On Mon, Jul 07, 2025 at 02:04:19PM -0700, Junio C Hamano wrote:
> > IMHO we should probably avoid the underscore pattern. It's OK here, but
> > it runs close to violating the reserved names rules (a global variable
> > variable _name is bad, and _Name anywhere is bad).
>
> "name_" is available. In fact I think it is a very common pattern
> in this codebase to name an incoming parameter with trailing "_",
> and assign it to a local variable with the right name and with the
> right type at the top of the function.
Yeah, that is legal and is a pattern we use (though I admit that I find
any underscores kind of ugly and easy to miss). I was curious how often
each pattern appeared:
["v" prefix: vdata, va, etc]
$ git grep 'void \*v' '*.c' | wc -l
51
[leading underscore: _data, _a, etc]
$ git grep 'void \*_' '*.c' | wc -l
52
[trailing underscore: mostly a_, b_ in comparators]
$ git grep 'void \*[a-zA-Z0-9]_' '*.c' | wc -l
30
[just calling it "data"]
$ git grep 'void \*data' '*.c' | wc -l
314
The last one is cheating a little because it catches function pointer
declarations, too, but grepping for "= data;" returns over a hundred
hits, too.
So that was mostly for fun, and I think any is OK. ;) But here is the
patch again with the void pointer just called "data".
Although I think we're all a bit lukewarm on the concept, I feel like it
won't hurt anything, isn't too much code, and disables a potential (if
somewhat rare) footgun. So probably worth doing?
-- >8 --
Subject: [PATCH] remote: detect collisions in remote names
When two remotes collide in the destinations of their fetch refspecs,
the results can be confusing. For example, in this silly example:
git config remote.one.url [...]
git config remote.one.fetch +refs/heads/*:refs/remotes/collide/*
git config remote.two.url [...]
git config remote.two.fetch +refs/heads/*:refs/remotes/collide/*
git fetch --all
we may try to write to the same ref twice (once for each remote we're
fetching). There's also a more subtle version of this. If you have
remotes "outer/inner" and "outer", then the ref "inner/branch" on the
second remote will conflict with just "branch" on the former (they both
want to write to "refs/remotes/outer/inner/branch").
We probably don't want to forbid this kind of overlap completely. While
the results can be confusing, there are legitimate reasons to have
multiple refs write into the same namespace (e.g., if one is a "backup"
of the other that is rarely fetched from).
But it may be worth limiting the porcelain "git remote" command to avoid
this confusion. The example above cannot be done with "git remote",
because it always[1] matches the refspecs to the remote name, and you
can only have one instance of each remote name. But you can still
trigger the more subtle variant like this:
git remote add outer [...]
git remote add outer/inner [...]
So let's detect that kind of name collision (in both directions) and
forbid it. You can still do whatever you like by manipulating the config
directly, but this should prevent the most obvious foot-gun.
[1] Almost always. With the --mirror option, the resulting refspec will
just write into "refs/*"; the remote name does not appear in the ref
namespace at all.
Our new "names must not overlap" rule is not necessary for that
case, but it seems reasonable to enforce it consistently. We already
require all remote names to be valid in the ref namespace, even
though we won't ever use them in that context for --mirror remotes.
Likewise, our new rule doesn't help with overlap here. Any two
mirror remotes will always overlap (in fact, any mirror remote along
with any other single one, since refs/remotes/ is a subset of the
mirrored refs). I'm not sure this is worth worrying about, but if it
is, we'd want an additional rule like "mirror remotes must be the
only remote".
Signed-off-by: Jeff King <peff@xxxxxxxx>
---
Subject: [PATCH] remote: detect collisions in remote names
When two remotes collide in the destinations of their fetch refspecs,
the results can be confusing. For example, in this silly example:
git config remote.one.url [...]
git config remote.one.fetch +refs/heads/*:refs/remotes/collide/*
git config remote.two.url [...]
git config remote.two.fetch +refs/heads/*:refs/remotes/collide/*
git fetch --all
we may try to write to the same ref twice (once for each remote we're
fetching). There's also a more subtle version of this. If you have
remotes "outer/inner" and "outer", then the ref "inner/branch" on the
second remote will conflict with just "branch" on the former (they both
want to write to "refs/remotes/outer/inner/branch").
