From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Srinidhi Kaushik <shrinidhi.kaushik@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH] push: make `--force-with-lease[=<ref>]` safer
Date: Mon, 7 Sep 2020 21:45:18 +0200 (CEST) [thread overview]
Message-ID: <nycvar.QRO.7.76.6.2009072119350.56@tvgsbejvaqbjf.bet> (raw)
In-Reply-To: <20200904185147.77439-1-shrinidhi.kaushik@gmail.com>
Hi Srinidhi,
On Sat, 5 Sep 2020, Srinidhi Kaushik wrote:
> The `--force-with-lease` option in `git-push`, makes sure that
> refs on remote aren't clobbered by unexpected changes when the
> "<expect>" ref value is explicitly specified.
>
> For other cases (i.e., `--force-with-lease[=<ref>]`) where the tip
> of the remote tracking branch is populated as the "<expect>" value,
> there is a possibility of allowing unwanted overwrites on the remote
> side when some tools that implicitly fetch remote-tracking refs in
> the background are used with the repository. If a remote-tracking ref
> was updated when a rewrite is happening locally and if those changes
> are pushed by omitting the "<expect>" value in `--force-with-lease`,
> any new changes from the updated tip will be lost locally and will
> be overwritten on the remote.
>
> This problem can be addressed by checking the `reflog` of the branch
> that is being pushed and verify if there in a entry with the remote
> tracking ref. By running this check, we can ensure that refs being
> are fetched in the background while a "lease" is being held are not
> overlooked before a push, and any new changes can be acknowledged
> and (if necessary) integrated locally.
>
> The new check will cause `git-push` to fail if it detects the presence
> of any updated refs that we do not have locally and reject the push
> stating `implicit fetch` as the reason.
>
> An experimental configuration setting: `push.rejectImplicitFetch`
> which defaults to `true` (when `features.experimental` is enabled)
> has been added, to allow `git-push` to reject a push if the check
> fails.
>
> Signed-off-by: Srinidhi Kaushik <shrinidhi.kaushik@gmail.com>
> ---
>
> Hello,
> I picked this up from #leftoverbits over at GitHub [1] from the open
> issues list. This idea [2], for a safer `--force-with-lease` was
> originally proposed by Johannes on the mailing list.
>
> [1]: https://github.com/gitgitgadget/git/issues/640
> [2]: https://lore.kernel.org/git/nycvar.QRO.7.76.6.1808272306271.73@tvgsbejvaqbjf.bet/
First of all: thank you for picking this up! The contribution is
pleasantly well-written, thank you also for that.
Now, to be honest, I thought that this mode would merit a new option
rather than piggy-backing on top of `--force-with-lease`. The reason is
that `--force-with-lease` targets a slightly different use case than mine:
it makes sure that we do not overwrite remote refs unless we already had a
chance to inspect them.
In contrast, my workflow uses `git pull --rebase` in two or more separate
worktrees, e.g. when developing a patch on two different Operating
Systems, I frequently forget to pull (to my public repository) on one
side, and I want to avoid force-pushing in that case, even if VS Code (or
I, via `git remote update`) fetched the ref (but failing to rebase the
local branch on top of it).
However, in other scenarios I very much do _not_ want to incorporate the
remote ref. For example, I often fetch
https://github.com/git-for-windows/git.wiki.git to check for the
occasional bogus change. Whenever I see such a bogus change, and it is at
the tip of the branch, I want to force-push _without_ incorporating the
bogus change into the local branch, yet I _do_ want to use
`--force-with-lease` because an independent change could have come in via
the Wiki in the meantime.
So I think that the original `--force-with-lease` and the mode you
implemented target subtly different use cases that are both valid, and
therefore I would like to request a separate option for the latter.
However, I have to admit that I could not think of a good name for that
option. "Implicit fetch" seems a bit too vague here, because the local
branch was not fetched, and certainly not implicitly, yet the logic
revolves around the local branch having been rebased to the
remote-tracking ref at some stage.
Even if we went with the config option to modify `--force-with-lease`'s
behavior, I would recommend separating out the `feature.experimental`
changes into their own patch, so that they can be reverted easily in case
the experimental feature is made the default.
