Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disallow duplicate storage paths #26484

Merged
merged 5 commits into from
Feb 9, 2024
Merged

Conversation

lunny
Copy link
Member

@lunny lunny commented Aug 14, 2023

Replace #26380

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Aug 14, 2023
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Aug 14, 2023
@lunny lunny changed the title Ensure different path will not be shared to avoid wrong operations Ensure different paths will not be configured to share to avoid wrong operations Aug 14, 2023
@pull-request-size pull-request-size bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Aug 14, 2023
@lunny lunny added the backport/v1.20 This PR should be backported to Gitea 1.20 label Aug 14, 2023
@lunny lunny added this to the 1.21.0 milestone Aug 14, 2023
modules/setting/setting.go Outdated Show resolved Hide resolved
@lunny lunny modified the milestones: 1.21.0, 1.22.0 Sep 21, 2023
@lunny lunny added backport/v1.21 This PR should be backported to Gitea 1.21 and removed backport/v1.20 This PR should be backported to Gitea 1.20 labels Jan 22, 2024
@lunny lunny requested a review from delvh January 22, 2024 08:00
Copy link
Member

@delvh delvh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, we haven't merged this PR yet?

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 2, 2024
@delvh delvh changed the title Ensure different paths will not be configured to share to avoid wrong operations Disallow duplicate storage paths Feb 2, 2024
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 9, 2024
@lafriks lafriks enabled auto-merge (squash) February 9, 2024 13:42
@delvh delvh added topic/lfs type/enhancement An improvement of existing functionality labels Feb 9, 2024
@lafriks lafriks merged commit 92fda9c into go-gitea:main Feb 9, 2024
26 checks passed
@GiteaBot
Copy link
Collaborator

I was unable to create a backport for 1.21. @lunny, please send one manually. 🍵

go run ./contrib/backport 26484
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added the backport/manual No power to the bots! Create your backport yourself! label Feb 10, 2024
@lunny lunny deleted the lunny/ensure_unique_path branch February 10, 2024 03:49
@lunny lunny removed the backport/v1.21 This PR should be backported to Gitea 1.21 label Feb 10, 2024
@lunny
Copy link
Member Author

lunny commented Feb 10, 2024

Since it's not a bug, I will not send backport to 1.21.

@wxiaoguang
Copy link
Contributor

  1. I think it is breaking, it would stop some poor users from starting the instance.
  2. What an end user could do if they see such fatal message? They are unable to use their instance anymore.

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Feb 10, 2024

I would strongly suggest to revert this PR, if you really would like to check, you could check it in the "self check" page.

If you'd like to show "fatal" message, I think you should only do it if the directory is empty (say, an empty instance)

@lunny
Copy link
Member Author

lunny commented Feb 10, 2024

Or maybe we can use a warning instead of fatal here?

@delvh
Copy link
Member

delvh commented Feb 10, 2024

@wxiaoguang the problem I can see with that is that this misconfiguration can have dire consequences:
It can lead to end user data being irreversibly corrupted without knowing why.
I don't think it is right that Gitea lets users shoot themselves in the foot.
If it is only a warning for something this critical, it might be missed for a long time leading to more corrupted data.

In this case, I'd say the negative outcomes of allowing this bug to "silently" occur far outweigh the negative outcomes of giving new instance admins a fatal error to notice they need to fix it when updating.
As such, I'm in favor of keeping the fatal over a warning.
If the bug had a reversible effect, I'd agree with you.

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Feb 10, 2024 via email

@delvh
Copy link
Member

delvh commented Feb 10, 2024

  1. The number of affected users should be low as Gitea does not generate duplicate storage paths by default, and most often, people do not reuse the same directories for file storage
  2. Then, define unlucky user here:
    If you're updating Gitea, you're not just a normal user but an admin.
    As such, you typically choose a time to update when there will not be much traffic and have defined an update time when the server will be unavailable.
  3. Assuming you run into a problem while updating, if you are a good admin, you made a backup beforehand. If you are unable to update in time, roll back to the previous version and try to allocate more time to the update
  4. Next, if you encounter this problem, you'll need to move all affected files to the new location, or you accept losing this data. Sometimes, this is an easy process that simply involves one mv *.<suffix> <new folder>, and sometimes you need to move these things manually. When in doubt about where a file belongs, then so is Gitea, so Gitea is already broken then.

I know, it is not the nicest option, but as I said, allowing broken Giteas only leads to more problems down the line instead of once when updating.

