lock_ref_sha1_basic(): report errors via a "struct strbuf *err"
[gitweb.git] / refs.c
diff --git a/refs.c b/refs.c
index e23542b3869b38e47f59f102d28648d30d506574..ff9b9cf92a7696dcb4d009f1c511a42641aad4cc 100644 (file)
--- a/refs.c
+++ b/refs.c
@@ -263,7 +263,7 @@ struct ref_dir {
  * presence of an empty subdirectory does not block the creation of a
  * similarly-named reference.  (The fact that reference names with the
  * same leading components can conflict *with each other* is a
- * separate issue that is regulated by is_refname_available().)
+ * separate issue that is regulated by verify_refname_available().)
  *
  * Please note that the name field contains the fully-qualified
  * reference (or subdirectory) name.  Space could be saved by only
@@ -841,121 +841,181 @@ static void prime_ref_dir(struct ref_dir *dir)
        }
 }
 
-static int entry_matches(struct ref_entry *entry, const struct string_list *list)
-{
-       return list && string_list_has_string(list, entry->name);
-}
-
 struct nonmatching_ref_data {
        const struct string_list *skip;
-       struct ref_entry *found;
+       const char *conflicting_refname;
 };
 
 static int nonmatching_ref_fn(struct ref_entry *entry, void *vdata)
 {
        struct nonmatching_ref_data *data = vdata;
 
-       if (entry_matches(entry, data->skip))
+       if (data->skip && string_list_has_string(data->skip, entry->name))
                return 0;
 
-       data->found = entry;
+       data->conflicting_refname = entry->name;
        return 1;
 }
 
-static void report_refname_conflict(struct ref_entry *entry,
-                                   const char *refname)
-{
-       error("'%s' exists; cannot create '%s'", entry->name, refname);
-}
-
 /*
- * Return true iff a reference named refname could be created without
- * conflicting with the name of an existing reference in dir.  If
- * skip is non-NULL, ignore potential conflicts with refs in skip
- * (e.g., because they are scheduled for deletion in the same
- * operation).
+ * Return 0 if a reference named refname could be created without
+ * conflicting with the name of an existing reference in dir.
+ * Otherwise, return a negative value and write an explanation to err.
+ * If extras is non-NULL, it is a list of additional refnames with
+ * which refname is not allowed to conflict. If skip is non-NULL,
+ * ignore potential conflicts with refs in skip (e.g., because they
+ * are scheduled for deletion in the same operation). Behavior is
+ * undefined if the same name is listed in both extras and skip.
  *
  * Two reference names conflict if one of them exactly matches the
- * leading components of the other; e.g., "foo/bar" conflicts with
- * both "foo" and with "foo/bar/baz" but not with "foo/bar" or
- * "foo/barbados".
+ * leading components of the other; e.g., "refs/foo/bar" conflicts
+ * with both "refs/foo" and with "refs/foo/bar/baz" but not with
+ * "refs/foo/bar" or "refs/foo/barbados".
  *
- * skip must be sorted.
+ * extras and skip must be sorted.
  */
-static int is_refname_available(const char *refname,
-                               const struct string_list *skip,
-                               struct ref_dir *dir)
+static int verify_refname_available(const char *refname,
+                                   const struct string_list *extras,
+                                   const struct string_list *skip,
+                                   struct ref_dir *dir,
+                                   struct strbuf *err)
 {
        const char *slash;
-       size_t len;
        int pos;
-       char *dirname;
+       struct strbuf dirname = STRBUF_INIT;
+       int ret = -1;
 
+       /*
+        * For the sake of comments in this function, suppose that
+        * refname is "refs/foo/bar".
+        */
+
+       assert(err);
+
+       strbuf_grow(&dirname, strlen(refname) + 1);
        for (slash = strchr(refname, '/'); slash; slash = strchr(slash + 1, '/')) {
+               /* Expand dirname to the new prefix, not including the trailing slash: */
+               strbuf_add(&dirname, refname + dirname.len, slash - refname - dirname.len);
+
                /*
-                * We are still at a leading dir of the refname; we are
-                * looking for a conflict with a leaf entry.
-                *
-                * If we find one, we still must make sure it is
-                * not in "skip".
+                * We are still at a leading dir of the refname (e.g.,
+                * "refs/foo"; if there is a reference with that name,
+                * it is a conflict, *unless* it is in skip.
                 */
-               pos = search_ref_dir(dir, refname, slash - refname);
-               if (pos >= 0) {
-                       struct ref_entry *entry = dir->entries[pos];
-                       if (entry_matches(entry, skip))
-                               return 1;
-                       report_refname_conflict(entry, refname);
-                       return 0;
+               if (dir) {
+                       pos = search_ref_dir(dir, dirname.buf, dirname.len);
+                       if (pos >= 0 &&
+                           (!skip || !string_list_has_string(skip, dirname.buf))) {
+                               /*
+                                * We found a reference whose name is
+                                * a proper prefix of refname; e.g.,
+                                * "refs/foo", and is not in skip.
+                                */
+                               strbuf_addf(err, "'%s' exists; cannot create '%s'",
+                                           dirname.buf, refname);
+                               goto cleanup;
+                       }
                }
 
