fast-export: allow dumping the refname mapping
After you anonymize a repository, it can be hard to find which commits
correspond between the original and the result, and thus hard to
reproduce commands that triggered bugs in the original.
Let's make it possible to dump the mapping separate from the output
stream. This can be used by a bug reporter to modify their reproduction
recipe without revealing the original names (see the example in the
documentation).
The implementation is slightly non-obvious. There's no point in the
program where we know the complete set of refs we're going to anonymize.
Nor do we have a complete set of anonymized refs after finishing (we
have a set of anonymized ref path components, but no knowledge of how
those are assembled into complete refs). So we lazily write to the dump
file as we anonymize each name, and keep a list of ones that we've
output in order to avoid duplicates.
Some possible alternatives:
- we could just output the mapping of anonymized components (e.g.,
that "foo" became "ref123"). That works OK when you have short
refnames (e.g., "refs/heads/foo" becomes "refs/heads/ref123"), but
longer names would require the user to look up each component to
assemble the result. For example, "refs/remotes/origin/jk/foo" might
become "refs/remotes/refs37/refs56/refs102".
- instead of dumping the mapping, the same problem could be solved by
allowing the user to leave some refs alone. So if you want to
reproduce "git rev-list branch~17..HEAD" in the anonymized repo, we
could allow something like:
git tag anon-one branch
git tag anon-two HEAD
git fast-export --anonymize --all \
--no-anonymize-ref=anon-one \
--no-anonymize-ref=anon-two \
>stream
and then presumably "git rev-list anon-one~17..anon-two" would
behave the same in the re-imported repository. This is more
convenient in some ways, but it does require modifying the
original repository. And the concept doesn't easily extend to
other fields (e.g., pathnames, which will be addressed in a
subsequent patch).
- we could dump before/after commit hashes; combined with rev-parse,
that could convert these cases (as well as ones using raw hashes).
But we don't actually know the anonymized commit hashes; we're just
generating a stream that will produce them in the anonymized repo.
- likewise, we probably could insert object names or other markers
into commit messages, blob contents, etc, in order to let a user
with the original repo figure out which parts correspond. But using
this gets complicated (I have to find my commits in the result with
"git log --all --grep" or similar). It also makes it less clear that
the anonymized repo didn't leak any information (because we are
relying on object ids being unguessable).
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jeff King
committed by
Junio C Hamano
Junio C Hamano
parent
af6b65d45e
commit
b01d650a93
@ -119,6 +119,12 @@ by keeping the marks the same across runs.
|
||||
the shape of the history and stored tree. See the section on
|
||||
`ANONYMIZING` below.
|
||||
|
||||
--dump-anonymized-refnames=<file>::
|
||||
Output the mapping of real refnames to anonymized refnames to
|
||||
<file>. The output will contain one line per ref that appears in
|
||||
the output stream, with the original refname, a space, and its
|
||||
anonymized counterpart. See the section on `ANONYMIZING` below.
|
||||
|
||||
--reference-excluded-parents::
|
||||
By default, running a command such as `git fast-export
|
||||
master~5..master` will not include the commit master{tilde}5
|
||||
@ -238,6 +244,22 @@ collapse "User 0", "User 1", etc into "User X"). This produces a much
|
||||
smaller output, and it is usually easy to quickly confirm that there is
|
||||
no private data in the stream.
|
||||
|
||||
Reproducing some bugs may require referencing particular commits, which
|
||||
becomes challenging after the refnames have all been anonymized. You can
|
||||
use `--dump-anonymized-refnames` to output the mapping, and then alter
|
||||
your reproduction recipe to use the anonymized names. E.g., if you find
|
||||
a bug with `git rev-list v1.0..v2.0` in the private repository, you can
|
||||
run:
|
||||
|
||||
---------------------------------------------------
|
||||
$ git fast-export --anonymize --all --dump-anonymized-refnames=refs.out >stream
|
||||
$ grep '^refs/tags/v[12].0' refs.out
|
||||
refs/tags/v1.0 refs/tags/ref31
|
||||
refs/tags/v2.0 refs/tags/ref50
|
||||
---------------------------------------------------
|
||||
|
||||
which tells you that `git rev-list ref31..ref50` may produce the same
|
||||
bug in the re-imported anonymous repository.
