On Thu, Sep 05, 2019 at 08:47:33AM -0700, Elijah Newren wrote:
> Users expect files in a nested git repository to be left alone unless
> sufficiently forced (with two -f's). Unfortunately, in certain
> circumstances, git would delete both tracked (and possibly dirty) files
> and untracked files within a nested repository. To explain how this
> happens, let's contrast a couple cases. First, take the following
> example setup (which assumes we are already within a git repo):
>
> git init nested
> cd nested
> >tracked
> git add tracked
> git commit -m init
> >untracked
> cd ..
>
> In this setup, everything works as expected; running 'git clean -fd'
> will result in fill_directory() returning the following paths:
> nested/
> nested/tracked
> nested/untracked
> and then correct_untracked_entries() would notice this can be compressed
> to
> nested/
> and then since "nested/" is a directory, we would call
> remove_dirs("nested/", ...), which would
> check is_nonbare_repository_dir() and then decide to skip it.
>
> However, if someone also creates an ignored file:
> >nested/ignored
> then running 'git clean -fd' would result in fill_directory() returning
> the same paths:
> nested/
> nested/tracked
> nested/untracked
> but correct_untracked_entries() will notice that we had ignored entries
> under nested/ and thus simplify this list to
> nested/tracked
> nested/untracked
> Since these are not directories, we do not call remove_dirs() which was
> the only place that had the is_nonbare_repository_dir() safety check --
> resulting in us deleting both the untracked file and the tracked (and
> possibly dirty) file.
>
> One possible fix for this issue would be walking the parent directories
> of each path and checking if they represent nonbare repositories, but
> that would be wasteful. Even if we added caching of some sort, it's
> still a waste because we should have been able to check that "nested/"
> represented a nonbare repository before even descending into it in the
> first place. Add a DIR_SKIP_NESTED_GIT flag to dir_struct.flags and use
> it to prevent fill_directory() and friends from descending into nested
> git repos.
> Finally, there is one somewhat related bug which this patch does not
> fix, coming from the opposite angle. If the user runs
> git clean -ffd
> to force deletion of untracked nested repositories, and within an
> untracked nested repo the user has ignored files (according to the inner
> OR outer repositories' .gitignore), then not only will those ignored
> files be left alone but the .git/ subdirectory of the nested repo will
> be left alone too. I am not completely sure if this should be
> considered a bug (though it seems like it since the lack of the
> untracked file would result in the .git/ subdirectory being deleted),
> but in any event it is very minor compared to accidentally deleting user
> data and I did not dive into it.
We briefly mentioned this "ignored file in a nested repo fools 'git
clean -d'" issue in an unrelated thread as well, where Philip
suggested that the gitignore of the outer repository should not have
any effect on the nested repository. I'm inclined to agree.
https://public-inbox.org/git/e221aaf8-7d0b-6feb-3f58-1e9e4382939b@iee.email/
Now, 'git clean -X' is supposed to "Remove only files ignored by
Git.". I'm not entirely sure what 'git clean -ffdX' is supposed to do
(or whether it makes any sense in the first place), but it does delete
files in the nested repository that are ignored only in the outer
repository, both tracked (and possibly dirty) and untracked, even with
this patch series. Without this series '-fdX' is just as bad, but
with this patch (i.e. by not descending into nested repositories)
'-fdX' becomes sensible and leaves the nested repository alone.
> diff --git a/Documentation/git-clean.txt b/Documentation/git-clean.txt
> index 3ab749b921..ba31d8d166 100644
> --- a/Documentation/git-clean.txt
> +++ b/Documentation/git-clean.txt
> @@ -37,9 +37,9 @@ OPTIONS
> --force::
> If the Git configuration variable clean.requireForce is not set
> to false, 'git clean' will refuse to delete files or directories
> - unless given -f or -i. Git will refuse to delete directories
> - with .git sub directory or file unless a second -f
> - is given.
> + unless given -f or -i. Git will refuse to modify untracked
> + nested git repositories (directories with a .git subdirectory)
> + unless a second -f is given.
I like this wording.