+               if (extras && string_list_has_string(extras, dirname.buf) &&
+                   (!skip || !string_list_has_string(skip, dirname.buf))) {
+                       strbuf_addf(err, "cannot process '%s' and '%s' at the same time",
+                                   refname, dirname.buf);
+                       goto cleanup;
+               }
 
                /*
                 * Otherwise, we can try to continue our search with
-                * the next component; if we come up empty, we know
-                * there is nothing under this whole prefix.
+                * the next component. So try to look up the
+                * directory, e.g., "refs/foo/". If we come up empty,
+                * we know there is nothing under this whole prefix,
+                * but even in that case we still have to continue the
+                * search for conflicts with extras.
                 */
-               pos = search_ref_dir(dir, refname, slash + 1 - refname);
-               if (pos < 0)
-                       return 1;
-
-               dir = get_ref_dir(dir->entries[pos]);
+               strbuf_addch(&dirname, '/');
+               if (dir) {
+                       pos = search_ref_dir(dir, dirname.buf, dirname.len);
+                       if (pos < 0) {
+                               /*
+                                * There was no directory "refs/foo/",
+                                * so there is nothing under this
+                                * whole prefix. So there is no need
+                                * to continue looking for conflicting
+                                * references. But we need to continue
+                                * looking for conflicting extras.
+                                */
+                               dir = NULL;
+                       } else {
+                               dir = get_ref_dir(dir->entries[pos]);
+                       }
+               }
        }
 
        /*
-        * We are at the leaf of our refname; we want to
-        * make sure there are no directories which match it.
+        * We are at the leaf of our refname (e.g., "refs/foo/bar").
+        * There is no point in searching for a reference with that
+        * name, because a refname isn't considered to conflict with
+        * itself. But we still need to check for references whose
+        * names are in the "refs/foo/bar/" namespace, because they
+        * *do* conflict.
         */
-       len = strlen(refname);
-       dirname = xmallocz(len + 1);
-       sprintf(dirname, "%s/", refname);
-       pos = search_ref_dir(dir, dirname, len + 1);
-       free(dirname);
+       strbuf_addstr(&dirname, refname + dirname.len);
+       strbuf_addch(&dirname, '/');
+
+       if (dir) {
+               pos = search_ref_dir(dir, dirname.buf, dirname.len);
 
-       if (pos >= 0) {
+               if (pos >= 0) {
+                       /*
+                        * We found a directory named "$refname/"
+                        * (e.g., "refs/foo/bar/"). It is a problem
+                        * iff it contains any ref that is not in
+                        * "skip".
+                        */
+                       struct nonmatching_ref_data data;
+
+                       data.skip = skip;
+                       data.conflicting_refname = NULL;
+                       dir = get_ref_dir(dir->entries[pos]);
+                       sort_ref_dir(dir);
+                       if (do_for_each_entry_in_dir(dir, 0, nonmatching_ref_fn, &data)) {
+                               strbuf_addf(err, "'%s' exists; cannot create '%s'",
+                                           data.conflicting_refname, refname);
+                               goto cleanup;
+                       }
+               }
+       }
+
+       if (extras) {
                /*
-                * We found a directory named "refname". It is a
-                * problem iff it contains any ref that is not
-                * in "skip".
+                * Check for entries in extras that start with
+                * "$refname/". We do that by looking for the place
+                * where "$refname/" would be inserted in extras. If
+                * there is an entry at that position that starts with
+                * "$refname/" and is not in skip, then we have a
+                * conflict.
                 */
-               struct ref_entry *entry = dir->entries[pos];
-               struct ref_dir *dir = get_ref_dir(entry);
-               struct nonmatching_ref_data data;
+               for (pos = string_list_find_insert_index(extras, dirname.buf, 0);
+                    pos < extras->nr; pos++) {
+                       const char *extra_refname = extras->items[pos].string;
 
-               data.skip = skip;
-               sort_ref_dir(dir);
-               if (!do_for_each_entry_in_dir(dir, 0, nonmatching_ref_fn, &data))
-                       return 1;
+                       if (!starts_with(extra_refname, dirname.buf))
+                               break;
 
