From: Neeraj Singh <neerajsi@xxxxxxxxxxxxx> When creating a subprocess with a temporary ODB, we set the GIT_QUARANTINE_ENVIRONMENT env var to tell child Git processes not to update refs, since the tmp-objdir may go away. Introduce a similar mechanism for in-process temporary ODBs when we call tmp_objdir_replace_primary_odb. Now both mechanisms set the disable_ref_updates flag on the odb, which is queried by the ref_transaction_prepare function. Peff's test case [1] was invoking ref updates via the cachetextconv setting. That particular code silently does nothing when a ref update is forbidden. See the call to notes_cache_put in fill_textconv where errors are ignored. [1] https://lore.kernel.org/git/YVOn3hDsb5pnxR53@xxxxxxxxxxxxxxxxxxxxxxx/ Reported-by: Jeff King <peff@xxxxxxxx> Signed-off-by: Neeraj Singh <neerajsi@xxxxxxxxxxxxx> Signed-off-by: Junio C Hamano <gitster@xxxxxxxxx> --- environment.c | 4 ++++ object-file.c | 6 ++++++ object-store.h | 7 +++++++ refs.c | 2 +- repository.c | 2 ++ repository.h | 1 + 6 files changed, 21 insertions(+), 1 deletion(-) diff --git a/environment.c b/environment.c index fe51dfe24d4..a8b64f5194f 100644 --- a/environment.c +++ b/environment.c @@ -169,6 +169,10 @@ void setup_git_env(const char *git_dir) args.graft_file = getenv_safe(&to_free, GRAFT_ENVIRONMENT); args.index_file = getenv_safe(&to_free, INDEX_ENVIRONMENT); args.alternate_db = getenv_safe(&to_free, ALTERNATE_DB_ENVIRONMENT); + if (getenv(GIT_QUARANTINE_ENVIRONMENT)) { + args.disable_ref_updates = 1; + } + repo_set_gitdir(the_repository, git_dir, &args); strvec_clear(&to_free); diff --git a/object-file.c b/object-file.c index 0b6a61aeaff..659ef7623ff 100644 --- a/object-file.c +++ b/object-file.c @@ -699,6 +699,12 @@ struct object_directory *set_temporary_primary_odb(const char *dir, int will_des */ new_odb = xcalloc(1, sizeof(*new_odb)); new_odb->path = xstrdup(dir); + + /* + * Disable ref updates while a temporary odb is active, since + * the objects in the database may roll back. + */ + new_odb->disable_ref_updates = 1; new_odb->will_destroy = will_destroy; new_odb->next = the_repository->objects->odb; the_repository->objects->odb = new_odb; diff --git a/object-store.h b/object-store.h index cb173e69392..6f89482df03 100644 --- a/object-store.h +++ b/object-store.h @@ -27,6 +27,13 @@ struct object_directory { uint32_t loose_objects_subdir_seen[8]; /* 256 bits */ struct oidtree *loose_objects_cache; + /* + * This is a temporary object store created by the tmp_objdir + * facility. Disable ref updates since the objects in the store + * might be discarded on rollback. + */ + int disable_ref_updates; + /* * This object store is ephemeral, so there is no need to fsync. */ diff --git a/refs.c b/refs.c index d7cc0a23a3b..ac744e85f5f 100644 --- a/refs.c +++ b/refs.c @@ -2137,7 +2137,7 @@ int ref_transaction_prepare(struct ref_transaction *transaction, break; } - if (getenv(GIT_QUARANTINE_ENVIRONMENT)) { + if (refs->repo->objects->odb->disable_ref_updates) { strbuf_addstr(err, _("ref updates forbidden inside quarantine environment")); return -1; diff --git a/repository.c b/repository.c index c5b90ba93ea..dce8e35ac20 100644 --- a/repository.c +++ b/repository.c @@ -80,6 +80,8 @@ void repo_set_gitdir(struct repository *repo, expand_base_dir(&repo->objects->odb->path, o->object_dir, repo->commondir, "objects"); + repo->objects->odb->disable_ref_updates = o->disable_ref_updates; + free(repo->objects->alternate_db); repo->objects->alternate_db = xstrdup_or_null(o->alternate_db); expand_base_dir(&repo->graft_file, o->graft_file, diff --git a/repository.h b/repository.h index a057653981c..7c04e99ac5c 100644 --- a/repository.h +++ b/repository.h @@ -158,6 +158,7 @@ struct set_gitdir_args { const char *graft_file; const char *index_file; const char *alternate_db; + int disable_ref_updates; }; void repo_set_gitdir(struct repository *repo, const char *root, -- gitgitgadget