From 347f9ed393b7a44d775ffb436f8bae304d82729f Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Mon, 15 Mar 2021 14:58:52 -0400 Subject: [PATCH] sync: rework selfupdate logic The current logic has a downside in that it doesn't sync to the latest signed version available if the latest commit itself is unsigned. This can come up when using the "main" branch as it is sometimes signed, but often not as it's holding the latest merged commits. When people use the main branch, it's to get early testing on versions tagged but not yet released, and we don't want them to get stuck indefinitely on that old version of repo. For example, this series of events: * "stable" is at v2.12. * "main" is tagged with v2.13. * early testers use --repo-rev main to get v2.13. * new commits are merged to "main". * "main" is tagged with v2.14. * new commits are merged to "main". * devs who had synced in the past to test v2.13 are stuck on v2.13. repo sees "main" is unsigned and so doesn't try to upgrade at all. The only way to get unwedged is to re-run `repo init --repo-rev main`, or to manually sync once with repo verification disabled, or for us to leave "main" signed for a while and hope devs will sync in that window. The new logic is that whenever changes are available, we switch to the latest signed tag. We also replace some of the duplicated verification code in the sync command with the newer wrapper logic. This handles a couple of important scenarios inaddition to above: * rollback (e.g. v2.13.8 -> v2.13.7) * do not trash uncommitted changes (in case of ad-hoc testing) * switch tag histories (e.g. v2.13.8 -> v2.13.8-cr1) Change-Id: I5b45ba1dd26a7c582700ee3711f303dc7538579b Reviewed-on: https://gerrit-review.googlesource.com/c/git-repo/+/300122 Reviewed-by: Jonathan Nieder Reviewed-by: Michael Mortensen Tested-by: Mike Frysinger --- subcmds/sync.py | 68 +++++++++++++++---------------------------------- 1 file changed, 20 insertions(+), 48 deletions(-) diff --git a/subcmds/sync.py b/subcmds/sync.py index bf1369c0..36b1b0ac 100644 --- a/subcmds/sync.py +++ b/subcmds/sync.py @@ -20,9 +20,7 @@ import multiprocessing import netrc from optparse import SUPPRESS_HELP import os -import re import socket -import subprocess import sys import tempfile import time @@ -46,7 +44,7 @@ except ImportError: return (256, 256) import event_log -from git_command import GIT, git_require +from git_command import git_require from git_config import GetUrlCookieFile from git_refs import R_HEADS, HEAD import git_superproject @@ -956,12 +954,25 @@ def _PostRepoUpgrade(manifest, quiet=False): def _PostRepoFetch(rp, repo_verify=True, verbose=False): if rp.HasChanges: print('info: A new version of repo is available', file=sys.stderr) - print(file=sys.stderr) - if not repo_verify or _VerifyTag(rp): - syncbuf = SyncBuffer(rp.config) - rp.Sync_LocalHalf(syncbuf) - if not syncbuf.Finish(): - sys.exit(1) + wrapper = Wrapper() + try: + rev = rp.bare_git.describe(rp.GetRevisionId()) + except GitError: + rev = None + _, new_rev = wrapper.check_repo_rev(rp.gitdir, rev, repo_verify=repo_verify) + # See if we're held back due to missing signed tag. + current_revid = rp.bare_git.rev_parse('HEAD') + new_revid = rp.bare_git.rev_parse('--verify', new_rev) + if current_revid != new_revid: + # We want to switch to the new rev, but also not trash any uncommitted + # changes. This helps with local testing/hacking. + # If a local change has been made, we will throw that away. + # We also have to make sure this will switch to an older commit if that's + # the latest tag in order to support release rollback. + try: + rp.work_git.reset('--keep', new_rev) + except GitError as e: + sys.exit(str(e)) print('info: Restarting repo with latest version', file=sys.stderr) raise RepoChangedException(['--repo-upgraded']) else: @@ -972,45 +983,6 @@ def _PostRepoFetch(rp, repo_verify=True, verbose=False): file=sys.stderr) -def _VerifyTag(project): - gpg_dir = os.path.expanduser('~/.repoconfig/gnupg') - if not os.path.exists(gpg_dir): - print('warning: GnuPG was not available during last "repo init"\n' - 'warning: Cannot automatically authenticate repo."""', - file=sys.stderr) - return True - - try: - cur = project.bare_git.describe(project.GetRevisionId()) - except GitError: - cur = None - - if not cur \ - or re.compile(r'^.*-[0-9]{1,}-g[0-9a-f]{1,}$').match(cur): - rev = project.revisionExpr - if rev.startswith(R_HEADS): - rev = rev[len(R_HEADS):] - - print(file=sys.stderr) - print("warning: project '%s' branch '%s' is not signed" - % (project.name, rev), file=sys.stderr) - return False - - env = os.environ.copy() - env['GIT_DIR'] = project.gitdir - env['GNUPGHOME'] = gpg_dir - - cmd = [GIT, 'tag', '-v', cur] - result = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, - env=env, check=False) - if result.returncode: - print(file=sys.stderr) - print(result.stdout, file=sys.stderr) - print(file=sys.stderr) - return False - return True - - class _FetchTimes(object): _ALPHA = 0.5