Troubleshooting SHA1 Failures with Mercurial Repositories
Augie Fackler
raf at durin42.com
Sat Jun 13 20:31:06 UTC 2020
> On Jun 13, 2020, at 9:24 AM, Paul Boddie <paul at boddie.org.uk> wrote:
>
> Hello,
>
> I have very recently retired a rather old computer that has been my main
> development machine for a very long time, but in the last few months it has
> exhibited some unreliable behaviour in various respects. There is probably an
> interesting detective story here somewhere, and I welcome insights into the
> underlying system issues, but my motivation for sending this message is
> obviously to assess the impacts on my Mercurial repositories.
>
> (To skip the background, just skip the next three paragraphs!)
>
> The cause of this unreliable behaviour became more apparent when obtaining DVD
> images to use with the new computer that will now become my development
> machine. Upon running md5sum, sha1sum, sha256sum or sha512sum on the
> downloaded DVD image files, it was almost impossible to generate the correct
> digests. Moreover, the digests were typically different on each invocation of
> the chosen program on the same file, producing something new each time. And
> yet, two separately downloaded copies of the same file would compare (using
> the cmp program) and be shown to be identical!
>
> Diagnosis of the situation involved writing fairly simple programs to generate
> large files with predictable but varying content and then reading them back,
> which seemed to yield the expected content each time. I also investigated
> other message digest tools and found that the Java-based jacksum tool did
> function more reliably with MD5 digests but not all of the time. OpenSSL-based
> tools did not fare any better than those which presumably use the C library
> digest functions. I ran memtest86+ for some time without any indication of
> memory failure, and there was no obvious indication of disk failure, although
> I shall aim to run more extensive smartctl tests to be sure.
>
> Generally, I have not experienced obvious problems with my data, but I have
> experienced frustration with distribution updates (Debian's apt complaining
> about hash sum mismatches) and it has been largely impossible to clone large
> Git repositories ("index pack failed"), although I assumed that this was just
> Git making increasing demands on system capabilities (and being typically
> unhelpful). I doubt that anyone else runs hardware this old - Pentium 4, 3.0
> GHz, "Prescott" generation - and support for 32-bit x86 is gradually
> disappearing, so I don't know what level of experience other people are likely
> to have with these issues (other than remarks about the system being old and
> needing replacement).
>
> (Here comes the bit specifically related to Mercurial.)
>
> Anyway, I find myself with Mercurial repositories that I have been updating
> during periods of unreliability. On practically no occasion (or not recently,
> and then maybe once) have I had a problem updating or accessing repositories,
> but I wondered what kind of effects this unreliability might have had on
> repository integrity. The Mercurial Wiki and other documentation does not
> readily explain the implications of faulty digests, although I found the
> following interesting remarks:
>
> "The repository owner may continue committing to the heads of the repository,
> but attempts to view the repository at any changeset containing the sensitive
> file data will fail due to the hash mismatch (examples: hg update, hg diff, hg
> annotate). "hg verify" will fail due to the hash mismatch as well."
>
> https://www.mercurial-scm.org/wiki/CensorPlan
>
> Now, having copied repositories to my new machine, I have successfully
> verified the repositories using hg verify. However, using hg convert reveals
> differing nodeids between the original and converted repositories. I have
> tried hg convert with both --branchsort and --sourcesort options. Then, I have
> generated readily comparable logs as follows:
>
> hg log --template '{node}\n' > logfile
>
> Running diff on the logs for the original and converted repositories reveals
> considerable differences in nodeids for some repositories, even ones which
> haven't been touched in years, but no differences for others. It appears that
> --sourcesort replicates history more accurately (as suggested by the
> documentation). For validation, converting the converted repositories again
> (using --sourcesort) produces identical histories, as one might expect.
>
> I suppose I am left wondering about a few things. Are such simple comparisons
> of repository histories useful in assessing the prevalence of faulty nodeids?
> How may faulty nodeids affect the integrity of repositories (considering the
> quote about censored changesets above)? Are there any compelling practical
> arguments for converting these faulty repositories if they otherwise function
> apparently normally? (I realise that combining faulty and converted
> repositories will result in divergence in the graph at inappropriate places.)
Over the years we’ve gotten a lot pickier about ordering of metadata in changeset objects we produce. My guess is that if the original repo passes `hg verify` nothing is wrong in the source repo, and that the differences you’re seeing are entirely metadata-ordering related (which is to say harmless).
Was there any specific thing that motivated using `hg convert`?
>
> Sorry for the long message, but any insights would be much appreciated!
>
> Paul
>
>
> _______________________________________________
> Mercurial mailing list
> Mercurial at mercurial-scm.org
> https://www.mercurial-scm.org/mailman/listinfo/mercurial
More information about the Mercurial
mailing list