On Tue, Apr 30, 2013 at 3:43 PM, Thomas Rast <trast@xxxxxxxxxxx> wrote: > Nguyễn Thái Ngọc Duy <pclouds@xxxxxxxxx> writes: > >> The idea behind this series is, after add_submodule_odb, odb may have >> new temporary objects that only appear after the call. These temporary >> objects may lead to repo corruption (e.g. some new objects are created >> and point to these temporary objects). This series attempts to catch >> those cases. It would make it safer to dig deeper into submodule's odb, >> e.g. to implement unified git-diff. >> >> Previous approach [1] is record the odb source, then check if the >> source is from submodule's odb. But that means we rely on the >> lookup order in sha1_file.c. This approach instead allows the caller >> to select what odb sources it wants to look up from. >> >> The checks are also less drastic than before. Checks are now done at >> higher level, e.g. commit_tree(), instead of at write_sha1_file, >> because we do allow to write objects that point to nowhere. >> >> Another new thing from previous round is I completely forbid the use >> of add_submodule_odb in security sensitive commands like index-pack or >> rev-list. We could loosen up later if we need to. >> >> For fun, I set object_database_contaminated to 1 by default and ran >> the test suite. It passed :) > > How does this interact with alternates set up by the user? It's not > immediately obvious from the commit messages (hint hint) or the comments > near ODB_LOCAL etc. Room for improvement in the next reroll. Basically objects are put in the following sources: - ODB_CACHED: builtin objects, always exist - ODB_LOCAL: objects in $GIT_DIR/objects - ODB_ALT: objects from $GIT_DIR/objects/info/alternates - and later ODB_EXTALT: objects added by add_submodule_odb() Many functions now take "origin" as argument. If you pass ODB_ALT, it will only lookup objects from $GIT_DIR/objects/info/alternates for example, which might fail if the object does not exist there, or if it's in a pack and some of the required bases are elsewhere. By default, everything uses odb_default as the origin, which is ODB_CACHED|ODB_LOCAL|ODB_ALT (for this patch), so nothing is really changed regarding alternates setup. -- Duy -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html