From: "Sun Chao via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Sun Chao <16657101987@163.com>
Subject: [PATCH v4 0/3] hide-refs: add hook to force hide refs
Date: Mon, 15 Aug 2022 15:01:25 +0000 [thread overview]
Message-ID: <pull.1301.v4.git.git.1660575688.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.1301.v3.git.git.1660575384.gitgitgadget@gmail.com>
Gerrit is implemented by JGit and is known as a centralized workflow system
which supports reference-level access control for repository. If we choose
to work in centralized workflow like what Gerrit provided, reference-level
access control is needed and we might add a reference filter hook hide-refs
to hide the private data.
This hook would be invoked by 'git-receive-pack' and 'git-upload-pack'
during the reference discovery phase, each reference will be filtered with
this hook. The hook executes once with no arguments for each
'git-upload-pack' and 'git-receive-pack' process. Once the hook is invoked,
a version number and server process name ('uploadpack' or 'receive') will
send to it in pkt-line format, followed by a flush-pkt. The hook should
respond with its version number.
During reference discovery phase, each reference will be filtered by this
hook. In the following example, the letter 'G' stands for 'git-receive-pack'
or 'git-upload-pack' and the letter 'H' stands for this hook. The hook
decides if the reference will be hidden or not, it sends result back in
pkt-line format protocol, a response "hide" means the references will hide
to the client and can not fetch its private data even in protocol V2.
# Version negotiation
G: PKT-LINE(version=1\0uploadpack)
G: flush-pkt
H: PKT-LINE(version=1)
H: flush-pkt
# Send reference filter request to hook
G: PKT-LINE(ref <refname>:<refname_full>)
G: flush-pkt
# Receive result from the hook.
# Case 1: this reference is hidden
H: PKT-LINE(hide)
H: flush-pkt
# Case 2: this reference can be advertised
H: flush-pkt
To enable the hide-refs hook, we should config hiderefs with force: option,
eg:
git config --add transfer.hiderefs force:refs/prefix1/
git config --add uploadpack.hiderefs force:!refs/prefix2/
the hide-refs will be called during reference discovery phase and check each
matched reference, a 'hide' response means the reference will be hidden for
its private data even if allowTipSHA1InWant or allowReachableSHA1InWant are
set to true.
Sun Chao (3):
hide-refs: add hook to force hide refs
t1419: add test cases for hide-refs hook
doc: add documentation for the hide-refs hook
Documentation/githooks.txt | 48 ++++
Makefile | 1 +
builtin/receive-pack.c | 5 +-
ls-refs.c | 2 +-
refs.c | 221 +++++++++++++++++-
refs.h | 6 +
serve.c | 2 +
t/helper/test-hide-refs.c | 152 ++++++++++++
t/helper/test-tool.c | 1 +
t/helper/test-tool.h | 1 +
t/t1419-hide-refs-hook.sh | 142 +++++++++++
t/t1419/common-functions.sh | 80 +++++++
t/t1419/once-0000-abnormal-hide-refs-hook.sh | 161 +++++++++++++
...test-0001-ls-remote-with-hide-refs-hook.sh | 77 ++++++
...st-0002-upload-pack-with-hide-refs-hook.sh | 122 ++++++++++
...t-0003-receive-pack-with-hide-refs-hook.sh | 87 +++++++
upload-pack.c | 32 +--
upload-pack.h | 1 +
18 files changed, 1111 insertions(+), 30 deletions(-)
create mode 100644 t/helper/test-hide-refs.c
create mode 100755 t/t1419-hide-refs-hook.sh
create mode 100644 t/t1419/common-functions.sh
create mode 100644 t/t1419/once-0000-abnormal-hide-refs-hook.sh
create mode 100644 t/t1419/test-0001-ls-remote-with-hide-refs-hook.sh
create mode 100644 t/t1419/test-0002-upload-pack-with-hide-refs-hook.sh
create mode 100644 t/t1419/test-0003-receive-pack-with-hide-refs-hook.sh
base-commit: afa70145a25e81faa685dc0b465e52b45d2444bd
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-git-1301%2Fsunchao9%2Frefs_advertise-v4
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-git-1301/sunchao9/refs_advertise-v4
Pull-Request: https://github.com/git/git/pull/1301
Range-diff vs v3:
1: 01c63ea5fee = 1: 01c63ea5fee hide-refs: add hook to force hide refs
2: b8a490cb3df = 2: b8a490cb3df t1419: add test cases for hide-refs hook
3: 99755b377f0 ! 3: 8c5ae78de47 doc: add documentation for the hide-refs hook
@@ Documentation/githooks.txt: If this hook exits with a non-zero status, `git push
+'git-upload-pack' and 'git-receive-pack' process. Once the hook is invoked,
+a version number and server process name ('uploadpack' or 'receive') will
+send to it in pkt-line format, followed by a flush-pkt. The hook should
-+response with its version number.
