From: Kim Altintop <kim@eagain.st>
To: git@vger.kernel.org
Cc: kim@eagain.st, gitster@pobox.com, jonathantanmy@google.com,
bwilliams.eng@gmail.com, johannes.schindelin@gmx.de,
jrnieder@gmail.com, sunshine@sunshineco.com
Subject: [PATCH v6 3/3] docs: clarify the interaction of transfer.hideRefs and namespaces
Date: Fri, 13 Aug 2021 06:23:54 +0000 [thread overview]
Message-ID: <20210813062237.10403-4-kim@eagain.st> (raw)
In-Reply-To: <20210809175530.75326-1-kim@eagain.st>
Expand the section about namespaces in the documentation of
`transfer.hideRefs` to point out the subtle differences between
`upload-pack` and `receive-pack`.
ffcfb68176 (upload-pack.c: treat want-ref relative to namespace,
2021-07-30) taught `upload-pack` to reject `want-ref`s for hidden refs,
which is now mentioned. It is clarified that at no point the name of a
hidden ref is revealed, but the object id it points to may.
Signed-off-by: Kim Altintop <kim@eagain.st>
---
Documentation/config/transfer.txt | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/Documentation/config/transfer.txt b/Documentation/config/transfer.txt
index 505126a780..b49429eb4d 100644
--- a/Documentation/config/transfer.txt
+++ b/Documentation/config/transfer.txt
@@ -52,13 +52,17 @@ If you have multiple hideRefs values, later entries override earlier ones
(and entries in more-specific config files override less-specific ones).
+
If a namespace is in use, the namespace prefix is stripped from each
-reference before it is matched against `transfer.hiderefs` patterns.
+reference before it is matched against `transfer.hiderefs` patterns. In
+order to match refs before stripping, add a `^` in front of the ref name. If
+you combine `!` and `^`, `!` must be specified first.
++
For example, if `refs/heads/master` is specified in `transfer.hideRefs` and
the current namespace is `foo`, then `refs/namespaces/foo/refs/heads/master`
-is omitted from the advertisements but `refs/heads/master` and
-`refs/namespaces/bar/refs/heads/master` are still advertised as so-called
-"have" lines. In order to match refs before stripping, add a `^` in front of
-the ref name. If you combine `!` and `^`, `!` must be specified first.
+is omitted from the advertisements. If `uploadpack.allowRefInWant` is set,
+`upload-pack` will treat `want-ref refs/heads/master` in a protocol v2
+`fetch` command as if `refs/namespaces/foo/refs/heads/master` did not exist.
+`receive-pack`, on the other hand, will still advertise the object id the
+ref is pointing to without mentioning its name (a so-called ".have" line).
+
Even if you hide refs, a client may still be able to steal the target
objects via the techniques described in the "SECURITY" section of the
--
2.32.0
next prev parent reply other threads:[~2021-08-13 6:24 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-30 13:59 [PATCH] upload-pack.c: treat want-ref relative to namespace Kim Altintop
2021-07-30 14:04 ` Kim Altintop
2021-07-30 18:57 ` Junio C Hamano
2021-07-30 21:08 ` Kim Altintop
2021-07-31 20:36 ` [PATCH v2] " Kim Altintop
2021-08-02 21:06 ` Jonathan Tan
2021-08-04 20:36 ` Kim Altintop
2021-08-04 20:42 ` [PATCH v3] " Kim Altintop
2021-08-04 21:00 ` [PATCH v4] " Kim Altintop
2021-08-09 17:56 ` [PATCH 0/3] upload-pack: " Kim Altintop
2021-08-09 17:56 ` [PATCH 1/3] t5730: introduce fetch command helper Kim Altintop
2021-08-09 19:16 ` Junio C Hamano
2021-08-09 21:18 ` Kim Altintop
2021-08-09 19:40 ` Jonathan Nieder
2021-08-09 21:43 ` Junio C Hamano
2021-08-09 21:56 ` Kim Altintop
2021-08-09 22:03 ` Junio C Hamano
2021-08-09 23:01 ` Jonathan Nieder
2021-08-10 9:44 ` Kim Altintop
2021-08-09 17:57 ` [PATCH 2/3] upload-pack.c: treat want-ref relative to namespace Kim Altintop
2021-08-09 17:57 ` [PATCH 3/3] docs: clarify the interaction of transfer.hideRefs and namespaces Kim Altintop
2021-08-10 9:49 ` Kim Altintop
2021-08-13 6:23 ` [PATCH v6 0/3] upload-pack: treat want-ref relative to namespace Kim Altintop
2021-08-14 21:46 ` Johannes Schindelin
2021-08-15 17:59 ` Junio C Hamano
2021-08-15 19:35 ` Kim Altintop
2021-08-16 12:39 ` Johannes Schindelin
2021-08-13 6:23 ` [PATCH v6 1/3] t5730: introduce fetch command helper Kim Altintop
2021-08-13 6:23 ` [PATCH v6 2/3] upload-pack.c: treat want-ref relative to namespace Kim Altintop
2021-08-13 6:23 ` Kim Altintop [this message]
2021-08-04 21:15 ` [PATCH v3] " Junio C Hamano
2021-08-04 22:04 ` Kim Altintop
2021-08-04 22:17 ` Eric Sunshine
2021-08-04 22:17 ` Junio C Hamano
2021-08-04 22:23 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210813062237.10403-4-kim@eagain.st \
--to=kim@eagain.st \
--cc=bwilliams.eng@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=johannes.schindelin@gmx.de \
--cc=jonathantanmy@google.com \
--cc=jrnieder@gmail.com \
--cc=sunshine@sunshineco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).