-               report_refname_conflict(data.found, refname);
-               return 0;
+                       if (!skip || !string_list_has_string(skip, extra_refname)) {
+                               strbuf_addf(err, "cannot process '%s' and '%s' at the same time",
+                                           refname, extra_refname);
+                               goto cleanup;
+                       }
+               }
        }
 
-       /*
-        * There is no point in searching for another leaf
-        * node which matches it; such an entry would be the
-        * ref we are looking for, not a conflict.
-        */
-       return 1;
+       /* No conflicts were found */
+       ret = 0;
+
+cleanup:
+       strbuf_release(&dirname);
+       return ret;
 }
 
 struct packed_ref_cache {
@@ -1934,6 +1994,11 @@ static int do_for_each_ref(struct ref_cache *refs, const char *base,
        data.fn = fn;
        data.cb_data = cb_data;
 
+       if (ref_paranoia < 0)
+               ref_paranoia = git_env_bool("GIT_REF_PARANOIA", 0);
+       if (ref_paranoia)
+               data.flags |= DO_FOR_EACH_INCLUDE_BROKEN;
+
        return do_for_each_entry(refs, base, do_one_ref, &data);
 }
 
@@ -2266,8 +2331,10 @@ int dwim_log(const char *str, int len, unsigned char *sha1, char **log)
  */
 static struct ref_lock *lock_ref_sha1_basic(const char *refname,
                                            const unsigned char *old_sha1,
+                                           const struct string_list *extras,
                                            const struct string_list *skip,
-                                           unsigned int flags, int *type_p)
+                                           unsigned int flags, int *type_p,
+                                           struct strbuf *err)
 {
        char *ref_file;
        const char *orig_refname = refname;
@@ -2278,6 +2345,8 @@ static struct ref_lock *lock_ref_sha1_basic(const char *refname,
        int resolve_flags = 0;
        int attempts_remaining = 3;
 
+       assert(err);
+
        lock = xcalloc(1, sizeof(struct ref_lock));
        lock->lock_fd = -1;
 
@@ -2300,7 +2369,8 @@ static struct ref_lock *lock_ref_sha1_basic(const char *refname,
                ref_file = git_path("%s", orig_refname);
                if (remove_empty_directories(ref_file)) {
                        last_errno = errno;
-                       error("there are still refs under '%s'", orig_refname);
+                       strbuf_addf(err, "there are still refs under '%s'",
+                                   orig_refname);
                        goto error_return;
                }
                refname = resolve_ref_unsafe(orig_refname, resolve_flags,
@@ -2310,8 +2380,8 @@ static struct ref_lock *lock_ref_sha1_basic(const char *refname,
            *type_p = type;
        if (!refname) {
                last_errno = errno;
-               error("unable to resolve reference %s: %s",
-                       orig_refname, strerror(errno));
+               strbuf_addf(err, "unable to resolve reference %s: %s",
+                           orig_refname, strerror(errno));
                goto error_return;
        }
        /*
@@ -2321,7 +2391,8 @@ static struct ref_lock *lock_ref_sha1_basic(const char *refname,
         * our refname.
         */
        if (is_null_sha1(lock->old_sha1) &&
-            !is_refname_available(refname, skip, get_packed_refs(&ref_cache))) {
+           verify_refname_available(refname, extras, skip,
+                                    get_packed_refs(&ref_cache), err)) {
                last_errno = ENOTDIR;
                goto error_return;
        }
@@ -2347,7 +2418,7 @@ static struct ref_lock *lock_ref_sha1_basic(const char *refname,
                /* fall through */
        default:
                last_errno = errno;
-               error("unable to create directory for %s", ref_file);
+               strbuf_addf(err, "unable to create directory for %s", ref_file);
                goto error_return;
        }
 
@@ -2362,10 +2433,7 @@ static struct ref_lock *lock_ref_sha1_basic(const char *refname,
                         */
                        goto retry;
                else {
-                       struct strbuf err = STRBUF_INIT;
-                       unable_to_lock_message(ref_file, errno, &err);
-                       error("%s", err.buf);
-                       strbuf_release(&err);
+                       unable_to_lock_message(ref_file, errno, err);
                        goto error_return;
                }
        }
@@ -2616,68 +2684,10 @@ int pack_refs(unsigned int flags)
        return 0;
 }
 
