aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2013-02-17 15:25:57 -0800
committerJunio C Hamano <gitster@pobox.com>2013-02-17 15:25:57 -0800
commitce735bf7fd66c6404e86e5a313f35abc0394b838 (patch)
treeac1605c58fb6a3b12c90a4085cc6a0a7ada64da9
parentabea4dc76a675d4ac0f27a2367256dc31981d1ca (diff)
parentdaebaa78137d59693a808c1f0bdec0ecb40fc12e (diff)
downloadgit-ce735bf7fd66c6404e86e5a313f35abc0394b838.tar.gz
git-ce735bf7fd66c6404e86e5a313f35abc0394b838.tar.xz
Merge branch 'jc/hidden-refs'
Allow the server side to redact the refs/ namespace it shows to the client. Will merge to 'master'. * jc/hidden-refs: upload/receive-pack: allow hiding ref hierarchies upload-pack: simplify request validation upload-pack: share more code
-rw-r--r--Documentation/config.txt23
-rw-r--r--builtin/receive-pack.c24
-rw-r--r--refs.c44
-rw-r--r--refs.h3
-rwxr-xr-xt/t5512-ls-remote.sh12
-rwxr-xr-xt/t5516-fetch-push.sh27
-rw-r--r--upload-pack.c63
7 files changed, 166 insertions, 30 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt
index 9b1159738..481736a47 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1880,6 +1880,15 @@ receive.denyNonFastForwards::
even if that push is forced. This configuration variable is
set when initializing a shared repository.
+receive.hiderefs::
+ String(s) `receive-pack` uses to decide which refs to omit
+ from its initial advertisement. Use more than one
+ definitions to specify multiple prefix strings. A ref that
+ are under the hierarchies listed on the value of this
+ variable is excluded, and is hidden when responding to `git
+ push`, and an attempt to update or delete a hidden ref by
+ `git push` is rejected.
+
receive.updateserverinfo::
If set to true, git-receive-pack will run git-update-server-info
after receiving data from git-push and updating refs.
@@ -2092,11 +2101,25 @@ transfer.fsckObjects::
not set, the value of this variable is used instead.
Defaults to false.
+transfer.hiderefs::
+ This variable can be used to set both `receive.hiderefs`
+ and `uploadpack.hiderefs` at the same time to the same
+ values. See entries for these other variables.
+
transfer.unpackLimit::
When `fetch.unpackLimit` or `receive.unpackLimit` are
not set, the value of this variable is used instead.
The default value is 100.
+uploadpack.hiderefs::
+ String(s) `upload-pack` uses to decide which refs to omit
+ from its initial advertisement. Use more than one
+ definitions to specify multiple prefix strings. A ref that
+ are under the hierarchies listed on the value of this
+ variable is excluded, and is hidden from `git ls-remote`,
+ `git fetch`, etc. An attempt to fetch a hidden ref by `git
+ fetch` will fail.
+
url.<base>.insteadOf::
Any URL that starts with this value will be rewritten to
start, instead, with <base>. In cases where some site serves a
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index e8878de45..62ba6e7a3 100644
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -59,6 +59,11 @@ static enum deny_action parse_deny_action(const char *var, const char *value)
static int receive_pack_config(const char *var, const char *value, void *cb)
{
+ int status = parse_hide_refs_config(var, value, "receive");
+
+ if (status)
+ return status;
+
if (strcmp(var, "receive.denydeletes") == 0) {
deny_deletes = git_config_bool(var, value);
return 0;
@@ -119,6 +124,9 @@ static int receive_pack_config(const char *var, const char *value, void *cb)
static void show_ref(const char *path, const unsigned char *sha1)
{
+ if (ref_is_hidden(path))
+ return;
+
if (sent_capabilities)
packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
else
@@ -685,6 +693,20 @@ static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])
return -1; /* end of list */
}
+static void reject_updates_to_hidden(struct command *commands)
+{
+ struct command *cmd;
+
+ for (cmd = commands; cmd; cmd = cmd->next) {
+ if (cmd->error_string || !ref_is_hidden(cmd->ref_name))
+ continue;
+ if (is_null_sha1(cmd->new_sha1))
+ cmd->error_string = "deny deleting a hidden ref";
+ else
+ cmd->error_string = "deny updating a hidden ref";
+ }
+}
+
