From: Shawn Pearce <spearce@spearce.org>
To: Jeff King <peff@peff.net>
Cc: Jonathan Tan <jonathantanmy@google.com>, git <git@vger.kernel.org>
Subject: Re: [PATCH] fetch-pack: always allow fetching of literal SHA1s
Date: Tue, 9 May 2017 21:22:11 -0700 [thread overview]
Message-ID: <CAJo=hJvAg2WqpiuykpbHcB5vgQiHJ74CZ8Y4qudkYqZrmd30zg@mail.gmail.com> (raw)
In-Reply-To: <20170509221629.3z35qcz36oiix3kh@sigill.intra.peff.net>
On Tue, May 9, 2017 at 3:16 PM, Jeff King <peff@peff.net> wrote:
> On Tue, May 09, 2017 at 11:20:42AM -0700, Jonathan Tan wrote:
>
>> fetch-pack, when fetching a literal SHA-1 from a server that is not
>> configured with uploadpack.allowtipsha1inwant (or similar), always
>> returns an error message of the form "Server does not allow request for
>> unadvertised object %s". However, it is sometimes the case that such
>> object is advertised.
>>
>> Teach fetch-pack to also check the SHA-1s of the refs in the received
>> ref advertisement if a literal SHA-1 was given by the user.
>
> Hmm. That makes sense generally, as the request should succeed. But it
> seems like we're creating a client that will sometimes succeed and
> sometimes fail, and the reasoning will be somewhat opaque to the user.
> I have a feeling I'm missing some context on when you'd expect this to
> kick in.
Specifically, someone I know was looking at building an application
that is passed only a SHA-1 for the tip of a ref on a popular hosting
site[1]. They wanted to run `git fetch URL SHA1`, but this failed
because the site doesn't have upload.allowtipsha1inwant enabled.
However the SHA1 was clearly in the output of git ls-remote.
So a workaround is to do this in shell, which is just weird:
r=$(git ls-remote $url | grep ^$sha1);
if [ -n "$r" ]; then
exec git fetch $url $r:refs/tmp/foo
else
echo >&2 "cannot find $sha1"
exit 1
fi
For various reasons they expected this to work, because it works
against other sites that do have upload.allowtipsha1inwant enabled.
And I personally just expected it to work because the fetch client
accepts SHA-1s, and the wire protocol uses "want SHA1" not "want ref",
and the SHA-1 passed on the command line was currently in the
advertisement when the connection opened, so its certainly something
the server is currently willing to serve.
The application in question is using a SHA-1 rather than a ref name,
because thats what it was given by something else. And the other thing
basically wants this to fail-fast if it can't get that exact SHA-1. So
to pass a ref name to git fetch the supplier would have to actually
pass a tuple of ref+sha1, and then the fetcher has to check that the
ref it just obtained provides the sha1 it expected.
So this all turned into a bug report by me to Jonathan Tan, because
git fetch violated my assumption of what it would do if I handed it a
SHA-1 and the SHA-1 was currently the tip of a remote ref.
[1] github.com
next prev parent reply other threads:[~2017-05-10 4:22 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-09 18:20 [PATCH] fetch-pack: always allow fetching of literal SHA1s Jonathan Tan
2017-05-09 22:16 ` Jeff King
2017-05-10 4:22 ` Shawn Pearce [this message]
2017-05-10 4:33 ` Jeff King
2017-05-10 4:46 ` Mike Hommey
2017-05-10 17:50 ` Ævar Arnfjörð Bjarmason
2017-05-10 18:20 ` Jonathan Nieder
2017-05-10 18:48 ` Martin Fick
2017-05-10 18:54 ` Jonathan Nieder
2017-05-10 4:57 ` Shawn Pearce
2017-05-10 17:00 ` Jonathan Nieder
2017-05-10 18:55 ` Sebastian Schuberth
2017-05-11 9:59 ` Jeff King
2017-05-11 19:03 ` Jonathan Nieder
2017-05-11 21:04 ` Jeff King
2017-05-10 16:44 ` [PATCH v2] " Jonathan Tan
2017-05-10 18:01 ` Jonathan Nieder
2017-05-10 22:11 ` [PATCH v3] " Jonathan Tan
2017-05-10 23:22 ` Jonathan Nieder
2017-05-11 9:46 ` Jeff King
2017-05-11 17:51 ` Jonathan Tan
2017-05-11 20:52 ` Jeff King
2017-05-11 10:05 ` Jeff King
2017-05-11 17:00 ` Brandon Williams
2017-05-13 9:29 ` Jeff King
2017-05-11 21:14 ` [PATCH v4] " Jonathan Tan
2017-05-11 21:35 ` Jonathan Nieder
2017-05-11 21:59 ` Jeff King
2017-05-11 22:30 ` [PATCH v5] " Jonathan Tan
2017-05-11 22:46 ` Jonathan Nieder
2017-05-12 2:59 ` Jeff King
2017-05-12 6:01 ` Junio C Hamano
2017-05-12 7:59 ` Jeff King
2017-05-12 8:14 ` Jeff King
2017-05-12 18:00 ` Jonathan Tan
2017-05-13 8:30 ` Jeff King
2017-05-12 18:09 ` Jonathan Tan
2017-05-12 19:06 ` Jonathan Nieder
2017-05-12 3:06 ` Jeff King
2017-05-12 20:45 ` Jonathan Tan
2017-05-12 20:46 ` [PATCH v6] " Jonathan Tan
2017-05-12 22:28 ` Jonathan Nieder
2017-05-13 8:36 ` Jeff King
2017-05-15 1:26 ` Junio C Hamano
2017-05-15 17:32 ` [PATCH v7] " Jonathan Tan
2017-05-15 17:46 ` Jonathan Nieder
2017-05-15 22:10 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJo=hJvAg2WqpiuykpbHcB5vgQiHJ74CZ8Y4qudkYqZrmd30zg@mail.gmail.com' \
--to=spearce@spearce.org \
--cc=git@vger.kernel.org \
--cc=jonathantanmy@google.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).