We probably don't want to forbid this kind of overlap completely. While
the results can be confusing, there are legitimate reasons to have
multiple refs write into the same namespace (e.g., if one is a "backup"
of the other that is rarely fetched from).
But it may be worth limiting the porcelain "git remote" command to avoid
this confusion. The example above cannot be done with "git remote",
because it always[1] matches the refspecs to the remote name, and you
can only have one instance of each remote name. But you can still
trigger the more subtle variant like this:
git remote add outer [...]
git remote add outer/inner [...]
So let's detect that kind of name collision (in both directions) and
forbid it. You can still do whatever you like by manipulating the config
directly, but this should prevent the most obvious foot-gun.
[1] Almost always. With the --mirror option, the resulting refspec will
just write into "refs/*"; the remote name does not appear in the ref
namespace at all.
Our new "names must not overlap" rule is not necessary for that
case, but it seems reasonable to enforce it consistently. We already
require all remote names to be valid in the ref namespace, even
though we won't ever use them in that context for --mirror remotes.
Likewise, our new rule doesn't help with overlap here. Any two
mirror remotes will always overlap (in fact, any mirror remote along
with any other single one, since refs/remotes/ is a subset of the
mirrored refs). I'm not sure this is worth worrying about, but if it
is, we'd want an additional rule like "mirror remotes must be the
only remote".
Signed-off-by: Jeff King <peff@xxxxxxxx>
---
builtin/remote.c | 17 +++++++++++++++++
t/t5505-remote.sh | 14 ++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/builtin/remote.c b/builtin/remote.c
index 0d6755bcb7..a770df669c 100644
--- a/builtin/remote.c
+++ b/builtin/remote.c
@@ -157,6 +157,21 @@ static int parse_mirror_opt(const struct option *opt, const char *arg, int not)
return 0;
}
+static int check_remote_collision(struct remote *remote, void *data)
+{
+ const char *name = data;
+ const char *p;
+
+ if (skip_prefix(name, remote->name, &p) && *p == '/')
+ die(_("remote name '%s' is a subset of existing remote '%s'"),
+ name, remote->name);
+ if (skip_prefix(remote->name, name, &p) && *p == '/')
+ die(_("remote name '%s' is a superset of existing remote '%s'"),
+ name, remote->name);
+
+ return 0;
+}
+
static int add(int argc, const char **argv, const char *prefix,
struct repository *repo UNUSED)
{
@@ -208,6 +223,8 @@ static int add(int argc, const char **argv, const char *prefix,
if (!valid_remote_name(name))
die(_("'%s' is not a valid remote name"), name);
+ for_each_remote(check_remote_collision, (void *)name);
+
strbuf_addf(&buf, "remote.%s.url", name);
git_config_set(buf.buf, url);
diff --git a/t/t5505-remote.sh b/t/t5505-remote.sh
index bef0250e89..2701eef85e 100755
--- a/t/t5505-remote.sh
+++ b/t/t5505-remote.sh
@@ -1644,4 +1644,18 @@ test_expect_success 'empty config clears remote.*.pushurl list' '
test_cmp expect actual
'
+test_expect_success 'forbid adding subset of existing remote' '
+ test_when_finished "git remote rm outer" &&
+ git remote add outer url &&
+ test_must_fail git remote add outer/inner url 2>err &&
+ test_grep ".outer/inner. is a subset of existing remote .outer." err
+'
+
+test_expect_success 'forbid adding superset of existing remote' '
+ test_when_finished "git remote rm outer/inner" &&
+ git remote add outer/inner url &&
+ test_must_fail git remote add outer url 2>err &&
+ test_grep ".outer. is a superset of existing remote .outer/inner." err
+'
+
test_done
--
2.50.1.488.g2a977559af