A couple more comments:
> @@ -1471,16 +1489,21 @@ void set_ref_status_for_push(struct ref *remote_refs, int send_mirror,
> * If the remote ref has moved and is now different
> * from what we expect, reject any push.
> *
> - * It also is an error if the user told us to check
> - * with the remote-tracking branch to find the value
> - * to expect, but we did not have such a tracking
> - * branch.
> + * It also is an error if the user told us to check with the
> + * remote-tracking branch to find the value to expect, but we
> + * did not have such a tracking branch, or we have one that
> + * has new changes.
If I were you, I would try to keep the original formatting, so that it
becomes more obvious that the part ", or we have [...]" was appended.
> if (ref->expect_old_sha1) {
> if (!oideq(&ref->old_oid, &ref->old_oid_expect))
> reject_reason = REF_STATUS_REJECT_STALE;
> + else if (reject_implicit_fetch() && ref->implicit_fetch)
> + reject_reason = REF_STATUS_REJECT_IMPLICIT_FETCH;
> else
> - /* If the ref isn't stale then force the update. */
> + /*
> + * If the ref isn't stale, or there was no
Should this "or" not be an "and" instead?
> + * implicit fetch, force the update.
> + */
> force_ref_update = 1;
> }
> [...]
> static void apply_cas(struct push_cas_option *cas,
> struct remote *remote,
> struct ref *ref)
> {
> - int i;
> + int i, do_reflog_check = 0;
> + struct object_id oid;
> + struct ref *local_ref = get_local_ref(ref->name);
>
> /* Find an explicit --<option>=<name>[:<value>] entry */
> for (i = 0; i < cas->nr; i++) {
> struct push_cas *entry = &cas->entry[i];
> if (!refname_match(entry->refname, ref->name))
> continue;
> +
> ref->expect_old_sha1 = 1;
> if (!entry->use_tracking)
> oidcpy(&ref->old_oid_expect, &entry->expect);
> else if (remote_tracking(remote, ref->name, &ref->old_oid_expect))
> oidclr(&ref->old_oid_expect);
> - return;
> + else
> + do_reflog_check = 1;
> +
> + goto reflog_check;
Hmm. I do not condemn `goto` statements in general, but this one makes the
flow harder to follow. I would prefer something like this:
-- snip --
else if (remote_tracking(remote, ref->name, &ref->old_oid_expect))
oidclr(&ref->old_oid_expect);
+ else if (local_ref && !read_ref(local_ref->name, &oid))
+ ref->implicit_fetch =
+ !remote_ref_in_reflog(&ref->old_oid, &oid,
+ local_ref->name);
return;
-- snap --
Again, thank you so much for working on this!
Ciao,
Dscho
next prev parent reply other threads:[~2020-09-07 19:45 UTC|newest]
Thread overview: 120+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-04 18:51 [PATCH] push: make `--force-with-lease[=<ref>]` safer Srinidhi Kaushik
2020-09-07 15:23 ` Phillip Wood
2020-09-08 15:48 ` Srinidhi Kaushik
2020-09-07 16:14 ` Junio C Hamano
2020-09-08 16:00 ` Srinidhi Kaushik
2020-09-08 21:00 ` Junio C Hamano
2020-09-07 19:45 ` Johannes Schindelin [this message]
2020-09-08 15:58 ` Junio C Hamano
2020-09-09 3:40 ` Johannes Schindelin
2020-09-08 16:59 ` Srinidhi Kaushik
2020-09-16 11:55 ` Johannes Schindelin
2020-09-08 19:34 ` Junio C Hamano
2020-09-09 3:44 ` Johannes Schindelin
2020-09-10 10:22 ` Johannes Schindelin
