because we bump to format "1", and because format "1" requires that a running git knows about any extensions mentioned, we know that older versions of the code will not do something dangerous when confronted with these new formats. For example, if the user chooses to use database storage for refs, they may set the "extensions.refbackend" config to "db". Older versions of git will not understand format "1" and bail. Versions of git which understand "1" but do not know about "refbackend", or which know about "refbackend" but not about the "db" backend, will refuse to run. This is annoying, of course, but much better than the alternative of claiming that there are no refs in the repository, or writing to a location that other implementations will not read. Note that we are only defining the rules for format 1 here. We do not ever write format 1 ourselves; it is a tool that is meant to be used by users and future extensions to provide safety with older implementations. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- setup.c | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) (limited to 'setup.c') diff --git a/setup.c b/setup.c index 82c0cc2a13..0d5384683c 100644 --- a/setup.c +++ b/setup.c @@ -5,6 +5,7 @@ static int inside_git_dir = -1; static int inside_work_tree = -1; static int work_tree_config_is_bogus; +static struct string_list unknown_extensions = STRING_LIST_INIT_DUP; /* * The input parameter must contain an absolute path, and it must already be @@ -352,10 +353,23 @@ void setup_work_tree(void) static int check_repo_format(const char *var, const char *value, void *cb) { + const char *ext; + if (strcmp(var, "core.repositoryformatversion") == 0) repository_format_version = git_config_int(var, value); else if (strcmp(var, "core.sharedrepository") == 0) shared_repository = git_config_perm(var, value); + else if (skip_prefix(var, "extensions.", &ext)) { + /* + * record any known extensions here; otherwise, + * we fall through to recording it as unknown, and + * check_repository_format will complain + */ + if (!strcmp(ext, "noop")) + ; + else + string_list_append(&unknown_extensions, ext); + } return 0; } @@ -366,6 +380,8 @@ static int check_repository_format_gently(const char *gitdir, int *nongit_ok) config_fn_t fn; int ret = 0; + string_list_clear(&unknown_extensions, 0); + if (get_common_dir(&sb, gitdir)) fn = check_repo_format; else @@ -383,16 +399,31 @@ static int check_repository_format_gently(const char *gitdir, int *nongit_ok) * is a good one. */ git_config_early(fn, NULL, repo_config); - if (GIT_REPO_VERSION < repository_format_version) { + if (GIT_REPO_VERSION_READ < repository_format_version) { if (!nongit_ok) die ("Expected git repo version <= %d, found %d", - GIT_REPO_VERSION, repository_format_version); + GIT_REPO_VERSION_READ, repository_format_version); warning("Expected git repo version <= %d, found %d", - GIT_REPO_VERSION, repository_format_version); + GIT_REPO_VERSION_READ, repository_format_version); warning("Please upgrade Git"); *nongit_ok = -1; ret = -1; } + + if (repository_format_version >= 1 && unknown_extensions.nr) { + int i; + + if (!nongit_ok) + die("unknown repository extension: %s", + unknown_extensions.items[0].string); + + for (i = 0; i < unknown_extensions.nr; i++) + warning("unknown repository extension: %s", + unknown_extensions.items[i].string); + *nongit_ok = -1; + ret = -1; + } + strbuf_release(&sb); return ret; } -- cgit v1.2.3 From 067fbd4105c5aa8260a73cc6961854be0e93fa03 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Tue, 23 Jun 2015 06:54:11 -0400 Subject: introduce "preciousObjects" repository extension If this extension is used in a repository, then no operations should run which may drop objects from the object storage. This can be useful if you are sharing that storage with other repositories whose refs you cannot see. For instance, if you do: $ git clone -s parent child $ git -C parent config extensions.preciousObjects true $ git -C parent config core.repositoryformatversion 1 you now have additional safety when running git in the parent repository. Prunes and repacks will bail with an error, and `git gc` will skip those operations (it will continue to pack refs and do other non-object operations). Older versions of git, when run in the repository, will fail on every operation. Note that we do not set the preciousObjects extension by default when doing a "clone -s", as doing so breaks backwards compatibility. It is a decision the user should make explicitly. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- setup.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'setup.c') diff --git a/setup.c b/setup.c index 0d5384683c..8b8dca9fd2 100644 --- a/setup.c +++ b/setup.c @@ -367,6 +367,8 @@ static int check_repo_format(const char *var, const char *value, void *cb) */ if (!strcmp(ext, "noop")) ; + else if (!strcmp(ext, "preciousobjects")) + repository_format_precious_objects = git_config_bool(var, value); else string_list_append(&unknown_extensions, ext); } -- cgit v1.2.3