[git-annex.git] /

[[!comment format=mdwn
 username="joey"
 subject="""comment 1"""
 date="2023-03-28T18:35:23Z"
 content="""
Looking at the code, handleRequestExport first uses
withExternalState to send EXPORT, and then it calls
handleRequestKey to send the following command. That uses
withExternalState a second time.

withExternalState operates on a pool of processes, so in a race
(when using -J presumably, as your test case does), the two
calls to it can use different externals. And so the bug.

Was easy to fix based on that analysis. I have not tried to reproduce it,
but am confident that I fixed it in
[[!commit 02662f52920e84cd9464641ada84f6c3bbe3f86a]]

----

In your implementation, you're keeping EXPORT set after handling TRANSFEREXPORT
and similar commands, and so if you receive a TRANSFEREXPORT not prefixed by an
EXPORT, it can be bad. A natural way to write things, indeed 
`doc/special_remotes/external/example.sh` does the same.

An alternative implementation would be to clear the EXPORT after handling a 
TRANSFEREXPORT, CHECKPRESENTEXPORT, REMOVEEXPORT, or RENAMEEXPORT.
And have those error out if no EXPORT was received before them.

But, that does not fully avoid the data loss problem. Because this might
happen:

        EXPORT foo
        EXPORT bar
        TRANSFEREXPORT STORE $foo_key $foo_file

So even ignoring the first EXPORT can result in the external special remote
doing the wrong thing. To fully guard against it, you'd have to error out
if multiple EXPORT were received before a request that uses one, rather
than ignoring the first EXPORT.

So, fixing this in your remote and others would need significant defensive
coding. Too much to make sense, IMHO. I think git-annex needs to chnge the
protocol in some way instead, to make it easy for you to avoid speaking to
a buggy git-annex.
"""]]