mirrors/uv
1
0
Fork 0
mirror of https://github.com/astral-sh/uv.git synced 2025-12-07 02:17:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Avoid panic when re-locking with precise commit (#5863)

Browse source 
## Summary

Very subtle bug. The scenario is as follows:

- We resolve: `elmer-circuitbuilder = { git =
"https://github.com/ElmerCSC/elmer_circuitbuilder.git" }`

- The user then changes the request to: `elmer-circuitbuilder = { git =
"https://github.com/ElmerCSC/elmer_circuitbuilder.git", rev =
"44d2f4b19d6837ea990c16f494bdf7543d57483d" }`

- When we go to re-lock, we note two facts:

1. The "default branch" resolves to
`44d2f4b19d6837ea990c16f494bdf7543d57483d`.
2. The metadata for `44d2f4b19d6837ea990c16f494bdf7543d57483d` is
(whatever we grab from the lockfile).

- In the resolver, we then ask for the metadata for
`44d2f4b19d6837ea990c16f494bdf7543d57483d`. It's already in the cache,
so we return it; thus, we never add the
`44d2f4b19d6837ea990c16f494bdf7543d57483d` ->
`44d2f4b19d6837ea990c16f494bdf7543d57483d` mapping to the Git resolver,
because we never have to resolve it.

This would apply for any case in which a requested tag or branch was
replaced by its precise SHA. Replacing with a different commit is fine.

It only applied to `tool.uv.sources`, and not PEP 508 URLs, because the
underlying issue is that we aren't consistent about "automatically"
extracting the precise commit from a Git reference.

Closes https://github.com/astral-sh/uv/issues/5860.
This commit is contained in:
Charlie Marsh 2024-08-07 10:56:15 -04:00 committed by GitHub
parent 3ae75a21aa
commit e4ec6e4025
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 445 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

15
crates/uv-git/src/git.rs
View file

@ -3,8 +3,10 @@
//! Source: <https://github.com/rust-lang/cargo/blob/23eb492cf920ce051abfc56bbaf838514dc8365c/src/cargo/sources/git/utils.rs>
use std::fmt::Display;
use std::path::{Path, PathBuf};
use std::str::{self};
use std::str::{self, FromStr};
use crate::sha::GitOid;
use crate::GitSha;
use anyhow::{anyhow, Context, Result};
use cargo_util::{paths, ProcessBuilder};
use reqwest::StatusCode;
@ -13,8 +15,6 @@ use tracing::debug;
use url::Url;
use uv_fs::Simplified;
use crate::sha::GitOid;
/// A file indicates that if present, `git reset` has been done and a repo
/// checkout is ready to go. See [`GitCheckout::reset`] for why we need this.
const CHECKOUT_READY_LOCK: &str = ".ok";
@ -108,6 +108,15 @@ impl GitReference {
Self::DefaultBranch => "default branch",
}
}
/// Returns the precise [`GitSha`] of this reference, if it's a full commit.
pub(crate) fn as_sha(&self) -> Option<GitSha> {
if let Self::FullCommit(rev) = self {
Some(GitSha::from_str(rev).expect("Full commit should be exactly 40 characters"))
} else {
None
}
}
}
impl Display for GitReference {