On Thu, Dec 20, 2018 at 03:45:55AM +0000, brian m. carlson wrote: > > > I will point out that with the SHA-256 work, reading the config file > > > becomes essential for SHA-256 repositories, because we need to know the > > > object format. Removing the config file leads to things blowing up in a > > > bad way (what specific bad way I don't remember). > > > > > > That may influence the direction we want to take in this work, or not. > > > > Wouldn't we just treat that the same way we do now? I.e., assume the > > default of sha1, just like we assume repositoryformatversion==0? > > Yeah, we'll default to SHA-1, but the repository will be broken. HEAD > can't be read. Trying to run git status dies with "fatal: Unknown index > entry format". And so on. We've written data with 64-character object > IDs, which can't be read by Git in SHA-1 mode. Oh, I see. Yes, if you have a SHA-256 repository and you don't tell anybody (via a config entry), then everything will fail to work. That seems like a perfectly reasonable outcome to me. > My point is essentially that in an SHA-256 repository, the config file > isn't optional anymore. We probably need to consider that and error out > in more situations (e.g. unreadable file or I/O error) instead of > silently falling back to the defaults, since failing loudly in a visible > way is better than having the user try to figure out why the index is > suddenly "corrupt". Yes, I agree that ideally we'd produce a better error message. I'd just be wary of breaking compatibility for the existing cases by making new requirements when we don't yet suspect the repo is SHA-256. When we see such a corruption, would it be possible to poke at the data as if it were the old SHA-1 format, and if _that_ looks sane, suggest to the user what the problem might be? That would help a number of cases beyond this one (i.e., you're missing config, you have config but it has the wrong repo format, you're missing the correct extensions field, etc). -Peff
