diff options
| -rw-r--r-- | Documentation/config.txt | 23 | ||||
| -rw-r--r-- | builtin/receive-pack.c | 24 | ||||
| -rw-r--r-- | refs.c | 44 | ||||
| -rw-r--r-- | refs.h | 3 | ||||
| -rwxr-xr-x | t/t5512-ls-remote.sh | 12 | ||||
| -rwxr-xr-x | t/t5516-fetch-push.sh | 27 | ||||
| -rw-r--r-- | upload-pack.c | 63 | 
7 files changed, 166 insertions, 30 deletions
| diff --git a/Documentation/config.txt b/Documentation/config.txt index 9b11597387..481736a471 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1880,6 +1880,15 @@ receive.denyNonFastForwards::  	even if that push is forced. This configuration variable is  	set when initializing a shared repository. +receive.hiderefs:: +	String(s) `receive-pack` uses to decide which refs to omit +	from its initial advertisement.  Use more than one +	definitions to specify multiple prefix strings. A ref that +	are under the hierarchies listed on the value of this +	variable is excluded, and is hidden when responding to `git +	push`, and an attempt to update or delete a hidden ref by +	`git push` is rejected. +  receive.updateserverinfo::  	If set to true, git-receive-pack will run git-update-server-info  	after receiving data from git-push and updating refs. @@ -2092,11 +2101,25 @@ transfer.fsckObjects::  	not set, the value of this variable is used instead.  	Defaults to false. +transfer.hiderefs:: +	This variable can be used to set both `receive.hiderefs` +	and `uploadpack.hiderefs` at the same time to the same +	values.  See entries for these other variables. +  transfer.unpackLimit::  	When `fetch.unpackLimit` or `receive.unpackLimit` are  	not set, the value of this variable is used instead.  	The default value is 100. +uploadpack.hiderefs:: +	String(s) `upload-pack` uses to decide which refs to omit +	from its initial advertisement.  Use more than one +	definitions to specify multiple prefix strings. A ref that +	are under the hierarchies listed on the value of this +	variable is excluded, and is hidden from `git ls-remote`, +	`git fetch`, etc.  An attempt to fetch a hidden ref by `git +	fetch` will fail. +  url.<base>.insteadOf::  	Any URL that starts with this value will be rewritten to  	start, instead, with <base>. In cases where some site serves a diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index e8878de45c..62ba6e7a3d 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -59,6 +59,11 @@ static enum deny_action parse_deny_action(const char *var, const char *value)  static int receive_pack_config(const char *var, const char *value, void *cb)  { +	int status = parse_hide_refs_config(var, value, "receive"); + +	if (status) +		return status; +  	if (strcmp(var, "receive.denydeletes") == 0) {  		deny_deletes = git_config_bool(var, value);  		return 0; @@ -119,6 +124,9 @@ static int receive_pack_config(const char *var, const char *value, void *cb)  static void show_ref(const char *path, const unsigned char *sha1)  { +	if (ref_is_hidden(path)) +		return; +  	if (sent_capabilities)  		packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);  	else @@ -685,6 +693,20 @@ static int iterate_receive_command_list(void *cb_data, unsigned char sha1[20])  	return -1; /* end of list */  } +static void reject_updates_to_hidden(struct command *commands) +{ +	struct command *cmd; + +	for (cmd = commands; cmd; cmd = cmd->next) { +		if (cmd->error_string || !ref_is_hidden(cmd->ref_name)) +			continue; +		if (is_null_sha1(cmd->new_sha1)) +			cmd->error_string = "deny deleting a hidden ref"; +		else +			cmd->error_string = "deny updating a hidden ref"; +	} +} +  static void execute_commands(struct command *commands, const char *unpacker_error)  {  	struct command *cmd; @@ -701,6 +723,8 @@ static void execute_commands(struct command *commands, const char *unpacker_erro  				       0, &cmd))  		set_connectivity_errors(commands); +	reject_updates_to_hidden(commands); +  	if (run_receive_hook(commands, "pre-receive", 0)) {  		for (cmd = commands; cmd; cmd = cmd->next) {  			if (!cmd->error_string) @@ -3,6 +3,7 @@  #include "object.h"  #include "tag.h"  #include "dir.h" +#include "string-list.h"  /*   * Make sure "ref" is something reasonable to have under ".git/refs/"; @@ -2554,3 +2555,46 @@ char *shorten_unambiguous_ref(const char *refname, int strict)  	free(short_name);  	return xstrdup(refname);  } + +static struct string_list *hide_refs; + +int parse_hide_refs_config(const char *var, const char *value, const char *section) +{ +	if (!strcmp("transfer.hiderefs", var) || +	    /* NEEDSWORK: use parse_config_key() once both are merged */ +	    (!prefixcmp(var, section) && var[strlen(section)] == '.' && +	     !strcmp(var + strlen(section), ".hiderefs"))) { +		char *ref; +		int len; + +		if (!value) +			return config_error_nonbool(var); +		ref = xstrdup(value); +		len = strlen(ref); +		while (len && ref[len - 1] == '/') +			ref[--len] = '\0'; +		if (!hide_refs) { +			hide_refs = xcalloc(1, sizeof(*hide_refs)); +			hide_refs->strdup_strings = 1; +		} +		string_list_append(hide_refs, ref); +	} +	return 0; +} + +int ref_is_hidden(const char *refname) +{ +	struct string_list_item *item; + +	if (!hide_refs) +		return 0; +	for_each_string_list_item(item, hide_refs) { +		int len; +		if (prefixcmp(refname, item->string)) +			continue; +		len = strlen(item->string); +		if (!refname[len] || refname[len] == '/') +			return 1; +	} +	return 0; +} @@ -147,4 +147,7 @@ int update_ref(const char *action, const char *refname,  		const unsigned char *sha1, const unsigned char *oldval,  		int flags, enum action_on_err onerr); +extern int parse_hide_refs_config(const char *var, const char *value, const char *); +extern int ref_is_hidden(const char *); +  #endif /* REFS_H */ diff --git a/t/t5512-ls-remote.sh b/t/t5512-ls-remote.sh index d16e5d384a..321c3e5234 100755 --- a/t/t5512-ls-remote.sh +++ b/t/t5512-ls-remote.sh @@ -126,4 +126,16 @@ test_expect_success 'Report match with --exit-code' '  	test_cmp expect actual  ' +for configsection in transfer uploadpack +do +	test_expect_success "Hide some refs with $configsection.hiderefs" ' +		test_config $configsection.hiderefs refs/tags && +		git ls-remote . >actual && +		test_unconfig $configsection.hiderefs && +		git ls-remote . | +		sed -e "/	refs\/tags\//d" >expect && +		test_cmp expect actual +	' +done +  test_done diff --git a/t/t5516-fetch-push.sh b/t/t5516-fetch-push.sh index 8f024a08f0..c31e5c1c52 100755 --- a/t/t5516-fetch-push.sh +++ b/t/t5516-fetch-push.sh @@ -1016,4 +1016,31 @@ test_expect_success 'push --prune refspec' '  	! check_push_result $the_first_commit tmp/foo tmp/bar  ' +for configsection in transfer receive +do +	test_expect_success "push to update a ref hidden by $configsection.hiderefs" ' +		mk_test heads/master hidden/one hidden/two hidden/three && +		( +			cd testrepo && +			git config $configsection.hiderefs refs/hidden +		) && + +		# push to unhidden ref succeeds normally +		git push testrepo master:refs/heads/master && +		check_push_result $the_commit heads/master && + +		# push to update a hidden ref should fail +		test_must_fail git push testrepo master:refs/hidden/one && +		check_push_result $the_first_commit hidden/one && + +		# push to delete a hidden ref should fail +		test_must_fail git push testrepo :refs/hidden/two && +		check_push_result $the_first_commit hidden/two && + +		# idempotent push to update a hidden ref should fail +		test_must_fail git push testrepo $the_first_commit:refs/hidden/three && +		check_push_result $the_first_commit hidden/three +	' +done +  test_done diff --git a/upload-pack.c b/upload-pack.c index 7c05b15e68..30146a04f7 100644 --- a/upload-pack.c +++ b/upload-pack.c @@ -12,6 +12,7 @@  #include "run-command.h"  #include "sigchain.h"  #include "version.h" +#include "string-list.h"  static const char upload_pack_usage[] = "git upload-pack [--strict] [--timeout=<n>] <dir>"; @@ -28,7 +29,7 @@ static const char upload_pack_usage[] = "git upload-pack [--strict] [--timeout=<  