-/*
- * If entry is no longer needed in packed-refs, add it to the string
- * list pointed to by cb_data.  Reasons for deleting entries:
- *
- * - Entry is broken.
- * - Entry is overridden by a loose ref.
- * - Entry does not point at a valid object.
- *
- * In the first and third cases, also emit an error message because these
- * are indications of repository corruption.
- */
-static int curate_packed_ref_fn(struct ref_entry *entry, void *cb_data)
-{
-       struct string_list *refs_to_delete = cb_data;
-
-       if (entry->flag & REF_ISBROKEN) {
-               /* This shouldn't happen to packed refs. */
-               error("%s is broken!", entry->name);
-               string_list_append(refs_to_delete, entry->name);
-               return 0;
-       }
-       if (!has_sha1_file(entry->u.value.sha1)) {
-               unsigned char sha1[20];
-               int flags;
-
-               if (read_ref_full(entry->name, 0, sha1, &flags))
-                       /* We should at least have found the packed ref. */
-                       die("Internal error");
-               if ((flags & REF_ISSYMREF) || !(flags & REF_ISPACKED)) {
-                       /*
-                        * This packed reference is overridden by a
-                        * loose reference, so it is OK that its value
-                        * is no longer valid; for example, it might
-                        * refer to an object that has been garbage
-                        * collected.  For this purpose we don't even
-                        * care whether the loose reference itself is
-                        * invalid, broken, symbolic, etc.  Silently
-                        * remove the packed reference.
-                        */
-                       string_list_append(refs_to_delete, entry->name);
-                       return 0;
-               }
-               /*
-                * There is no overriding loose reference, so the fact
-                * that this reference doesn't refer to a valid object
-                * indicates some kind of repository corruption.
-                * Report the problem, then omit the reference from
-                * the output.
-                */
-               error("%s does not point to a valid object!", entry->name);
-               string_list_append(refs_to_delete, entry->name);
-               return 0;
-       }
-
-       return 0;
-}
-
 int repack_without_refs(struct string_list *refnames, struct strbuf *err)
 {
        struct ref_dir *packed;
-       struct string_list refs_to_delete = STRING_LIST_INIT_DUP;
-       struct string_list_item *refname, *ref_to_delete;
+       struct string_list_item *refname;
        int ret, needs_repacking = 0, removed = 0;
 
        assert(err);
@@ -2713,13 +2723,6 @@ int repack_without_refs(struct string_list *refnames, struct strbuf *err)
                return 0;
        }
 
-       /* Remove any other accumulated cruft */
-       do_for_each_entry_in_dir(packed, 0, curate_packed_ref_fn, &refs_to_delete);
-       for_each_string_list_item(ref_to_delete, &refs_to_delete) {
-               if (remove_entry(packed, ref_to_delete->string) == -1)
-                       die("internal error");
-       }
-
        /* Write what remains */
        ret = commit_packed_refs();
        if (ret)
@@ -2824,12 +2827,19 @@ static int rename_tmp_log(const char *newrefname)
 static int rename_ref_available(const char *oldname, const char *newname)
 {
        struct string_list skip = STRING_LIST_INIT_NODUP;
+       struct strbuf err = STRBUF_INIT;
        int ret;
 
        string_list_insert(&skip, oldname);
-       ret = is_refname_available(newname, &skip, get_packed_refs(&ref_cache))
-           && is_refname_available(newname, &skip, get_loose_refs(&ref_cache));
+       ret = !verify_refname_available(newname, NULL, &skip,
+                                       get_packed_refs(&ref_cache), &err)
+               && !verify_refname_available(newname, NULL, &skip,
+                                            get_loose_refs(&ref_cache), &err);
+       if (!ret)
+               error("%s", err.buf);
+
        string_list_clear(&skip, 0);
+       strbuf_release(&err);
        return ret;
 }
 
@@ -2844,6 +2854,7 @@ int rename_ref(const char *oldrefname, const char *newrefname, const char *logms
        struct stat loginfo;
        int log = !lstat(git_path("logs/%s", oldrefname), &loginfo);
        const char *symref = NULL;
+       struct strbuf err = STRBUF_INIT;
 
        if (log && S_ISLNK(loginfo.st_mode))
                return error("reflog for %s is a symlink", oldrefname);
@@ -2886,8 +2897,10 @@ int rename_ref(const char *oldrefname, const char *newrefname, const char *logms
 
        logmoved = log;
 
