Re: [RFC] Is using git describe resilient enough for setting the build version of git?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21/02/2010 06:07, Avery Pennarun wrote:

On Sat, Feb 20, 2010 at 7:48 PM, Steve Diver<squelch@xxxxxxxxxxxxxxx>  wrote:
Reading the manual entry for "git describe"[1] there is a note saying that
the hash suffix does not guarantee disambiguity, and given that a tag may be
incorrect or missing, there is a chance - albeit with diminishing odds -
that the 5 digit hash/tag combination might lead to some obscure problems at
some point along the line.

The chance of this happening really is low, but there is a chance all the
same. We cannot foresee all errors, but identifying, and further reducing
the odds of some must be good. Without doing the math, a guess would be that
the probability of a repeat 5 digit abbreviated hash suffix increases the
longer a tagged version is in place, so never will be 100% safe.

Not really.  Note that the number *before* the hash is the number of
commits between your version and the tag.  So the only way to get an
actual undetectable overlap would be to have two commits that are both
the same number of commits on top of the given tag, *and* both start
with the same first five digits.  It's just not very likely at all.
Besides which, using the hash code feature of git-describe is most
useful for the short periods between versions, not as a long-term
thing.  After a new release comes out it's unlikely anyone will care
if the previous hash prefixes were overlapping.

Thanks for pointing that out, and I concede that it is most unlikely. Testing for a minor build revision is probably not a good idea anyway. I was thinking along the lines of testing for version integrity.

I may be wrong, but the only scenario where I see DEF_VER being used by
GIT-VERSION-GEN, would be when there are no tags for git describe to
retrieve. ie "git pull --no-tags"

If my understanding is correct, DEF_VER is unique and set at the same time
as the tagged version, so wouldn't it be desirable to cross check, or
include this value instead of relying solely on the tag when present during
the generation of GIT-VERSION-FILE at build time?

If I recall correctly, the main reason for DEF_VER is when building
git from a tarball, in which case 'git describe' wouldn't be able to
tell you anything useful.

I suppose my point is that relying on the tag alone via git describe, does not guarantee the correct displayed version. The actual minor build is less important. This was the only mechanism that allowed me to recognise something was amiss. It is the major version number that interests me.

Take for example a client application that tests for the git version, avoids problems in older versions, and utilizes features from the latest and greatest. This could all happen at run time, and would be fairly resilient, except for when the version is incorrectly applied.

If the client app used the output from my 1.7.0 build which was incorrectly labelled, it would not try to use feature x or would fail with a prompt to install a newer version. The situation could be far more serious if the advertised version was 1.7.0 based on a rogue tag, and the build was 1.5.0 - extreme and unlikely, but hopefully illustrates my point

What I am suggesting is that DEF_VER is not only used as fail over where git describe does not yield anything useful, but is also used for "checks and balances" purposes where git describe generates something different from DEF_VER.

Steve
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]