static unsigned long oldest_have; -static int multi_ack, nr_our_refs; +static int multi_ack;  static int no_done;  static int use_thin_pack, use_ofs_delta, use_include_tag;  static int no_progress, daemon_mode; @@ -139,7 +140,6 @@ static void create_pack_file(void)  {  	struct async rev_list;  	struct child_process pack_objects; -	int create_full_pack = (nr_our_refs == want_obj.nr && !have_obj.nr);  	char data[8193], progress[128];  	char abort_msg[] = "aborting due to possible repository "  		"corruption on the remote side."; @@ -151,9 +151,7 @@ static void create_pack_file(void)  	argv[arg++] = "pack-objects";  	if (!shallow_nr) {  		argv[arg++] = "--revs"; -		if (create_full_pack) -			argv[arg++] = "--all"; -		else if (use_thin_pack) +		if (use_thin_pack)  			argv[arg++] = "--thin";  	} @@ -185,15 +183,15 @@ static void create_pack_file(void)  	}  	else {  		FILE *pipe_fd = xfdopen(pack_objects.in, "w"); -		if (!create_full_pack) { -			int i; -			for (i = 0; i < want_obj.nr; i++) -				fprintf(pipe_fd, "%s\n", sha1_to_hex(want_obj.objects[i].item->sha1)); -			fprintf(pipe_fd, "--not\n"); -			for (i = 0; i < have_obj.nr; i++) -				fprintf(pipe_fd, "%s\n", sha1_to_hex(have_obj.objects[i].item->sha1)); -		} +		int i; +		for (i = 0; i < want_obj.nr; i++) +			fprintf(pipe_fd, "%s\n", +				sha1_to_hex(want_obj.objects[i].item->sha1)); +		fprintf(pipe_fd, "--not\n"); +		for (i = 0; i < have_obj.nr; i++) +			fprintf(pipe_fd, "%s\n", +				sha1_to_hex(have_obj.objects[i].item->sha1));  		fprintf(pipe_fd, "\n");  		fflush(pipe_fd);  		fclose(pipe_fd); @@ -729,15 +727,30 @@ static void receive_needs(void)  	free(shallows.objects);  } +/* return non-zero if the ref is hidden, otherwise 0 */ +static int mark_our_ref(const char *refname, const unsigned char *sha1, int flag, void *cb_data) +{ +	struct object *o = lookup_unknown_object(sha1); + +	if (ref_is_hidden(refname)) +		return 1; +	if (!o) +		die("git upload-pack: cannot find object %s:", sha1_to_hex(sha1)); +	o->flags |= OUR_REF; +	return 0; +} +  static int send_ref(const char *refname, const unsigned char *sha1, int flag, void *cb_data)  {  	static const char *capabilities = "multi_ack thin-pack side-band"  		" side-band-64k ofs-delta shallow no-progress"  		" include-tag multi_ack_detailed"; -	struct object *o = lookup_unknown_object(sha1);  	const char *refname_nons = strip_namespace(refname);  	unsigned char peeled[20]; +	if (mark_our_ref(refname, sha1, flag, cb_data)) +		return 0; +  	if (capabilities)  		packet_write(1, "%s %s%c%s%s agent=%s\n",  			     sha1_to_hex(sha1), refname_nons, @@ -747,27 +760,11 @@ static int send_ref(const char *refname, const unsigned char *sha1, int flag, vo  	else  		packet_write(1, "%s %s\n", sha1_to_hex(sha1), refname_nons);  	capabilities = NULL; -	if (!(o->flags & OUR_REF)) { -		o->flags |= OUR_REF; -		nr_our_refs++; -	}  	if (!peel_ref(refname, peeled))  		packet_write(1, "%s %s^{}\n", sha1_to_hex(peeled), refname_nons);  	return 0;  } -static int mark_our_ref(const char *refname, const unsigned char *sha1, int flag, void *cb_data) -{ -	struct object *o = parse_object(sha1); -	if (!o) -		die("git upload-pack: cannot find object %s:", sha1_to_hex(sha1)); -	if (!(o->flags & OUR_REF)) { -		o->flags |= OUR_REF; -		nr_our_refs++; -	} -	return 0; -} -  static void upload_pack(void)  {  	if (advertise_refs || !stateless_rpc) { @@ -789,6 +786,11 @@ static void upload_pack(void)  	}  } +static int upload_pack_config(const char *var, const char *value, void *unused) +{ +	return parse_hide_refs_config(var, value, "uploadpack"); +} +  int main(int argc, char **argv)  {  	char *dir; @@ -840,6 +842,7 @@ int main(int argc, char **argv)  		die("'%s' does not appear to be a git repository", dir);  	if (is_repository_shallow())  		die("attempt to fetch/clone from a shallow repository"); +	git_config(upload_pack_config, NULL);  	if (getenv("GIT_DEBUG_SEND_PACK"))  		debug_fd = atoi(getenv("GIT_DEBUG_SEND_PACK"));  	upload_pack(); | 