|
||||
|
||||
LIMITATIONS
|
||||
-----------
|
||||
|
||||
@ -24,6 +24,7 @@
|
||||
#include "remote.h"
|
||||
#include "blob.h"
|
||||
#include "commit-slab.h"
|
||||
#include "khash.h"
|
||||
|
||||
static const char *fast_export_usage[] = {
|
||||
N_("git fast-export [rev-list-opts]"),
|
||||
@ -45,6 +46,7 @@ static struct string_list extra_refs = STRING_LIST_INIT_NODUP;
|
||||
static struct string_list tag_refs = STRING_LIST_INIT_NODUP;
|
||||
static struct refspec refspecs = REFSPEC_INIT_FETCH;
|
||||
static int anonymize;
|
||||
static FILE *anonymized_refnames_handle;
|
||||
static struct revision_sources revision_sources;
|
||||
|
||||
static int parse_opt_signed_tag_mode(const struct option *opt,
|
||||
@ -118,6 +120,32 @@ static int has_unshown_parent(struct commit *commit)
|
||||
return 0;
|
||||
}
|
||||
|
||||
KHASH_INIT(strset, const char *, int, 0, kh_str_hash_func, kh_str_hash_equal);
|
||||
|
||||
struct seen_set {
|
||||
kh_strset_t *set;
|
||||
};
|
||||
|
||||
static int check_and_mark_seen(struct seen_set *seen, const char *str)
|
||||
{
|
||||
int hashret;
|
||||
if (!seen->set)
|
||||
seen->set = kh_init_strset();
|
||||
if (kh_get_strset(seen->set, str) < kh_end(seen->set))
|
||||
return 1;
|
||||
kh_put_strset(seen->set, xstrdup(str), &hashret);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void maybe_dump_anon(FILE *out, struct seen_set *seen,
|
||||
const char *orig, const char *anon)
|
||||
{
|
||||
if (!out)
|
||||
return;
|
||||
if (!check_and_mark_seen(seen, orig))
|
||||
fprintf(out, "%s %s\n", orig, anon);
|
||||
}
|
||||
|
||||
struct anonymized_entry {
|
||||
struct hashmap_entry hash;
|
||||
const char *orig;
|
||||
@ -515,6 +543,8 @@ static const char *anonymize_refname(const char *refname)
|
||||
};
|
||||
static struct hashmap refs;
|
||||
static struct strbuf anon = STRBUF_INIT;
|
||||
static struct seen_set seen;
|
||||
const char *full_refname = refname;
|
||||
int i;
|
||||
|
||||
/*
|
||||
@ -533,6 +563,8 @@ static const char *anonymize_refname(const char *refname)
|
||||
}
|
||||
|
||||
anonymize_path(&anon, refname, &refs, anonymize_ref_component);
|
||||
maybe_dump_anon(anonymized_refnames_handle, &seen,
|
||||
full_refname, anon.buf);
|
||||
return anon.buf;
|
||||
}
|
||||
|
||||
@ -1144,6 +1176,7 @@ int cmd_fast_export(int argc, const char **argv, const char *prefix)
|
||||
char *export_filename = NULL,
|
||||
*import_filename = NULL,
|
||||
*import_filename_if_exists = NULL;
|
||||
const char *anonymized_refnames_file = NULL;
|
||||
uint32_t lastimportid;
|
||||
struct string_list refspecs_list = STRING_LIST_INIT_NODUP;
|
||||
struct string_list paths_of_changed_objects = STRING_LIST_INIT_DUP;
|
||||
@ -1177,6 +1210,9 @@ int cmd_fast_export(int argc, const char **argv, const char *prefix)
|
||||
OPT_STRING_LIST(0, "refspec", &refspecs_list, N_("refspec"),
|
||||
N_("Apply refspec to exported refs")),
|
||||
OPT_BOOL(0, "anonymize", &anonymize, N_("anonymize output")),
|
||||
OPT_STRING(0, "dump-anonymized-refnames",
|
||||
&anonymized_refnames_file, N_("file"),
|
||||
N_("output anonymized refname mapping to <file>")),
|
||||
OPT_BOOL(0, "reference-excluded-parents",
|
||||
&reference_excluded_commits, N_("Reference parents which are not in fast-export stream by object id")),
|
||||
OPT_BOOL(0, "show-original-ids", &show_original_ids,
|
||||
@ -1213,6 +1249,9 @@ int cmd_fast_export(int argc, const char **argv, const char *prefix)
|
||||
string_list_clear(&refspecs_list, 1);
|
||||
}
|
||||
|
||||
if (anonymized_refnames_file)
|
||||
anonymized_refnames_handle = xfopen(anonymized_refnames_file, "w");
|
||||
|
||||
if (use_done_feature)
|
||||
printf("feature done\n");
|
||||
|
||||
|
||||
@ -46,6 +46,18 @@ test_expect_success 'stream omits tag message' '
|
||||
! grep "annotated tag" stream
|
||||
'
|
||||
|
||||
test_expect_success 'refname mapping can be dumped' '
|
||||
git fast-export --anonymize --all \
|
||||
--dump-anonymized-refnames=refs.out >/dev/null &&
|
||||
# we make no guarantees of the exact anonymized names,
|
||||
# so just check that we have the right number and
|
||||
# that a sample line looks sane.
|
||||
# Note that master is not anonymized, and so not included
|
||||
# in the mapping.
|
||||
test_line_count = 6 refs.out &&
|
||||
grep "^refs/heads/other refs/heads/" refs.out
|
||||
'
|
||||
|
||||
# NOTE: we chdir to the new, anonymized repository
|
||||
# after this. All further tests should assume this.
|
||||
test_expect_success 'import stream to new repository' '
|
||||
|
||||
Reference in New Issue
Block a user