static void execute_commands(struct command *commands, const char *unpacker_error)
{
struct command *cmd;
@@ -701,6 +723,8 @@ static void execute_commands(struct command *commands, const char *unpacker_erro
0, &cmd))
set_connectivity_errors(commands);
+ reject_updates_to_hidden(commands);
+
if (run_receive_hook(commands, "pre-receive", 0)) {
for (cmd = commands; cmd; cmd = cmd->next) {
if (!cmd->error_string)
diff --git a/refs.c b/refs.c
index 296282530..175b9fcaa 100644
--- a/refs.c
+++ b/refs.c
@@ -3,6 +3,7 @@
#include "object.h"
#include "tag.h"
#include "dir.h"
+#include "string-list.h"
/*
* Make sure "ref" is something reasonable to have under ".git/refs/";
@@ -2554,3 +2555,46 @@ char *shorten_unambiguous_ref(const char *refname, int strict)
free(short_name);
return xstrdup(refname);
}
+
+static struct string_list *hide_refs;
+
+int parse_hide_refs_config(const char *var, const char *value, const char *section)
+{
+ if (!strcmp("transfer.hiderefs", var) ||
+ /* NEEDSWORK: use parse_config_key() once both are merged */
+ (!prefixcmp(var, section) && var[strlen(section)] == '.' &&
+ !strcmp(var + strlen(section), ".hiderefs"))) {
+ char *ref;
+ int len;
+
+ if (!value)
+ return config_error_nonbool(var);
+ ref = xstrdup(value);
+ len = strlen(ref);
+ while (len && ref[len - 1] == '/')
+ ref[--len] = '\0';
+ if (!hide_refs) {
+ hide_refs = xcalloc(1, sizeof(*hide_refs));
+ hide_refs->strdup_strings = 1;
+ }
+ string_list_append(hide_refs, ref);
+ }
+ return 0;
+}
+
+int ref_is_hidden(const char *refname)
+{
+ struct string_list_item *item;
+
+ if (!hide_refs)
+ return 0;
+ for_each_string_list_item(item, hide_refs) {
+ int len;
+ if (prefixcmp(refname, item->string))
+ continue;
+ len = strlen(item->string);
+ if (!refname[len] || refname[len] == '/')
+ return 1;
+ }
+ return 0;
+}
diff --git a/refs.h b/refs.h
index d6c2fe2df..1b2e2d3a9 100644
--- a/refs.h
+++ b/refs.h
@@ -147,4 +147,7 @@ int update_ref(const char *action, const char *refname,
const unsigned char *sha1, const unsigned char *oldval,
int flags, enum action_on_err onerr);
+extern int parse_hide_refs_config(const char *var, const char *value, const char *);
+extern int ref_is_hidden(const char *);
+
#endif /* REFS_H */
diff --git a/t/t5512-ls-remote.sh b/t/t5512-ls-remote.sh
index d16e5d384..321c3e523 100755
--- a/t/t5512-ls-remote.sh
+++ b/t/t5512-ls-remote.sh
@@ -126,4 +126,16 @@ test_expect_success 'Report match with --exit-code' '
test_cmp expect actual
'
+for configsection in transfer uploadpack
+do
+ test_expect_success "Hide some refs with $configsection.hiderefs" '
+ test_config $configsection.hiderefs refs/tags &&
+ git ls-remote . >actual &&
+ test_unconfig $configsection.hiderefs &&
+ git ls-remote . |
+ sed -e "/ refs\/tags\//d" >expect &&
+ test_cmp expect actual
+ '
+done
+
test_done
diff --git a/t/t5516-fetch-push.sh b/t/t5516-fetch-push.sh
index 8f024a08f..c31e5c1c5 100755
--- a/t/t5516-fetch-push.sh
+++ b/t/t5516-fetch-push.sh
@@ -1016,4 +1016,31 @@ test_expect_success 'push --prune refspec' '
! check_push_result $the_first_commit tmp/foo tmp/bar
'
+for configsection in transfer receive
+do
+ test_expect_success "push to update a ref hidden by $configsection.hiderefs" '
+ mk_test heads/master hidden/one hidden/two hidden/three &&
+ (
+ cd testrepo &&
+ git config $configsection.hiderefs refs/hidden
+ ) &&
+
+ # push to unhidden ref succeeds normally
+ git push testrepo master:refs/heads/master &&
+ check_push_result $the_commit heads/master &&
+
+ # push to update a hidden ref should fail
+ test_must_fail git push testrepo master:refs/hidden/one &&
+ check_push_result $the_first_commit hidden/one &&
+
+ # push to delete a hidden ref should fail
+ test_must_fail git push testrepo :refs/hidden/two &&
+ check_push_result $the_first_commit hidden/two &&
+
+ # idempotent push to update a hidden ref should fail
+ test_must_fail git push testrepo $the_first_commit:refs/hidden/three &&
+ check_push_result $the_first_commit hidden/three
+ '
+done
+
test_done
diff --git a/upload-pack.c b/upload-pack.c
index 7c05b15e6..30146a04f 100644
--- a/upload-pack.c
+++ b/upload-pack.c
