Document pack .idx file format upgrade strategy.

Way back when Junio developed the 64 bit index topic he came up
with a means of changing the .idx file format so that older Git
clients would recognize that they don't understand the file and
refuse to read it, while newer clients could tell the difference
between the old-style and new-style .idx files.  Unfortunately
this wasn't recorded anywhere.

This change documents how we might go about changing the .idx
file format by using a special signature in the first four bytes.
Credit (and possible blame) goes completely to Junio for thinking
up this technique.

The change also modifies the error message of the current Git code
so that users get a recommendation to upgrade their Git software
should this version or later encounter a new-style .idx which it
cannot process.  We already do this for the .pack files, but since
we usually process the .idx files first its important that these
files are recognized and encourage an upgrade.

Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>

diff --git a/pack.h b/pack.h
index 4814800f2806a245a675ea9832f894dc95b27b89..790ff4a39681402d6b6e2517e5fcf1bec59bcdc5 100644 (file)
--- a/pack.h
+++ b/pack.h
@@ -15,5 +15,33 @@ struct pack_header {
        unsigned int hdr_entries;
 };
 
+/*
+ * Packed object index header
+ *
+ * struct pack_idx_header {
+ *     uint32_t idx_signature;
+ *     uint32_t idx_version;
+ * };
+ *
+ * Note: this header isn't active yet.  In future versions of git
+ * we may change the index file format.  At that time we would start
+ * the first four bytes of the new index format with this signature,
+ * as all older git binaries would find this value illegal and abort
+ * reading the file.
+ *
+ * This is the case because the number of objects in a packfile
+ * cannot exceed 1,431,660,000 as every object would need at least
+ * 3 bytes of data and the overall packfile cannot exceed 4 GiB due
+ * to the 32 bit offsets used by the index.  Clearly the signature
+ * exceeds this maximum.
+ *
+ * Very old git binaries will also compare the first 4 bytes to the
+ * next 4 bytes in the index and abort with a "non-monotonic index"
+ * error if the second 4 byte word is smaller than the first 4
+ * byte word.  This would be true in the proposed future index
+ * format as idx_signature would be greater than idx_version.
+ */
+#define PACK_IDX_SIGNATURE 0xff744f63  /* "\377tOc" */
+
 extern int verify_pack(struct packed_git *, int);
 #endif

diff --git a/sha1_file.c b/sha1_file.c
index 1b1c0f7b4dc814764ead5ba1af77070ed381110c..0b705455627213e6e6dda89495dd0c01ac1cf12d 100644 (file)
--- a/sha1_file.c
+++ b/sha1_file.c
@@ -456,12 +456,23 @@ static int check_packed_git_idx(const char *path, unsigned long *idx_size_,
 
        /* check index map */
        if (idx_size < 4*256 + 20 + 20)
-               return error("index file too small");
+               return error("index file %s is too small", path);
+
+       /* a future index format would start with this, as older git
+        * binaries would fail the non-monotonic index check below.
+        * give a nicer warning to the user if we can.
+        */
+       if (index[0] == htonl(PACK_IDX_SIGNATURE))
+               return error("index file %s is a newer version"
+                       " and is not supported by this binary"
+                       " (try upgrading GIT to a newer version)",
+                       path);
+
        nr = 0;
        for (i = 0; i < 256; i++) {
                unsigned int n = ntohl(index[i]);
                if (n < nr)
-                       return error("non-monotonic index");
+                       return error("non-monotonic index %s", path);
                nr = n;
        }
 
@@ -473,7 +484,7 @@ static int check_packed_git_idx(const char *path, unsigned long *idx_size_,
         *  - 20-byte SHA1 file checksum
         */
        if (idx_size != 4*256 + nr * 24 + 20 + 20)
-               return error("wrong index file size");
+               return error("wrong index file size in %s", path);
 
        return 0;
 }