On Fri, Nov 05, 2021 at 09:35:24AM +0100, Ævar Arnfjörð Bjarmason wrote: > So if we're in the middle of a transaction and have created and written > the lockfile we might only notice that the disk has is full when we do > the fsync(). > > In that case we'll (or should, I didn't check just now) unroll the ref > transaction, and delete the *.lock files we created, which presumably > will succeed in that scenario. > > So calling die() at this level is the difference between leaving the > repo in an inconsistent state due to a disk error, and something like > "git fetch --atomic" gracefully failing. We should rollback the lockfiles even if we call die(), via the atexit() handler. Ditto if we receive a fatal signal. (But I completely agree that if we have the opportunity to just pass the error up the stack, we should do so). -Peff
