Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 636256 - rsync procedure does not guarantee monotonous mtimes
Summary: rsync procedure does not guarantee monotonous mtimes
Status: CONFIRMED
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-02 11:32 UTC by Michał Górny
Modified: 2017-11-07 05:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-11-02 11:32:07 UTC 
It seems that right now we're unconditionally forcing 'git reset --hard' for no good reason, and then using 'git-restore-mtime' to fix mtimes of files (copying commit timestamps). However, given that we don't really verify commit timestamps, there's no guarantee that mtimes will be anywhere near sane.

Putting aside the possibility of intentional timestamp manipulation (git provides envvars to set their values), two developers committing in a short time with small enough clock drifts can result in a newer commit having older timestamp than its parent. If both commits affect the same file, it can even cause mtime going back in time.

Then there's the risk of server clock time() being earlier than mtimes which can cause all kinds of minor issues. For full tree signing with incremental updates, having monotonous timestamps is important.

I think we should really work towards using a regular 'git pull' whenever possible, and relying on regular mtime updates. 'git reset --hard' should be only necessary if force push is done (i.e. almost never), and even if that happens I suppose one full rsync will be the least of our problems.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2017-11-05 00:30:36 UTC 
I need to dig out the older bugs, but the original problem started because rsync didn't have enough timestamp resolution, and some of the Manifest changes were not being propagated to clients: file size remained the same, mtime was within the same second.
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-11-05 08:48:27 UTC 
I don't see how that would be relevant. Even if we assume that our scripts are fast enough to immediately thicken the Manifest within a single second after git update, the mirrors shouldn't be likely to fetch the interim state.
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2017-11-06 22:22:14 UTC 
(In reply to Michał Górny from comment #2)
> I don't see how that would be relevant. Even if we assume that our scripts
> are fast enough to immediately thicken the Manifest within a single second
> after git update, the mirrors shouldn't be likely to fetch the interim state.
It was going out to mirrors sometimes :-(.

One of the things I considered for this, was to make the git tree with metadata become the official source for rsync mirrors. The only concern I had in this is getting better atomic checkouts without forcing mtime jumps on unchanged files.
Comment 4 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-11-07 05:30:58 UTC 
Can't we establishing some kings of locking for this?