kernel
/
git
mirror of https://git.kernel.org/pub/scm/git/git.git
1
0
Fork 0
Code Releases Activity

docs: clarify the interaction of transfer.hideRefs and namespaces 

Expand the section about namespaces in the documentation of
`transfer.hideRefs` to point out the subtle differences between
`upload-pack` and `receive-pack`.

ffcfb68176 (upload-pack.c: treat want-ref relative to namespace,
2021-07-30) taught `upload-pack` to reject `want-ref`s for hidden refs,
which is now mentioned. It is clarified that at no point the name of a
hidden ref is revealed, but the object id it points to may.

Signed-off-by: Kim Altintop <kim@eagain.st>
Reviewed-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
maint
Kim Altintop 2021-08-13 06:23:54 +00:00 committed by Junio C Hamano
parent 3955140653
commit 53a66ec37c
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Documentation/config/transfer.txt
View File

@ -52,13 +52,17 @@ If you have multiple hideRefs values, later entries override earlier ones
(and entries in more-specific config files override less-specific ones). (and entries in more-specific config files override less-specific ones).
+ +
If a namespace is in use, the namespace prefix is stripped from each If a namespace is in use, the namespace prefix is stripped from each
reference before it is matched against `transfer.hiderefs` patterns. reference before it is matched against `transfer.hiderefs` patterns. In
order to match refs before stripping, add a `^` in front of the ref name. If
you combine `!` and `^`, `!` must be specified first.
+
For example, if `refs/heads/master` is specified in `transfer.hideRefs` and For example, if `refs/heads/master` is specified in `transfer.hideRefs` and
the current namespace is `foo`, then `refs/namespaces/foo/refs/heads/master` the current namespace is `foo`, then `refs/namespaces/foo/refs/heads/master`
is omitted from the advertisements but `refs/heads/master` and is omitted from the advertisements. If `uploadpack.allowRefInWant` is set,
`refs/namespaces/bar/refs/heads/master` are still advertised as so-called `upload-pack` will treat `want-ref refs/heads/master` in a protocol v2
"have" lines. In order to match refs before stripping, add a `^` in front of `fetch` command as if `refs/namespaces/foo/refs/heads/master` did not exist.
the ref name. If you combine `!` and `^`, `!` must be specified first. `receive-pack`, on the other hand, will still advertise the object id the
ref is pointing to without mentioning its name (a so-called ".have" line).
+ +
Even if you hide refs, a client may still be able to steal the target Even if you hide refs, a client may still be able to steal the target
objects via the techniques described in the "SECURITY" section of the objects via the techniques described in the "SECURITY" section of the