* Can I forbid somebody to pull some branch or tag from my repo with git protocol? @ 2008-12-17 9:03 Emily Ren 2008-12-17 9:09 ` Junio C Hamano 2008-12-17 12:12 ` Johannes Schindelin 0 siblings, 2 replies; 10+ messages in thread From: Emily Ren @ 2008-12-17 9:03 UTC (permalink / raw) To: git Hi, I created a repository, and I don't want somebody to pull some branch or tag from my repository with git protocol. How can I do ? Thanks, Emily ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Can I forbid somebody to pull some branch or tag from my repo with git protocol? 2008-12-17 9:03 Can I forbid somebody to pull some branch or tag from my repo with git protocol? Emily Ren @ 2008-12-17 9:09 ` Junio C Hamano 2008-12-17 9:15 ` Emily Ren 2008-12-17 12:12 ` Johannes Schindelin 1 sibling, 1 reply; 10+ messages in thread From: Junio C Hamano @ 2008-12-17 9:09 UTC (permalink / raw) To: Emily Ren; +Cc: git "Emily Ren" <lingyan.ren@gmail.com> writes: > I created a repository, and I don't want somebody to pull some branch > or tag from my repository with git protocol. How can I do ? By not putting that tag or branch in that repository (note that you can have a repository only to publish which is different from your main working repository). . ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Can I forbid somebody to pull some branch or tag from my repo with git protocol? 2008-12-17 9:09 ` Junio C Hamano @ 2008-12-17 9:15 ` Emily Ren 2008-12-17 11:53 ` Sverre Rabbelier 2008-12-17 12:25 ` Johannes Schindelin 0 siblings, 2 replies; 10+ messages in thread From: Emily Ren @ 2008-12-17 9:15 UTC (permalink / raw) To: Junio C Hamano; +Cc: git I want some group can pull these branches or tags from my repo, while other's can't, Need I maintain two repositories ? On Wed, Dec 17, 2008 at 5:09 PM, Junio C Hamano <gitster@pobox.com> wrote: > "Emily Ren" <lingyan.ren@gmail.com> writes: > >> I created a repository, and I don't want somebody to pull some branch >> or tag from my repository with git protocol. How can I do ? > > By not putting that tag or branch in that repository (note that you can > have a repository only to publish which is different from your main > working repository). > . > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Can I forbid somebody to pull some branch or tag from my repo with git protocol? 2008-12-17 9:15 ` Emily Ren @ 2008-12-17 11:53 ` Sverre Rabbelier 2008-12-17 12:35 ` Emily Ren 2008-12-17 12:25 ` Johannes Schindelin 1 sibling, 1 reply; 10+ messages in thread From: Sverre Rabbelier @ 2008-12-17 11:53 UTC (permalink / raw) To: Emily Ren; +Cc: Git Mailinglist On Wed, Dec 17, 2008 at 10:15, Emily Ren <lingyan.ren@gmail.com> wrote: > I want some group can pull these branches or tags from my repo, while > other's can't, Need I maintain two repositories ? I think gitosis should be able to do that? Otherwise you could look into hosting sites like github or gitorious, I think they have at least some form of access control, yes? -- Cheers, Sverre Rabbelier ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Can I forbid somebody to pull some branch or tag from my repo with git protocol? 2008-12-17 11:53 ` Sverre Rabbelier @ 2008-12-17 12:35 ` Emily Ren 2008-12-17 12:47 ` Sverre Rabbelier 0 siblings, 1 reply; 10+ messages in thread From: Emily Ren @ 2008-12-17 12:35 UTC (permalink / raw) To: Sverre Rabbelier; +Cc: Git Mailinglist Sverre, Thank you for your information ! As far as I know, gitosis can control someone readonly/writable to some repo, it has no access control on branch/tag level. Am I right ? I'll look at github and gitorious, are they free software ? Thanks, Emily On Wed, Dec 17, 2008 at 7:53 PM, Sverre Rabbelier <srabbelier@gmail.com> wrote: > On Wed, Dec 17, 2008 at 10:15, Emily Ren <lingyan.ren@gmail.com> wrote: >> I want some group can pull these branches or tags from my repo, while >> other's can't, Need I maintain two repositories ? > > I think gitosis should be able to do that? Otherwise you could look > into hosting sites like github or gitorious, I think they have at > least some form of access control, yes? > > -- > Cheers, > > Sverre Rabbelier > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Can I forbid somebody to pull some branch or tag from my repo with git protocol? 2008-12-17 12:35 ` Emily Ren @ 2008-12-17 12:47 ` Sverre Rabbelier 2008-12-17 13:37 ` Emily Ren 0 siblings, 1 reply; 10+ messages in thread From: Sverre Rabbelier @ 2008-12-17 12:47 UTC (permalink / raw) To: Emily Ren; +Cc: Git Mailinglist [It is common not to top-post on this list :)] On Wed, Dec 17, 2008 at 13:35, Emily Ren <lingyan.ren@gmail.com> wrote: > As far as I know, gitosis can control someone readonly/writable to > some repo, it has no access control on branch/tag level. Am I right ? Ah, sorry, I meant to control access to different repo's for different groups. > I'll look at github and gitorious, are they free software ? IIRC gitorious is open source, but I just checked and I don't see any access control there; which leaves github, which is not free software I'm afraid. I think, as Johannes said, keeping two seperate repo's and using some form of access control on those would be best. -- Cheers, Sverre Rabbelier ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Can I forbid somebody to pull some branch or tag from my repo with git protocol? 2008-12-17 12:47 ` Sverre Rabbelier @ 2008-12-17 13:37 ` Emily Ren 0 siblings, 0 replies; 10+ messages in thread From: Emily Ren @ 2008-12-17 13:37 UTC (permalink / raw) To: Sverre Rabbelier; +Cc: Git Mailinglist Sverre, Johannes, Thank you very much for sharing your good idea ! Yes, maintaining two separate rep maybe best. Johannes, Does your second suggestion mean that I need to write a script and use git hook to enable it ? Thanks, Emily On Wed, Dec 17, 2008 at 8:47 PM, Sverre Rabbelier <srabbelier@gmail.com> wrote: > [It is common not to top-post on this list :)] > > On Wed, Dec 17, 2008 at 13:35, Emily Ren <lingyan.ren@gmail.com> wrote: >> As far as I know, gitosis can control someone readonly/writable to >> some repo, it has no access control on branch/tag level. Am I right ? > > Ah, sorry, I meant to control access to different repo's for different groups. > >> I'll look at github and gitorious, are they free software ? > > IIRC gitorious is open source, but I just checked and I don't see any > access control there; which leaves github, which is not free software > I'm afraid. > > I think, as Johannes said, keeping two seperate repo's and using some > form of access control on those would be best. > > -- > Cheers, > > Sverre Rabbelier > ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Can I forbid somebody to pull some branch or tag from my repo with git protocol? 2008-12-17 9:15 ` Emily Ren 2008-12-17 11:53 ` Sverre Rabbelier @ 2008-12-17 12:25 ` Johannes Schindelin 2008-12-17 19:36 ` Junio C Hamano 1 sibling, 1 reply; 10+ messages in thread From: Johannes Schindelin @ 2008-12-17 12:25 UTC (permalink / raw) To: Emily Ren; +Cc: Junio C Hamano, git Hi, On Wed, 17 Dec 2008, Emily Ren wrote: > I want some group can pull these branches or tags from my repo, while > other's can't, Need I maintain two repositories ? Either that (that would be the easy method, and also the proper one, since people would not even know what you hide), but you could patch upload-pack so that it runs a hook with the rev-list arguments in do_rev_list() in upload-pack.c, and die() if the hook returns non-zero. Ciao, Dscho ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: Can I forbid somebody to pull some branch or tag from my repo with git protocol? 2008-12-17 12:25 ` Johannes Schindelin @ 2008-12-17 19:36 ` Junio C Hamano 0 siblings, 0 replies; 10+ messages in thread From: Junio C Hamano @ 2008-12-17 19:36 UTC (permalink / raw) To: Johannes Schindelin; +Cc: Emily Ren, git Johannes Schindelin <Johannes.Schindelin@gmx.de> writes: > On Wed, 17 Dec 2008, Emily Ren wrote: > >> I want some group can pull these branches or tags from my repo, while >> other's can't, Need I maintain two repositories ? > > Either that (that would be the easy method, and also the proper one, since > people would not even know what you hide), but you could patch > upload-pack so that it runs a hook with the rev-list arguments in > do_rev_list() in upload-pack.c, and die() if the hook returns non-zero. I do not think that would work very well as you expect. Two branches can be pointing at the same commit, and Emily may want to hide one but not the other. The time you obtain from "want" is too late. If you were to extend upload-pack, the place to narrow would be the initial "here are the refs and the objects they point at" announcement that is done at the very beginning. You would do something like the pseudo patch attached at the end. read_set_of_exposed_refs_from_hook() should return, depending on who the user is (which is obviously not available if this connection is over the anonymous git-daemon service, but local and usual ssh connection you could do whoami, and on gitosis there would be some environment variable to distinguish who you are that you can use), the set of refs that the user is allowed to see. diff --git i/upload-pack.c w/upload-pack.c index e5adbc0..129aa1e 100644 --- i/upload-pack.c +++ w/upload-pack.c @@ -10,6 +10,10 @@ #include "revision.h" #include "list-objects.h" #include "run-command.h" +#include "string-list.h" + +static int use_ref_limiting; +static struct string_list exposed_refs; static const char upload_pack_usage[] = "git-upload-pack [--strict] [--timeout=nn] <dir>"; @@ -574,8 +578,14 @@ static int send_ref(const char *refname, const unsigned char *sha1, int flag, vo static const char *capabilities = "multi_ack thin-pack side-band" " side-band-64k ofs-delta shallow no-progress" " include-tag"; - struct object *o = parse_object(sha1); + struct object *o; + + if (use_ref_limiting && !string_list_has_string(&exposed_refs, refname)) { + /* The downloader is not allowed to know the presense of this ref */ + return 0; + } + o = parse_object(sha1); if (!o) die("git upload-pack: cannot find object %s:", sha1_to_hex(sha1)); @@ -600,6 +610,12 @@ static int send_ref(const char *refname, const unsigned char *sha1, int flag, vo static void upload_pack(void) { reset_timeout(); + + if ("limit exposed refs" hook is available) { + use_ref_limiting = 1; + read_set_of_exposed_refs_from_hook(&exposed_refs); + } + head_ref(send_ref, NULL); for_each_ref(send_ref, NULL); packet_flush(1); ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: Can I forbid somebody to pull some branch or tag from my repo with git protocol? 2008-12-17 9:03 Can I forbid somebody to pull some branch or tag from my repo with git protocol? Emily Ren 2008-12-17 9:09 ` Junio C Hamano @ 2008-12-17 12:12 ` Johannes Schindelin 1 sibling, 0 replies; 10+ messages in thread From: Johannes Schindelin @ 2008-12-17 12:12 UTC (permalink / raw) To: Emily Ren; +Cc: git Hi, On Wed, 17 Dec 2008, Emily Ren wrote: > I created a repository, and I don't want somebody to pull some branch or > tag from my repository with git protocol. How can I do ? Yes, it is easy: do not push it into that repository. If you already did, delete it in that repository. Ciao, Dscho ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2008-12-17 19:37 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-12-17 9:03 Can I forbid somebody to pull some branch or tag from my repo with git protocol? Emily Ren 2008-12-17 9:09 ` Junio C Hamano 2008-12-17 9:15 ` Emily Ren 2008-12-17 11:53 ` Sverre Rabbelier 2008-12-17 12:35 ` Emily Ren 2008-12-17 12:47 ` Sverre Rabbelier 2008-12-17 13:37 ` Emily Ren 2008-12-17 12:25 ` Johannes Schindelin 2008-12-17 19:36 ` Junio C Hamano 2008-12-17 12:12 ` Johannes Schindelin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).