-       lock = lock_ref_sha1_basic(newrefname, NULL, NULL, 0, NULL);
+       lock = lock_ref_sha1_basic(newrefname, NULL, NULL, NULL, 0, NULL, &err);
        if (!lock) {
+               error("%s", err.buf);
+               strbuf_release(&err);
                error("unable to lock %s for update", newrefname);
                goto rollback;
        }
@@ -2900,8 +2913,10 @@ int rename_ref(const char *oldrefname, const char *newrefname, const char *logms
        return 0;
 
  rollback:
-       lock = lock_ref_sha1_basic(oldrefname, NULL, NULL, 0, NULL);
+       lock = lock_ref_sha1_basic(oldrefname, NULL, NULL, NULL, 0, NULL, &err);
        if (!lock) {
+               error("%s", err.buf);
+               strbuf_release(&err);
                error("unable to lock %s for rollback", oldrefname);
                goto rollbacklog;
        }
@@ -3755,25 +3770,18 @@ int update_ref(const char *msg, const char *refname,
        return 0;
 }
 
-static int ref_update_compare(const void *r1, const void *r2)
-{
-       const struct ref_update * const *u1 = r1;
-       const struct ref_update * const *u2 = r2;
-       return strcmp((*u1)->refname, (*u2)->refname);
-}
-
-static int ref_update_reject_duplicates(struct ref_update **updates, int n,
+static int ref_update_reject_duplicates(struct string_list *refnames,
                                        struct strbuf *err)
 {
-       int i;
+       int i, n = refnames->nr;
 
        assert(err);
 
        for (i = 1; i < n; i++)
-               if (!strcmp(updates[i - 1]->refname, updates[i]->refname)) {
+               if (!strcmp(refnames->items[i - 1].string, refnames->items[i].string)) {
                        strbuf_addf(err,
                                    "Multiple updates for ref '%s' not allowed.",
-                                   updates[i]->refname);
+                                   refnames->items[i].string);
                        return 1;
                }
        return 0;
@@ -3787,6 +3795,7 @@ int ref_transaction_commit(struct ref_transaction *transaction,
        struct ref_update **updates = transaction->updates;
        struct string_list refs_to_delete = STRING_LIST_INIT_NODUP;
        struct string_list_item *ref_to_delete;
+       struct string_list affected_refnames = STRING_LIST_INIT_NODUP;
 
        assert(err);
 
@@ -3798,9 +3807,11 @@ int ref_transaction_commit(struct ref_transaction *transaction,
                return 0;
        }
 
-       /* Copy, sort, and reject duplicate refs */
-       qsort(updates, n, sizeof(*updates), ref_update_compare);
-       if (ref_update_reject_duplicates(updates, n, err)) {
+       /* Fail if a refname appears more than once in the transaction: */
+       for (i = 0; i < n; i++)
+               string_list_append(&affected_refnames, updates[i]->refname);
+       string_list_sort(&affected_refnames);
+       if (ref_update_reject_duplicates(&affected_refnames, err)) {
                ret = TRANSACTION_GENERIC_ERROR;
                goto cleanup;
        }
@@ -3816,13 +3827,16 @@ int ref_transaction_commit(struct ref_transaction *transaction,
                                update->refname,
                                ((update->flags & REF_HAVE_OLD) ?
                                 update->old_sha1 : NULL),
-                               NULL,
+                               &affected_refnames, NULL,
                                flags,
-                               &update->type);
+                               &update->type,
+                               err);
                if (!update->lock) {
                        ret = (errno == ENOTDIR)
                                ? TRANSACTION_NAME_CONFLICT
                                : TRANSACTION_GENERIC_ERROR;
+                       error("%s", err->buf);
+                       strbuf_reset(err);
                        strbuf_addf(err, "Cannot lock the ref '%s'.",
                                    update->refname);
                        goto cleanup;
@@ -3892,6 +3906,7 @@ int ref_transaction_commit(struct ref_transaction *transaction,
                if (updates[i]->lock)
                        unlock_ref(updates[i]->lock);
        string_list_clear(&refs_to_delete, 0);
+       string_list_clear(&affected_refnames, 0);
        return ret;
 }
 
@@ -4081,6 +4096,7 @@ int reflog_expire(const char *refname, const unsigned char *sha1,
        char *log_file;
        int status = 0;
        int type;
+       struct strbuf err = STRBUF_INIT;
 
        memset(&cb, 0, sizeof(cb));
        cb.flags = flags;
@@ -4092,9 +4108,12 @@ int reflog_expire(const char *refname, const unsigned char *sha1,
         * reference itself, plus we might need to update the
         * reference if --updateref was specified:
         */
-       lock = lock_ref_sha1_basic(refname, sha1, NULL, 0, &type);
-       if (!lock)
+       lock = lock_ref_sha1_basic(refname, sha1, NULL, NULL, 0, &type, &err);
+       if (!lock) {
+               error("%s", err.buf);
+               strbuf_release(&err);
                return error("cannot lock ref '%s'", refname);
+       }
        if (!reflog_exists(refname)) {
                unlock_ref(lock);
                return 0;