2020-09-10 14:44 ` Srinidhi Kaushik
2020-09-11 22:16 ` Johannes Schindelin
2020-09-14 11:06 ` Srinidhi Kaushik
2020-09-14 20:08 ` Junio C Hamano
2020-09-16 5:31 ` Srinidhi Kaushik
2020-09-16 10:20 ` Johannes Schindelin
2020-09-19 17:48 ` Junio C Hamano
2020-09-10 14:46 ` Junio C Hamano
2020-09-11 22:17 ` Johannes Schindelin
2020-09-14 20:07 ` Junio C Hamano
2020-09-12 15:04 ` [PATCH v2 0/2] push: make "--force-with-lease" safer Srinidhi Kaushik
2020-09-12 15:04 ` [PATCH v2 1/2] push: add "--[no-]force-if-includes" Srinidhi Kaushik
2020-09-12 18:20 ` Junio C Hamano
2020-09-12 21:25 ` Srinidhi Kaushik
2020-09-12 15:04 ` [PATCH v2 2/2] push: enable "forceIfIncludesWithLease" by default Srinidhi Kaushik
2020-09-12 18:22 ` Junio C Hamano
2020-09-12 18:15 ` [PATCH v2 0/2] push: make "--force-with-lease" safer Junio C Hamano
2020-09-12 21:03 ` Srinidhi Kaushik
2020-09-13 14:54 ` [PATCH v3 0/7] push: add "--[no-]force-if-includes" Srinidhi Kaushik
2020-09-13 14:54 ` [PATCH v3 1/7] remote: add reflog check for "force-if-includes" Srinidhi Kaushik
2020-09-14 20:17 ` Junio C Hamano
2020-09-16 10:51 ` Srinidhi Kaushik
2020-09-14 20:31 ` Junio C Hamano
2020-09-14 21:13 ` Junio C Hamano
2020-09-16 12:35 ` Johannes Schindelin
2020-09-19 17:01 ` Srinidhi Kaushik
2020-09-13 14:54 ` [PATCH v3 2/7] transport: add flag for "--[no-]force-if-includes" Srinidhi Kaushik
2020-09-13 14:54 ` [PATCH v3 3/7] send-pack: check ref status for "force-if-includes" Srinidhi Kaushik
2020-09-13 14:54 ` [PATCH v3 4/7] transport-helper: update " Srinidhi Kaushik
2020-09-13 14:54 ` [PATCH v3 5/7] builtin/push: add option "--[no-]force-if-includes" Srinidhi Kaushik
2020-09-16 12:36 ` Johannes Schindelin
2020-09-13 14:54 ` [PATCH v3 6/7] doc: add reference for "--[no-]force-if-includes" Srinidhi Kaushik
2020-09-14 21:01 ` Junio C Hamano
2020-09-16 5:35 ` Srinidhi Kaushik
2020-09-13 14:54 ` [PATCH v3 7/7] t: add tests for "force-if-includes" Srinidhi Kaushik
2020-09-16 12:47 ` [PATCH v3 0/7] push: add "--[no-]force-if-includes" Johannes Schindelin
2020-09-19 17:03 ` [PATCH v4 0/3] " Srinidhi Kaushik
2020-09-19 17:03 ` [PATCH v4 1/3] push: add reflog check for "--force-if-includes" Srinidhi Kaushik
2020-09-19 20:03 ` Junio C Hamano
2020-09-21 8:42 ` Srinidhi Kaushik
2020-09-21 18:48 ` Junio C Hamano
2020-09-23 10:22 ` Srinidhi Kaushik
2020-09-23 16:47 ` Junio C Hamano
2020-09-21 13:19 ` Phillip Wood
2020-09-21 16:12 ` Junio C Hamano
2020-09-21 18:11 ` Junio C Hamano
2020-09-23 10:27 ` Srinidhi Kaushik
2020-09-19 17:03 ` [PATCH v4 2/3] push: parse and set flag " Srinidhi Kaushik
2020-09-19 20:26 ` Junio C Hamano
2020-09-19 17:03 ` [PATCH v4 3/3] t, doc: update tests, reference " Srinidhi Kaushik
2020-09-19 20:42 ` Junio C Hamano
2020-09-23 7:30 ` [PATCH v5 0/3] push: add "--[no-]force-if-includes" Srinidhi Kaushik
2020-09-23 7:30 ` [PATCH v5 1/3] push: add reflog check for "--force-if-includes" Srinidhi Kaushik
2020-09-23 10:18 ` Phillip Wood
2020-09-23 11:26 ` Srinidhi Kaushik
2020-09-23 16:24 ` Junio C Hamano
2020-09-23 16:29 ` Junio C Hamano
