We should never see duplicate objects in packs, and it is unknown what kind of complications such packs could create during the repacking process. The previous commit introduced a safety valve for checking packs coming into the repository and being indexed by index-pack. Let's turn the safety valve on by default. This helps protect sites receiving packfiles from potentially malicious strangers, and shouldn't affect normal use (and if it does, it will have helped us identify a buggy packfile writer). In a pinch, users can recover by turning off the option, or by resorting to unpack-objects to explode the pack. Note that this also turns the option on for packs we write ourselves (e.g., via pack-objects, fast-import, or streaming large blobs). We do not expect maliciously constructed packfiles in these code paths, of course, but it can serve as an extra check that we have no accidentally created a buggy pack (and the check itself is cheap to perform). Signed-off-by: Jeff King <peff@xxxxxxxx> Acked-by: Nicolas Pitre <nico@xxxxxxxxxxx> --- pack-write.c | 1 - t/t5308-pack-detect-duplicates.sh | 9 ++++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/pack-write.c b/pack-write.c index da946a7..1e3c459 100644 --- a/pack-write.c +++ b/pack-write.c @@ -7,7 +7,6 @@ void reset_pack_idx_option(struct pack_idx_option *opts) memset(opts, 0, sizeof(*opts)); opts->version = 2; opts->off32_limit = 0x7fffffff; - opts->allow_duplicates = 1; } static int sha1_compare(const void *_a, const void *_b) diff --git a/t/t5308-pack-detect-duplicates.sh b/t/t5308-pack-detect-duplicates.sh index 97ce2e0..e0ba5e1 100755 --- a/t/t5308-pack-detect-duplicates.sh +++ b/t/t5308-pack-detect-duplicates.sh @@ -37,10 +37,10 @@ test_expect_success 'index-pack will allow duplicate objects by default' ' git index-pack --stdin <no-dups.pack ' -test_expect_success 'index-pack will allow duplicate objects by default' ' +test_expect_success 'index-pack will allow duplicate objects if asked' ' clear_packs && create_pack dups.pack 100 && - git index-pack --stdin <dups.pack + git -c pack.indexDuplicates=true index-pack --stdin <dups.pack ' test_expect_success 'create batch-check test vectors' ' @@ -70,11 +70,10 @@ test_expect_success 'index-pack can reject packs with duplicates' ' test_cmp expect actual ' -test_expect_success 'index-pack can reject packs with duplicates' ' +test_expect_success 'index-pack rejects packs with duplicates by default' ' clear_packs && create_pack dups.pack 2 && - test_must_fail \ - git -c pack.indexDuplicates=0 index-pack --stdin <dups.pack && + test_must_fail git index-pack --stdin <dups.pack && test_expect_code 1 git cat-file -e $LO_SHA1 ' -- 1.8.4.rc2.28.g6bb5f3f -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html