Greetings,
At GitLab, we are interested in introducing an optional means to bypass
the connectivity checks performed through git-receive-pack(1). This
series implements a `--skip-connectivity-check` option to facilitate
this.
For some background, we have a transaction management system that runs
in our Git RPC service and wraps all repository operations. Operations
that write to a repository are first recorded and staged outside of the
repository. When committing a transaction, the connectivity of newly
written objects is checked by walking the object graph containing only
the new objects from the updated tips and identifying the missing
objects which represent the boundary between the new objects and the
repository. The boundary objects are then checked in the canonical
repository to ensure the new objects will connect as expected. All
repository operations are run in a transaction and conflict checked
before being applied serially to the canonical repository. This ensures
that operations that would break the repository are not applied.
For our specific use case, the conflict checks performed by
git-receive-pack(1) are redundant and thus we would like to introduce an
option that allows connectivity checks to be skipped.
Thanks for taking a look.
-Justin
Justin Tobler (2):
t5410: test receive-pack connectivity check
builtin/receive-pack: add option to skip connectivity check
Documentation/git-receive-pack.adoc | 12 ++++
builtin/receive-pack.c | 40 +++++++------
t/meson.build | 2 +-
t/t5410-receive-pack-alternates.sh | 44 ---------------
t/t5410-receive-pack.sh | 87 +++++++++++++++++++++++++++++
5 files changed, 122 insertions(+), 63 deletions(-)
delete mode 100755 t/t5410-receive-pack-alternates.sh
create mode 100755 t/t5410-receive-pack.sh
Range-diff against v1:
1: f659612c9d = 1: f659612c9d t5410: test receive-pack connectivity check
2: 31e5f41983 ! 2: f6dbb02778 builtin/receive-pack: add option to skip connectivity check
@@ Commit message
During git-receive-pack(1), connectivity of the object graph is
validated to ensure that the received packfile does not leave the
repository in a broken state. This is done via git-rev-list(1) and
- walking the objects which can be expensive for large repositories.
+ walking the objects, which can be expensive for large repositories.
Generally, this check is critical to avoid an incomplete received
packfile from corrupting a repository. Server operators may have
additional knowledge though around exactly how Git is being used on the
server-side which can be used to facilitate more efficient connectivity
- computatation of incoming objects.
+ computation of incoming objects.
For example, if it can be ensured that all objects in a repository are
connected and do not depend on any missing objects, the connectivity of
@@ Documentation/git-receive-pack.adoc: OPTIONS
`--http-backend-info-refs` in linkgit:git-upload-pack[1].
+--skip-connectivity-check::
-+ Bypasses the connectivity checks performed to validate incoming
-+ objects. This option exists for server operators that may want to
-+ implement their own object connectivity check outside of Git. This is
-+ useful in such cases where the server-side knows additional information
-+ about how Git is being used and thus can rely on guarantees to more
-+ efficiently compute object connectivity that Git itself cannot make.
-+ Usage of this option without a separate mechanism to validate and
-+ ensure incoming objects connect properly to the references risks a
-+ repository becoming corrupted and should not be used in the general
-+ case.
++ Bypasses the connectivity checks that validate the existence of all
++ objects in the transitive closure of reachable objects. This option is
++ intended for server operators that want to implement their own object
++ connectivity validation outside of Git. This is useful in such cases
++ where the server-side knows additional information about how Git is
++ being used and thus can rely on certain guarantees to more efficiently
++ compute object connectivity that Git itself cannot make. Usage of this
++ option without a reliable external mechanism to ensure full reachable
++ object connectivity risks corrupting the repository and should not be
++ used in the general case.
+
PRE-RECEIVE HOOK
----------------
@@ t/t5410-receive-pack.sh: test_expect_success 'receive-pack missing objects fails
+
+ test_grep ! "missing necessary objects" actual &&
+ test_must_be_empty err &&
-+ git -C remote.git cat-file -e $(git -C repo rev-parse HEAD)
++ git -C remote.git cat-file -e $(git -C repo rev-parse HEAD) &&
++ test_must_fail git -C remote.git rev-list $(git -C repo rev-parse HEAD)
+'
+
test_done
base-commit: 6c0bd1fc70efaf053abe4e57c976afdc72d15377
--
2.49.0.111.g5b97a56fa0