2020-09-23 7:30 ` [PATCH v5 2/3] push: parse and set flag " Srinidhi Kaushik
2020-09-23 7:30 ` [PATCH v5 3/3] t, doc: update tests, reference " Srinidhi Kaushik
2020-09-23 10:24 ` Phillip Wood
2020-09-26 10:13 ` [PATCH v6 0/3] push: add "--[no-]force-if-includes" Srinidhi Kaushik
2020-09-26 10:13 ` [PATCH v6 1/3] push: add reflog check for "--force-if-includes" Srinidhi Kaushik
2020-09-26 10:13 ` [PATCH v6 2/3] push: parse and set flag " Srinidhi Kaushik
2020-09-26 10:13 ` [PATCH v6 3/3] t, doc: update tests, reference " Srinidhi Kaushik
2020-09-26 10:21 ` [PATCH v6 0/3] push: add "--[no-]force-if-includes" Srinidhi Kaushik
2020-09-26 11:46 ` [PATCH v7 " Srinidhi Kaushik
2020-09-26 11:46 ` [PATCH v7 1/3] push: add reflog check for "--force-if-includes" Srinidhi Kaushik
2020-09-26 23:42 ` Junio C Hamano
2020-09-27 12:27 ` Srinidhi Kaushik
2020-09-26 11:46 ` [PATCH v7 2/3] push: parse and set flag " Srinidhi Kaushik
2020-09-26 11:46 ` [PATCH v7 3/3] t, doc: update tests, reference " Srinidhi Kaushik
2020-09-27 14:17 ` [PATCH v8 0/3] push: add "--[no-]force-if-includes" Srinidhi Kaushik
2020-09-27 14:17 ` [PATCH v8 1/3] push: add reflog check for "--force-if-includes" Srinidhi Kaushik
2020-09-27 14:17 ` [PATCH v8 2/3] push: parse and set flag " Srinidhi Kaushik
2020-09-27 14:17 ` [PATCH v8 3/3] t, doc: update tests, reference " Srinidhi Kaushik
2020-09-30 12:54 ` Philip Oakley
2020-09-30 14:27 ` Srinidhi Kaushik
2020-09-28 17:31 ` [PATCH v8 0/3] push: add "--[no-]force-if-includes" Junio C Hamano
2020-09-28 17:46 ` SZEDER Gábor
2020-09-28 19:34 ` Srinidhi Kaushik
2020-09-28 19:51 ` Junio C Hamano
2020-09-28 20:00 ` Junio C Hamano
2020-10-01 8:21 ` [PATCH v9 " Srinidhi Kaushik
2020-10-01 8:21 ` [PATCH v9 1/3] push: add reflog check for "--force-if-includes" Srinidhi Kaushik
2020-10-02 13:52 ` Johannes Schindelin
2020-10-02 14:50 ` Johannes Schindelin
2020-10-02 16:22 ` Junio C Hamano
2020-10-02 15:07 ` Srinidhi Kaushik
2020-10-02 16:41 ` Junio C Hamano
2020-10-02 19:39 ` Srinidhi Kaushik
2020-10-02 20:14 ` Junio C Hamano
2020-10-02 20:58 ` Srinidhi Kaushik
2020-10-02 21:36 ` Junio C Hamano
2020-10-02 16:26 ` Junio C Hamano
2020-10-01 8:21 ` [PATCH v9 2/3] push: parse and set flag " Srinidhi Kaushik
2020-10-01 8:21 ` [PATCH v9 3/3] t, doc: update tests, reference " Srinidhi Kaushik
2020-10-01 15:46 ` [PATCH v9 0/3] push: add "--[no-]force-if-includes" Junio C Hamano
2020-10-01 17:12 ` Junio C Hamano
2020-10-01 17:54 ` Srinidhi Kaushik
2020-10-01 18:32 ` Junio C Hamano
2020-10-02 16:50 ` Junio C Hamano
2020-10-02 19:42 ` Srinidhi Kaushik
2020-10-03 12:10 ` [PATCH v10 " Srinidhi Kaushik
2020-10-03 12:10 ` [PATCH v10 1/3] push: add reflog check for "--force-if-includes" Srinidhi Kaushik
2020-10-03 12:10 ` [PATCH v10 2/3] push: parse and set flag " Srinidhi Kaushik
2020-10-03 12:10 ` [PATCH v10 3/3] t, doc: update tests, reference " Srinidhi Kaushik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.QRO.7.76.6.2009072119350.56@tvgsbejvaqbjf.bet \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=shrinidhi.kaushik@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).