Mercurial > hg
view tests/test-trusted.py.out @ 23702:c48924787eaa
filectx.parents: enforce changeid of parent to be in own changectx ancestors
Because of the way filenodes are computed, you can have multiple changesets
"introducing" the same file revision. For example, in the changeset graph
below, changeset 2 and 3 both change a file -to- and -from- the same content.
o 3: content = new
|
| o 2: content = new
|/
o 1: content = old
In such cases, the file revision is create once, when 2 is added, and just reused
for 3. So the file change in '3' (from "old" to "new)" has no linkrev pointing
to it). We'll call this situation "linkrev-shadowing". As the linkrev is used for
optimization purposes when walking a file history, the linkrev-shadowing
results in an unexpected jump to another branch during such a walk.. This leads to
multiple bugs with log, annotate and rename detection.
One element to fix such bugs is to ensure that walking the file history sticks on
the same topology as the changeset's history. For this purpose, we extend the
logic in 'basefilectx.parents' so that it always defines the proper changeset
to associate the parent file revision with. This "proper" changeset has to be an
ancestor of the changeset associated with the child file revision.
This logic is performed in the '_adjustlinkrev' function. This function is
given the starting changeset and all the information regarding the parent file
revision. If the linkrev for the file revision is an ancestor of the starting
changeset, the linkrev is valid and will be used. If it is not, we detected a
topological jump caused by linkrev shadowing, we are going to walk the
ancestors of the starting changeset until we find one setting the file to the
revision we are trying to create.
The performance impact appears acceptable:
- We are walking the changelog once for each filelog traversal (as there should
be no overlap between searches),
- changelog traversal itself is fairly cheap, compared to what is likely going
to be perform on the result on the filelog traversal,
- We only touch the manifest for ancestors touching the file, And such
changesets are likely to be the one introducing the file. (except in
pathological cases involving merge),
- We use manifest diff instead of full manifest unpacking to check manifest
content, so it does not involve applying multiple diffs in most case.
- linkrev shadowing is not the common case.
Tests for fixed issues in log, annotate and rename detection have been
added.
But this changeset does not solve all problems. It fixes -ancestry-
computation, but if the linkrev-shadowed changesets is the starting one, we'll
still get things wrong. We'll have to fix the bootstrapping of such operations
in a later changeset. Also, the usage of `hg log FILE` without --follow still
has issues with linkrev pointing to hidden changesets, because it relies on the
`filelog` revset which implement its own traversal logic that is still to be
fixed.
Thanks goes to:
- Matt Mackall: for nudging me in the right direction
- Julien Cristau and RĂ©mi Cardona: for keep telling me linkrev bug were an
evolution show stopper for 3 years.
- Durham Goode: for finding a new linkrev issue every few weeks
- Mads Kiilerich: for that last rename bug who raise this topic over my
anoyance limit.
| author | Pierre-Yves David <pierre-yves.david@fb.com> |
|---|---|
| date | Tue, 23 Dec 2014 15:30:38 -0800 |
| parents | fa91ddfc3f36 |
| children | c4040a35b5d9 |
line wrap: on
line source
# same user, same group trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # same user, different group trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # different user, same group not trusting file .hg/hgrc from untrusted user abc, group bar trusted global = /some/path untrusted . . global = /some/path . . local = /another/path # different user, same group, but we trust the group trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # different user, different group not trusting file .hg/hgrc from untrusted user abc, group def trusted global = /some/path untrusted . . global = /some/path . . local = /another/path # different user, different group, but we trust the user trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # different user, different group, but we trust the group trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # different user, different group, but we trust the user and the group trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # we trust all users # different user, different group trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # we trust all groups # different user, different group trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # we trust all users and groups # different user, different group trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # we don't get confused by users and groups with the same name # different user, different group not trusting file .hg/hgrc from untrusted user abc, group def trusted global = /some/path untrusted . . global = /some/path . . local = /another/path # list of user names # different user, different group, but we trust the user trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # list of group names # different user, different group, but we trust the group trusted global = /some/path local = /another/path untrusted . . global = /some/path . . local = /another/path # Can't figure out the name of the user running this process # different user, different group not trusting file .hg/hgrc from untrusted user abc, group def trusted global = /some/path untrusted . . global = /some/path . . local = /another/path # prints debug warnings # different user, different group not trusting file .hg/hgrc from untrusted user abc, group def trusted ignoring untrusted configuration option paths.local = /another/path global = /some/path untrusted . . global = /some/path .ignoring untrusted configuration option paths.local = /another/path . local = /another/path # report_untrusted enabled without debug hides warnings # different user, different group trusted global = /some/path untrusted . . global = /some/path . . local = /another/path # report_untrusted enabled with debug shows warnings # different user, different group not trusting file .hg/hgrc from untrusted user abc, group def trusted ignoring untrusted configuration option paths.local = /another/path global = /some/path untrusted . . global = /some/path .ignoring untrusted configuration option paths.local = /another/path . local = /another/path # ui.readconfig sections quux # read trusted, untrusted, new ui, trusted not trusting file foobar from untrusted user abc, group def trusted: ignoring untrusted configuration option foobar.baz = quux None untrusted: quux # error handling # file doesn't exist # same user, same group # different user, different group # parse error # different user, different group not trusting file .hg/hgrc from untrusted user abc, group def ('foo', '.hg/hgrc:1') # same user, same group ('foo', '.hg/hgrc:1')