@@ -12,6 +12,7 @@
#include "run-command.h"
#include "sigchain.h"
#include "version.h"
+#include "string-list.h"
static const char upload_pack_usage[] = "git upload-pack [--strict] [--timeout=<n>] <dir>";
@@ -28,7 +29,7 @@ static const char upload_pack_usage[] = "git upload-pack [--strict] [--timeout=<
static unsigned long oldest_have;
-static int multi_ack, nr_our_refs;
+static int multi_ack;
static int no_done;
static int use_thin_pack, use_ofs_delta, use_include_tag;
static int no_progress, daemon_mode;
@@ -139,7 +140,6 @@ static void create_pack_file(void)
{
struct async rev_list;
struct child_process pack_objects;
- int create_full_pack = (nr_our_refs == want_obj.nr && !have_obj.nr);
char data[8193], progress[128];
char abort_msg[] = "aborting due to possible repository "
"corruption on the remote side.";
@@ -151,9 +151,7 @@ static void create_pack_file(void)
argv[arg++] = "pack-objects";
if (!shallow_nr) {
argv[arg++] = "--revs";
- if (create_full_pack)
- argv[arg++] = "--all";
- else if (use_thin_pack)
+ if (use_thin_pack)
argv[arg++] = "--thin";
}
@@ -185,15 +183,15 @@ static void create_pack_file(void)
}
else {
FILE *pipe_fd = xfdopen(pack_objects.in, "w");
- if (!create_full_pack) {
- int i;
- for (i = 0; i < want_obj.nr; i++)
- fprintf(pipe_fd, "%s\n", sha1_to_hex(want_obj.objects[i].item->sha1));
- fprintf(pipe_fd, "--not\n");
- for (i = 0; i < have_obj.nr; i++)
- fprintf(pipe_fd, "%s\n", sha1_to_hex(have_obj.objects[i].item->sha1));
- }
+ int i;
+ for (i = 0; i < want_obj.nr; i++)
+ fprintf(pipe_fd, "%s\n",
+ sha1_to_hex(want_obj.objects[i].item->sha1));
+ fprintf(pipe_fd, "--not\n");
+ for (i = 0; i < have_obj.nr; i++)
+ fprintf(pipe_fd, "%s\n",
+ sha1_to_hex(have_obj.objects[i].item->sha1));
fprintf(pipe_fd, "\n");
fflush(pipe_fd);
fclose(pipe_fd);
@@ -729,15 +727,30 @@ static void receive_needs(void)
free(shallows.objects);
}
+/* return non-zero if the ref is hidden, otherwise 0 */
+static int mark_our_ref(const char *refname, const unsigned char *sha1, int flag, void *cb_data)
+{
+ struct object *o = lookup_unknown_object(sha1);
+
+ if (ref_is_hidden(refname))
+ return 1;
+ if (!o)
+ die("git upload-pack: cannot find object %s:", sha1_to_hex(sha1));
+ o->flags |= OUR_REF;
+ return 0;
+}
+
static int send_ref(const char *refname, const unsigned char *sha1, int flag, void *cb_data)
{
static const char *capabilities = "multi_ack thin-pack side-band"
" side-band-64k ofs-delta shallow no-progress"
" include-tag multi_ack_detailed";
- struct object *o = lookup_unknown_object(sha1);
const char *refname_nons = strip_namespace(refname);
unsigned char peeled[20];
+ if (mark_our_ref(refname, sha1, flag, cb_data))
+ return 0;
+
if (capabilities)
packet_write(1, "%s %s%c%s%s agent=%s\n",
sha1_to_hex(sha1), refname_nons,
@@ -747,27 +760,11 @@ static int send_ref(const char *refname, const unsigned char *sha1, int flag, vo
else
packet_write(1, "%s %s\n", sha1_to_hex(sha1), refname_nons);
capabilities = NULL;
- if (!(o->flags & OUR_REF)) {
- o->flags |= OUR_REF;
- nr_our_refs++;
- }
if (!peel_ref(refname, peeled))
packet_write(1, "%s %s^{}\n", sha1_to_hex(peeled), refname_nons);
return 0;
}
-static int mark_our_ref(const char *refname, const unsigned char *sha1, int flag, void *cb_data)
-{
- struct object *o = parse_object(sha1);
- if (!o)
- die("git upload-pack: cannot find object %s:", sha1_to_hex(sha1));
- if (!(o->flags & OUR_REF)) {
- o->flags |= OUR_REF;
- nr_our_refs++;
- }
- return 0;
-}
-
static void upload_pack(void)
{
if (advertise_refs || !stateless_rpc) {
@@ -789,6 +786,11 @@ static void upload_pack(void)
}
}
+static int upload_pack_config(const char *var, const char *value, void *unused)
+{
+ return parse_hide_refs_config(var, value, "uploadpack");
+}
+
int main(int argc, char **argv)
{
char *dir;
@@ -840,6 +842,7 @@ int main(int argc, char **argv)
die("'%s' does not appear to be a git repository", dir);
if (is_repository_shallow())
die("attempt to fetch/clone from a shallow repository");
+ git_config(upload_pack_config, NULL);
if (getenv("GIT_DEBUG_SEND_PACK"))
debug_fd = atoi(getenv("GIT_DEBUG_SEND_PACK"));
upload_pack();