Re: [RFC] Is using git describe resilient enough for setting the build version of git?

[Steve Diver <squelch@think.zenbe.com>]

On 21/02/2010 06:07, Avery Pennarun wrote:
>
> On Sat, Feb 20, 2010 at 7:48 PM, Steve Diver<squelch@think.zenbe.com>  wrote:
>> Reading the manual entry for "git describe"[1] there is a note saying that
>> the hash suffix does not guarantee disambiguity, and given that a tag may be
>> incorrect or missing, there is a chance - albeit with diminishing odds -
>> that the 5 digit hash/tag combination might lead to some obscure problems at
>> some point along the line.
>>
>> The chance of this happening really is low, but there is a chance all the
>> same. We cannot foresee all errors, but identifying, and further reducing
>> the odds of some must be good. Without doing the math, a guess would be that
>> the probability of a repeat 5 digit abbreviated hash suffix increases the
>> longer a tagged version is in place, so never will be 100% safe.
>
> Not really.  Note that the number *before* the hash is the number of
> commits between your version and the tag.  So the only way to get an
> actual undetectable overlap would be to have two commits that are both
> the same number of commits on top of the given tag, *and* both start
> with the same first five digits.  It's just not very likely at all.
> Besides which, using the hash code feature of git-describe is most
> useful for the short periods between versions, not as a long-term
> thing.  After a new release comes out it's unlikely anyone will care
> if the previous hash prefixes were overlapping.
>
Thanks for pointing that out, and I concede that it is most unlikely. 
Testing for a minor build revision is probably not a good idea anyway. I 
was thinking along the lines of testing for version integrity.

>> I may be wrong, but the only scenario where I see DEF_VER being used by
>> GIT-VERSION-GEN, would be when there are no tags for git describe to
>> retrieve. ie "git pull --no-tags"
>>
>> If my understanding is correct, DEF_VER is unique and set at the same time
>> as the tagged version, so wouldn't it be desirable to cross check, or
>> include this value instead of relying solely on the tag when present during
>> the generation of GIT-VERSION-FILE at build time?
>
> If I recall correctly, the main reason for DEF_VER is when building
> git from a tarball, in which case 'git describe' wouldn't be able to
> tell you anything useful.
>
I suppose my point is that relying on the tag alone via git describe, 
does not guarantee the correct displayed version. The actual minor build 
is less important. This was the only mechanism that allowed me to 
recognise something was amiss. It is the major version number that 
interests me.

Take for example a client application that tests for the git version, 
avoids problems in older versions, and utilizes features from the latest 
and greatest. This could all happen at run time, and would be fairly 
resilient, except for when the version is incorrectly applied.

If the client app used the output from my 1.7.0 build which was 
incorrectly labelled, it would not try to use feature x or would fail 
with a prompt to install a newer version. The situation could be far 
more serious if the advertised version was 1.7.0 based on a rogue tag, 
and the build was 1.5.0 - extreme and unlikely, but hopefully 
illustrates my point

What I am suggesting is that DEF_VER is not only used as fail over where 
git describe does not yield anything useful, but is also used for 
"checks and balances" purposes where git describe generates something 
different from DEF_VER.

Steve