@delvh
Copy link
Member

delvh commented Feb 10, 2024

Additionally, as I just noticed, there is an easy workaround that does not lose any data:
if path $OLD is used at least twice, you can cp -r $OLD/* $NEW for every $NEW storage path.
While your disk usage might increase somewhat and some things might be accessible suddenly to outsiders that should not be accessible to them, you won't lose any data.

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Feb 10, 2024

The root issue is # #26264 : incorrect config removes user files.


About the proposals for "helping unlucky users to fix the problem":

this is an easy process that simply involves one mv . , and sometimes you need to move these things manually.
Additionally, as I just noticed, there is an easy workaround that does not lose any data:
if path $OLD is used at least twice, you can cp -r $OLD/
$NEW for every $NEW storage path.

IIRC that's the same conclusion as the old discussion in discord and #26380 (comment) :

  • It is impossible for end users to "mv" the related files to fix the "fatal".
  • For the "cp" approach, it might work, at least there should be some documents to help the poor users .... but there is no document .....

Beside the documentation problem, there are more problems in this PR (why I suggested to revert, or improve):

  • Incomplete, the real root problem is not "make sure path unique", but "avoid path overlap". Think about a case:
    • storage.a.path = "/data"
    • storage.b.path = "/data/sub"
    • It passes this PR's check, but it still causes problems (that's also my opinion in Storage paths must be unique #26380: "they shouldn't overlap in most cases")
  • Improper fatal message. The log says app_work_path / "storage." + name, but app_work_path is not a config option. It would cause misuse or misunderstanding.
  • Incorrect, because in some cases (eg: docker), the AppWorkPath is CustomPath, but this PR makes it "fatal"
  • No test ....

@wxiaoguang
Copy link
Contributor

By using a docker image, you will see

gitea  | 2024/02/10 12:25:05 cmd/web.go:114:showWebStartupMessage() [I] * WorkPath: /data/gitea
gitea  | 2024/02/10 12:25:05 cmd/web.go:115:showWebStartupMessage() [I] * CustomPath: /data/gitea

So, WorkPath is CustomPath in docker.

But why the nightly doesn't fail? Because the code fatalDuplicatedPath("app_work_path", AppWorkPath) is also incorrect: it only reads the default AppWorkPath, but not the real AppWorkPath. So, incorrect code + incorrect code = the docker image still runs ....

@delvh
Copy link
Member

delvh commented Feb 10, 2024

Yep, you've got a point there.
If our docker image misbehaves like that, I can hardly disagree with you that the current fix is sufficient.

zjjhot added a commit to zjjhot/gitea that referenced this pull request Feb 14, 2024
* giteaofficial/main: (38 commits)
  Document how the TOC election process works (go-gitea#29135)
  Runner tokens are multi use (go-gitea#29153)
  Fix Gitpod logic of setting ROOT_URL (go-gitea#29162)
  Remove jQuery from the user search form in admin page (go-gitea#29151)
  Dont load Review if Comment is CommentTypeReviewRequest (go-gitea#28551)
  Show `View at this point in history` for every commit (go-gitea#29122)
  [skip ci] Updated translations via Crowdin
  Add merge style `fast-forward-only` (go-gitea#28954)
  Use Markdown alert syntax for notes in README (go-gitea#29150)
  Refactor issue template parsing and fix API endpoint (go-gitea#29069)
  [skip ci] Updated translations via Crowdin
  Update some translations and fix markdown formatting (go-gitea#29099)
  Show more settings for empty repositories (go-gitea#29130)
  Update JS and PY dependencies (go-gitea#29127)
  Add alert blocks in markdown (go-gitea#29121)
  Remove obsolete border-radius on comment content (go-gitea#29128)
  Make blockquote border size less aggressive (go-gitea#29124)
  Drop "@" from email sender to avoid spam filters (go-gitea#29109)
  [skip ci] Updated translations via Crowdin
  Disallow duplicate storage paths (go-gitea#26484)
  ...
wxiaoguang added a commit to wxiaoguang/gitea that referenced this pull request Feb 14, 2024
@wxiaoguang
Copy link
Contributor

silverwind pushed a commit to silverwind/gitea that referenced this pull request Feb 20, 2024
Copy link

Automatically locked because of our CONTRIBUTING guidelines

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/manual No power to the bots! Create your backport yourself! lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. topic/lfs type/enhancement An improvement of existing functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants