Code changes in merge commits

Code changes in merge commits

[John Tapsell]

Hi,

  Our team just struggled with this problem, and I've created a
simple, 3 commit large, example git repository to demonstrate the
problem:

https://github.com/johnflux/ExampleEvilness2

The code:   Adds a file, adds a security fix commit, then removes the
fix during a merge.

This happened by accident in our code during a merge, but nobody
noticed, and it was not easy to track down.

In this example, you can see that the security fix was removed by doing:

$ git log -m -p

However the following do NOT show that the security fix was removed:

$ git log -m -p .
$ git log -m -p tmp.c
$ git log -c -p tmp.c

And so on. In a large code base, this a problem.

John

Re: Code changes in merge commits

[John Tapsell]

Rereading what I wrote, I came across as unintentionally harsh and
rude.  Sorry about that - I was trying to be concise and terse, and it
went a bit wrong :)


What I was thinking to improve this is two short-term fixes:

1. Can we get   git log -m -p .     in the top level directory to show
the same commits as just git log -m -p ?
2. Can we get   git log -m -p somefile           to show all the
changes to that file?  Including when lines are added and then removed
by the merge somehow?

But in the longer term, I was thinking about how this could be improved...

What if merge commits were forced into being always trivial?   i.e.
prevent merges with conflicts or code changes?
Then conflict resolution and code changes are pushed into a second
"ordinary" commit.  That way you can always see what changes have been
made to the code.

E.g.  If you have branch "master"  and branch "A", and there are
conflicts when you merge, you could end up with:

merge commit
   |                  \
   |                  preparation changes to fix conflicts with oldmaster
oldmaster           |
                          A


I know this isn't great, but maybe something along these lines?
Ideally I'd like to see all the code changes to a code base just with
"git log -p".

Any thoughts?

Thanks,

John Tapsell

Re: Code changes in merge commits

[Matthieu Moy]

John Tapsell <johnflux@gmail.com> writes:

> What if merge commits were forced into being always trivial?

It would be relatively easy to "force" a client to always have trivial
merges, but much harder to prevent an attacker to forge a non-trivial
merge commit (e.g. modifying his local git command) and push it.

> Ideally I'd like to see all the code changes to a code base just with
> "git log -p".

What I'd love to see with "git log -p" is the diff between a trivial
merge (possibly including conflict markers) and the actual merge commit.
That would imply that "git log" would redo the merge before computing
the diff (rather heavyweight :-( ), but an empty diff would mean "no
change other than merge", and if any, we would see the conflict
resolution or additional changes in the diff.

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

Re: Code changes in merge commits

[John Tapsell]

> What I'd love to see with "git log -p" is the diff between a trivial
> merge (possibly including conflict markers) and the actual merge commit.
> That would imply that "git log" would redo the merge before computing
> the diff (rather heavyweight :-( ), but an empty diff would mean "no
> change other than merge", and if any, we would see the conflict
> resolution or additional changes in the diff.

This would be wonderful.  And I'd rather have git do the heavyweight
work than doing it myself :-/

I don't know the git internals at all - would it be possible to "save"
the results of the diff?  This is what I was aiming for in my idea of
making the merge and conflict-resolution as separate commits.

> --
> Matthieu Moy
> http://www-verimag.imag.fr/~moy/

Re: Code changes in merge commits

[Duy Nguyen]

On Mon, Sep 29, 2014 at 5:59 PM, Matthieu Moy
<Matthieu.Moy@grenoble-inp.fr> wrote:
>> Ideally I'd like to see all the code changes to a code base just with
>> "git log -p".
>
> What I'd love to see with "git log -p" is the diff between a trivial
> merge (possibly including conflict markers) and the actual merge commit.
> That would imply that "git log" would redo the merge before computing
> the diff (rather heavyweight :-( ), but an empty diff would mean "no
> change other than merge", and if any, we would see the conflict
> resolution or additional changes in the diff.

Topic tr/remerge-diff in 'pu'? I think --remerge-diff works with
git-log, but I'm not sure.
-- 
Duy