[MERGE] [0.11] Working bzr+ssh://, make "bzr serve --inet" read-only by default.
Robert Collins
robertc at robertcollins.net
Tue Sep 19 04:24:23 BST 2006
On Mon, 2006-09-18 at 17:32 -0500, John Arbash Meinel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Andrew Bennetts wrote:
> > Hi all,
> >
> > http://people.ubuntu.com/~andrew/bzr/bzr-ssh-testing/ has some changes I'd like
> > to see merged, ideally for 0.11 despite the freeze:
> >
> > * make bzr+ssh:// URLs, added in previous smart server merges, work. Most of
> > the infrastructure was already there, but wasn't fully hooked up or tested.
> > This branch rectifies that. I'd really love for this to get in 0.11, as it
> > will greatly increase the number of people that will experiment with the new
> > smart server work.
> >
> > * adds a --allow-writes option "bzr serve" command (and default to only
> > allowing read-only access). This will make it harder for people to shoot
> > themselves in the foot. It would be particularly useful for serving
> > anonymous bzr branches out of inetd -- so again, significantly boosting the
> > utility of the smart server work so far.
> >
> > So, I'm both seeking reviews of this code, and opinions on if it's ok to make an
> > exception for merging this new functionality into 0.11.
> >
> > -Andrew.
>
> First, a small comment that if you want to get something reviewed
> quickly, it really is easier to review if you include at least a diff.
> (A bundle can be nice too, since we can directly merge from that, but a
> diff at a minimum, so that we can make comments directly, rather than
> looking at it separately.)
>
> You might be interested in something like:
>
> bzr diff -rancestor:$HOME/path/bzr.dev/
>
> I have that aliased as 'BDA' in my .zshrc, though you could also put
> something like it into ~/.bazaar/bazaar.conf.
>
> It generates the same diff that a bundle would, but without the extra
> bundle information.
>
> So... on to the review:
>
> TestBzrServe... almost wants to be a base class like
> 'TestCaseWithTransport' to be 'TestCaseWithBzrServer'. This isn't
> necessary for now, but something like it would probably be a good
> refactoring.
There are several different ways to start the server, and different ways
to test the shutdown happened. I think we're in fairly good shape here.
Loopback tests are an appropriate way to get tests using a smart server:
and we have some extractable helpers in test_smart_transport now.
I really dont think we want any more end to end black box tests for
this: The important things we are testing here are: the remote command
is constructed correctly, and that the local pipes in the client object
are assigned appropriately. Unit tests for this are highly desirable,
and I hope we can in fact delete this 'smoke test' once we have
sufficient intra and inter unit tests for this area of code : it was not
snuck up on via testing so much as crash landed.
> Can we ensure that doing 'del transport' actually cleans up the
> connection? (I assume you are doing this because you want to avoid
> getting an exception from the Transport object, which thinks it is still
> connected).
I insisted on this because of the lack of clarity on how transports and
their shared connection clean up - I wanted to be darn sure nothing
could sneak in badly.
> I'm fine with doing it, but it seems like we may have an api deficiency
> if you need to do it.
I'm sure we do have such a deficiency.
> It seems like 'self.command_executed' should actually be a list, so we
> can tell if there are multiple connection attempts.
>
> Also, it would probably be better to have the StubSSHServer not defined
> inside the test function, so that it could be accessed by other tests in
> the future.
See above for my thoughts on this: not a good idea.
> Why are we translating ReadOnlyError => TransportNotPossible. It seems
> like we would want to tell the user that the remote directory is readonly.
The current API delivers read only errors from a filesystem as
TransportNotPossible('read only transport'). So its compatible with the
rest of the code. We should in the 0.12 cycle add a ReadOnlyTransport
error which is a subclass of TransportNotPossible - or something
similar.
> How do you handle ssh connecting to the local SSH connection without a
> password?
I'm not sure what you mean here.
> Anyway, the changes look good. And while I don't think it is a trivial
> change, it does fit Robert's new definition of trivial (does not
> destabilize existing apis).
Yah, To some extent I'm exercising release-manager judgement here. I
dont think theres a hard rule that can work always :(.
Thanks!
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060919/c0f0f01f/attachment.pgp
More information about the bazaar
mailing list