[merge] Fix trailing whitespace bug #49182

Aaron Bentley aaron.bentley at utoronto.ca
Thu Jun 22 22:03:02 BST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Arbash Meinel wrote:
> Well, the problem is that my original work was designed only to read a
> single revision. Which you updated to read multiple revisions. So the
> 'state' of the current parser is self.info.revisions and the last entry
> is the one being processed.

Yeah, in working on that, I felt less like a programmer and more like a
battering ram.

> We really should switch it around, so that we read a hunk at a time,
> process it, and put it on the stack. (And since you pointed it out
> self._next() bugs the hell out of me :)

Heh, me too.

> But this fixes the immediate bug, and I think the stuff is in place so
> that v0.9 can be a denser, faster format that does much more correct
> than we do now. bzip + base64 encoded knit-hunks that can be directly
> applied should have some nice benefits.

Don't be afraid to do this in stages.  After all, we can just subclass
the serializers and change their behaviours.

> We just need to figure out
> verification/validation stuff.
> I've wanted to audit the bzr codebase and see how much integrity
> checking we are doing. I added the sha1 check to weave extraction, but I
> don't know if knits are doing it.

Yes, knits check their integrity.  In get_line_list(self, version_ids):

            # digest here is the digest from the last applied component.
            if sha_strings(content.text()) != digest:
                raise KnitCorrupt(self.filename,
                                  'sha-1 does not match %s' % version_id)

There's similar code in _get_content.

> And I think it would be prudent to
> match the sha1 in the inventory to the sha1 the VersionedFile has.
> Otherwise if one is used for the testament, but a different one is used
> in storage, you still have a security hole.

This is true.  The obvious place to do that is in RevisionTree, since it
provides data from both the inventory and the weave texts.  The knit
sha1 and the inventory sha1 should be the same, so you just need to grab
them both and compare.

Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEmwWF0F+nu1YWqI0RAlqWAJ4tnnomAmd9LziLgc+UNxlRe6IwzgCeJJPM
3nrFa51zCQiT78UUZ3keup4=
=esX/
-----END PGP SIGNATURE-----

More information about the bazaar mailing list