From 809fe33b8a5b4f7fedd8bd2f315c395b72d2c574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guillermo=20P=C3=A9rez?= Date: Mon, 19 Dec 2016 10:54:47 -0800 Subject: [PATCH] Make pygit2 throw if tree of a commit is not found Commit objects in git always have a tree_id associated, that points to the corresponding Tree object. When the tree object is missing, the repo is corrupted. In those cases: * official git cli fatals with status code 128 and message: fatal: unable to read tree * libgit2 returns error GIT_ENOTFOUND when calling git_commit_tree() * pygit2 when accessing the tree by id with repo[commit.tree_id] raises a KeyError: But on the other hand, on the commit object, rather than throwing and exception, pygit2 is swallowing the error returned by libgit2 and setting the .tree property to None. None is arguable the wrong choice to encode an error condition, specially in python that is used heavily. In particular this caused in our system to assume there was an empty tree, and the sync service that tails git repo changes decided to DELETE everything. The code was using None to represent empty tree, usefull for example when we need to compare a path between two commits (the path might be non-existant at one of the commits you are comparing). I think that in this case the right decision would be to raise since is an exceptional case, caused by a corrupted repo, is more consistent with other tools, and ensures user code does not take the wrong decissions. For curiosity the corrupted repository can happen more commonly than expected. We run our repositories on a shared NFS filer, and one of our servers didn't have the lookupcache=positive flag. This makes NFS cache the metadata (files on a directory for example) and use that for negative lookups (to deny existance of files). In this case, the commit object was on a directory not cached, so the commit was seen immediately, but the tree object was in a folder that was cached, the cache didn't contained the tree object, and thus for some seconds the tree was not existing and the repo was corrupted. Our sync service saw tree being None and decided to delete everything, causing a lot of issues down the way. --- src/commit.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/commit.c b/src/commit.c index 85f59cdbf..710116f01 100644 --- a/src/commit.c +++ b/src/commit.c @@ -35,6 +35,7 @@ #include "oid.h" extern PyTypeObject TreeType; +extern PyObject *GitError; PyDoc_STRVAR(Commit_message_encoding__doc__, "Message encoding."); @@ -131,8 +132,11 @@ Commit_tree__get__(Commit *commit) int err; err = git_commit_tree(&tree, commit->commit); - if (err == GIT_ENOTFOUND) - Py_RETURN_NONE; + if (err == GIT_ENOTFOUND) { + char tree_id[GIT_OID_HEXSZ + 1] = { 0 }; + git_oid_fmt(tree_id, git_commit_tree_id(commit->commit)); + return PyErr_Format(GitError, "Unable to read tree %s", tree_id); + } if (err < 0) return Error_set(err);