Re: [PATCH v2 1/4] t1400: Avoid touching refs on filesystem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Patrick Steinhardt <ps@xxxxxx> writes:

> The testcase t1400 exercises the git-update-ref(1) utility. To do so,
> many tests directly read and write references via the filesystem,
> assuming that we always use loose and/or packed references. While this
> is true now, it'll change with the introduction of the reftable backend.
>
> Convert those tests to use git-update-ref(1) and git-show-ref(1) where
> possible. As some tests exercise behaviour with broken references and
> neither of those tools actually allows writing or reading broken
> references, this commit doesn't adjust all tests.
>
> Signed-off-by: Patrick Steinhardt <ps@xxxxxx>
> ---
>  t/t1400-update-ref.sh | 63 ++++++++++++++++++++++++-------------------
>  1 file changed, 35 insertions(+), 28 deletions(-)
>
> diff --git a/t/t1400-update-ref.sh b/t/t1400-update-ref.sh
> index 4c01e08551..957bef272d 100755
> --- a/t/t1400-update-ref.sh
> +++ b/t/t1400-update-ref.sh
> @@ -14,6 +14,12 @@ n=$n_dir/fixes
>  outside=refs/foo
>  bare=bare-repo
>  
> +# Some of the tests delete HEAD, which causes us to not treat the current
> +# working directory as a Git repository anymore. To avoid using any potential
> +# parent repository to be discovered, we need to set up the ceiling directories.
> +GIT_CEILING_DIRECTORIES="$PWD/.."
> +export GIT_CEILING_DIRECTORIES
> +

Interesting.  The current tests do not need to do this because the
HEAD-less broken state is transitory and is corrected without using
"git" at all (e.g. echoing a valid value into .git/HEAD), I presume?

>  create_test_commits ()
>  {
>  	prfx="$1"
> @@ -48,17 +54,17 @@ test_expect_success "fail to delete $m with stale ref" '
>  	test $B = "$(git show-ref -s --verify $m)"
>  '
>  test_expect_success "delete $m" '
> -	test_when_finished "rm -f .git/$m" &&
> +	test_when_finished "git update-ref -d $m" &&
>  	git update-ref -d $m $B &&
> -	test_path_is_missing .git/$m
> +	test_must_fail git show-ref --verify -q $m
>  '
>  
>  test_expect_success "delete $m without oldvalue verification" '
> -	test_when_finished "rm -f .git/$m" &&
> +	test_when_finished "git update-ref -d $m" &&
>  	git update-ref $m $A &&
>  	test $A = $(git show-ref -s --verify $m) &&
>  	git update-ref -d $m &&
> -	test_path_is_missing .git/$m
> +	test_must_fail git show-ref --verify -q $m
>  '
>  
>  test_expect_success "fail to create $n" '
> @@ -80,26 +86,26 @@ test_expect_success "fail to delete $m (by HEAD) with stale ref" '
>  	test $B = $(git show-ref -s --verify $m)
>  '
>  test_expect_success "delete $m (by HEAD)" '
> -	test_when_finished "rm -f .git/$m" &&
> +	test_when_finished "git update-ref -d $m" &&
>  	git update-ref -d HEAD $B &&
> -	test_path_is_missing .git/$m
> +	test_must_fail git show-ref --verify -q $m
>  '

During the above test, we are on the branch ${m#refs/heads/}, so
"update-ref -d HEAD" is removing the underlying branch ref, making
it an unborn branch, without destroying the repository, so this is
perfectly sensible.

This is a tangent, but what makes this test doubly interesting is
that "git update-ref -d HEAD" would have allowed us to make it a
non-repository if HEAD were detached, and it seems that we do not
require "--force" to do so.  We probably should forbid removing HEAD
that id detached without "--force", which is such a destructive
operation.

>  cp -f .git/HEAD .git/HEAD.orig
>  test_expect_success 'delete symref without dereference' '
>  	test_when_finished "cp -f .git/HEAD.orig .git/HEAD" &&
>  	git update-ref --no-deref -d HEAD &&
> -	test_path_is_missing .git/HEAD
> +	test_must_fail git show-ref --verify -q HEAD
>  '

This is an example of breaking the repository.  I am not sure if the
test_must_fail is a good replacement--it would fail even if you say
"git show-ref --verify -q refs/heads/$branch" where $branch is a
name of a branch that exists, no?

For now, I think this is fine, but we'd probably clean it up so that
without --force update-ref would not corrupt the repository like
this.  When used with --force, or before adding such a safety
measure, how we test if we successfully corrupted the repository is
an interesting matter.  I'd say

	git update-ref --force --no-deref -d HEAD &&
	test_must_fail git show-ref --verify -q HEAD &&
	cp -f .git/HEAD.orig .git/HEAD &&
	git show-ref --verify -q "$m"

to ensure that other than removing HEAD and corrupting the
repository, it did not cause permanent damage by removing the
underlying ref, perhaps.

We may want to add some NEEDSWORK comment around such tests.

>  test_expect_success 'delete symref without dereference when the referred ref is packed' '
> @@ -208,7 +214,7 @@ test_expect_success 'delete symref without dereference when the referred ref is
>  	git commit -m foo &&
>  	git pack-refs --all &&
>  	git update-ref --no-deref -d HEAD &&
> -	test_path_is_missing .git/HEAD
> +	test_must_fail git show-ref --verify -q HEAD
>  '

Does this share the same issue as the above?

Thanks.



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux