git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: 孙超 <16657101987@163.com>
To: Jiang Xin <worldhello.net@gmail.com>
Cc: Sun Chao via GitGitGadget <gitgitgadget@gmail.com>,
	Git List <git@vger.kernel.org>
Subject: Re: [PATCH 0/3] refs-advertise: add hook to filter advertised refs
Date: Wed, 10 Aug 2022 21:09:03 +0800	[thread overview]
Message-ID: <1E392965-45B2-4CD8-942C-24E3CA045ABD@163.com> (raw)
In-Reply-To: <CANYiYbFc6xywoCPgge+RMb6Scr8JwS2f=n65XG2jupHS-w2jLw@mail.gmail.com>



> On Aug 10, 2022, at 09:06, Jiang Xin <worldhello.net@gmail.com> wrote:
> 
> On Thu, Aug 4, 2022 at 12:31 AM Sun Chao via GitGitGadget
> <gitgitgadget@gmail.com> wrote:
>> 
>> Gerrit is implemented by JGit and is known as a centralized workflow system
>> which supports reference-level access control for repository. If we choose
>> to work in centralized workflow like what Gerrit provided, reference-level
>> access control is needed and is possible if we add a reference advertise
>> filter hook just like what Gerrit did.
>> 
>> This hook would be invoked by 'git-receive-pack' and 'git-upload-pack'
>> during the reference discovery phase and the commit fetching phase, each
>> reference and will be filtered by this hook. Git server can put
>> reference-level control process to this hook and the git client does not
>> need to change or known about that.
> 
> From the document you provided in patch 3/3, the hook returns not only
> names of the references, but also OIDs. Since the oid of reference
> should be provided as-is during the advertising phase, it is
> sufficient for the hook to just return the visible reference names.
> 
> How about:
> 1. Implement a batch version of "ref_is_hidden()", such as
>    "refs_batch_hidden()", to turn on or turn off the hidden bit
>    for all references.
> 
> 2. If there is an external hook, such as "hide-refs", call it instead
>    of the config variables such as "transfer.hideRefs" to filter refs
>    based on ACL and operations (read and write).
> 
> --
> Jiang Xin
> 

Thanks a lot, Jiang Xin.

Your suggestion is right, for protocol V1 we do not need to filter the OIDs, and
there should be a configuration to turn on/off the hidden bit, I will try to add
such kind of configuration, maybe "transfer.hideRefs" is a good choice.

And after received Junio's reply I also did tests for V2, I find that even I
hide all the refs (by "git config transfer.hiderefs refs/" in upstream) the client
can still fetch specific object by it’s object id, here is the trace log:

```
.............................           trace: built-in: git fetch origin 5585e358b2a240ca8ed65a00008dbc865a1381c1
.............................           packet:        fetch< version 2
.............................           packet:        fetch< agent=git/2.37.1.288.gef002b009d
.............................           packet:        fetch> command=ls-refs
# the server does not advertise any refs
.............................           packet:        fetch< 0000
.............................           packet:        fetch> command=fetch
# the client send the want command with object oid
.............................           packet:        fetch> want 5585e358b2a240ca8ed65a00008dbc865a1381c1
.............................           packet:        fetch> done
.............................           packet:        fetch> 0000
.............................           packet:        fetch< packfile
# the client received the packfile contains the objects
.............................
From file:///local/upstream.git
 * branch                5585e358b2a240ca8ed65a00008dbc865a1381c1 -> FETCH_HEAD
```

Protocol V2 does not limit the request to the advertised refs, and if we want to
hide some refs, we need to hide the objects only reachable from them (for V2),
but it truly has performance issue for some huge repository.

  reply	other threads:[~2022-08-10 13:09 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-03 16:17 [PATCH 0/3] refs-advertise: add hook to filter advertised refs Sun Chao via GitGitGadget
2022-08-03 16:17 ` [PATCH 1/3] " Sun Chao via GitGitGadget
2022-08-03 16:17 ` [PATCH 2/3] t1419: add test cases for refs-advertise hook Sun Chao via GitGitGadget
2022-08-03 16:17 ` [PATCH 3/3] doc: add documentation for the " Sun Chao via GitGitGadget
2022-08-03 20:27 ` [PATCH 0/3] refs-advertise: add hook to filter advertised refs Junio C Hamano
2022-08-04  8:27   ` 孙超
2022-08-10  1:06 ` Jiang Xin
2022-08-10 13:09   ` 孙超 [this message]
2022-08-15  0:54 ` [PATCH v2 0/3] hide-refs: add hook to force hide refs Sun Chao via GitGitGadget
2022-08-15  0:54   ` [PATCH v2 1/3] " Sun Chao via GitGitGadget
2022-08-15  0:54   ` [PATCH v2 2/3] t1419: add test cases for hide-refs hook Sun Chao via GitGitGadget
2022-08-15  0:54   ` [PATCH v2 3/3] doc: add documentation for the " Sun Chao via GitGitGadget
2022-08-15  4:12     ` Eric Sunshine
2022-08-15 14:49       ` 孙超
2022-08-15 16:02         ` Junio C Hamano
2022-08-15 14:56   ` [PATCH v3 0/3] hide-refs: add hook to force hide refs Sun Chao via GitGitGadget
2022-08-15 14:56     ` [PATCH v3 1/3] " Sun Chao via GitGitGadget
2022-08-15 14:56     ` [PATCH v3 2/3] t1419: add test cases for hide-refs hook Sun Chao via GitGitGadget
2022-08-15 14:56     ` [PATCH v3 3/3] doc: add documentation for the " Sun Chao via GitGitGadget
2022-08-15 15:01     ` [PATCH v4 0/3] hide-refs: add hook to force hide refs Sun Chao via GitGitGadget
2022-08-15 15:01       ` [PATCH v4 1/3] " Sun Chao via GitGitGadget
2022-08-15 18:18         ` Junio C Hamano
2022-08-16 11:22           ` 孙超
2022-08-18 18:51         ` Calvin Wan
2022-08-19 15:30           ` 孙超
2022-08-15 15:01       ` [PATCH v4 2/3] t1419: add test cases for hide-refs hook Sun Chao via GitGitGadget
2022-08-15 15:01       ` [PATCH v4 3/3] doc: add documentation for the " Sun Chao via GitGitGadget
2022-09-09 15:06       ` [PATCH v5 0/5] hiderefs: add hide-refs hook to hide refs dynamically Sun Chao via GitGitGadget
2022-09-09 15:06         ` [PATCH v5 1/5] " Sun Chao via GitGitGadget
2022-09-13 17:01           ` Junio C Hamano
2022-09-16 17:52             ` Junio C Hamano
2022-09-17  8:14               ` 孙超
2022-09-09 15:06         ` [PATCH v5 2/5] hiderefs: use new flag to mark force hidden refs Sun Chao via GitGitGadget
2022-09-09 15:06         ` [PATCH v5 3/5] hiderefs: hornor hide flags in wire protocol V2 Sun Chao via GitGitGadget
2022-09-09 15:06         ` [PATCH v5 4/5] test: add test cases for hide-refs hook Sun Chao via GitGitGadget
2022-09-09 15:06         ` [PATCH v5 5/5] doc: add documentation for the " Sun Chao via GitGitGadget
2022-09-20  8:22         ` [PATCH v6 0/5] hiderefs: add hide-refs hook to hide refs dynamically Sun Chao via GitGitGadget
2022-09-20  8:22           ` [PATCH v6 1/5] " Sun Chao via GitGitGadget
2022-09-20  8:22           ` [PATCH v6 2/5] hiderefs: use a new flag to mark force hidden refs Sun Chao via GitGitGadget
2022-09-20  8:22           ` [PATCH v6 3/5] hiderefs: hornor hide flags in wire protocol V2 Sun Chao via GitGitGadget
2022-09-20  8:22           ` [PATCH v6 4/5] test: add test cases for hide-refs hook Sun Chao via GitGitGadget
2022-09-20  8:22           ` [PATCH v6 5/5] doc: add documentation for the " Sun Chao via GitGitGadget

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1E392965-45B2-4CD8-942C-24E3CA045ABD@163.com \
    --to=16657101987@163.com \
    --cc=git@vger.kernel.org \
    --cc=gitgitgadget@gmail.com \
    --cc=worldhello.net@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).