++respond with its version number.
+
+During reference discovery phase, each reference will be filtered by this
+hook. In the following example, the letter 'G' stands for 'git-receive-pack'
@@ Documentation/githooks.txt: If this hook exits with a non-zero status, `git push
+ git config --add uploadpack.hiderefs force:!refs/prefix2/
+
+the `hide-refs` will be called during reference discovery phase and
-+check each matched reference, a 'hide' reponse means the reference will
-+be hidden for its private data and even the `allowTipSHA1InWant` and
-+`allowReachableSHA1InWant` is set to true.
++check each matched reference, a 'hide' response means the reference will
++be hidden for its private data even if `allowTipSHA1InWant` and
++`allowReachableSHA1InWant` are set to true.
+
[[pre-receive]]
pre-receive
--
gitgitgadget
next prev parent reply other threads:[~2022-08-15 15:02 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-03 16:17 [PATCH 0/3] refs-advertise: add hook to filter advertised refs Sun Chao via GitGitGadget
2022-08-03 16:17 ` [PATCH 1/3] " Sun Chao via GitGitGadget
2022-08-03 16:17 ` [PATCH 2/3] t1419: add test cases for refs-advertise hook Sun Chao via GitGitGadget
2022-08-03 16:17 ` [PATCH 3/3] doc: add documentation for the " Sun Chao via GitGitGadget
2022-08-03 20:27 ` [PATCH 0/3] refs-advertise: add hook to filter advertised refs Junio C Hamano
2022-08-04 8:27 ` 孙超
2022-08-10 1:06 ` Jiang Xin
2022-08-10 13:09 ` 孙超
2022-08-15 0:54 ` [PATCH v2 0/3] hide-refs: add hook to force hide refs Sun Chao via GitGitGadget
2022-08-15 0:54 ` [PATCH v2 1/3] " Sun Chao via GitGitGadget
2022-08-15 0:54 ` [PATCH v2 2/3] t1419: add test cases for hide-refs hook Sun Chao via GitGitGadget
2022-08-15 0:54 ` [PATCH v2 3/3] doc: add documentation for the " Sun Chao via GitGitGadget
2022-08-15 4:12 ` Eric Sunshine
2022-08-15 14:49 ` 孙超
2022-08-15 16:02 ` Junio C Hamano
2022-08-15 14:56 ` [PATCH v3 0/3] hide-refs: add hook to force hide refs Sun Chao via GitGitGadget
2022-08-15 14:56 ` [PATCH v3 1/3] " Sun Chao via GitGitGadget
2022-08-15 14:56 ` [PATCH v3 2/3] t1419: add test cases for hide-refs hook Sun Chao via GitGitGadget
2022-08-15 14:56 ` [PATCH v3 3/3] doc: add documentation for the " Sun Chao via GitGitGadget
2022-08-15 15:01 ` Sun Chao via GitGitGadget [this message]
2022-08-15 15:01 ` [PATCH v4 1/3] hide-refs: add hook to force hide refs Sun Chao via GitGitGadget
2022-08-15 18:18 ` Junio C Hamano
2022-08-16 11:22 ` 孙超
2022-08-18 18:51 ` Calvin Wan
2022-08-19 15:30 ` 孙超
2022-08-15 15:01 ` [PATCH v4 2/3] t1419: add test cases for hide-refs hook Sun Chao via GitGitGadget
2022-08-15 15:01 ` [PATCH v4 3/3] doc: add documentation for the " Sun Chao via GitGitGadget
2022-09-09 15:06 ` [PATCH v5 0/5] hiderefs: add hide-refs hook to hide refs dynamically Sun Chao via GitGitGadget
2022-09-09 15:06 ` [PATCH v5 1/5] " Sun Chao via GitGitGadget
2022-09-13 17:01 ` Junio C Hamano
2022-09-16 17:52 ` Junio C Hamano
2022-09-17 8:14 ` 孙超
2022-09-09 15:06 ` [PATCH v5 2/5] hiderefs: use new flag to mark force hidden refs Sun Chao via GitGitGadget
2022-09-09 15:06 ` [PATCH v5 3/5] hiderefs: hornor hide flags in wire protocol V2 Sun Chao via GitGitGadget
2022-09-09 15:06 ` [PATCH v5 4/5] test: add test cases for hide-refs hook Sun Chao via GitGitGadget
2022-09-09 15:06 ` [PATCH v5 5/5] doc: add documentation for the " Sun Chao via GitGitGadget
2022-09-20 8:22 ` [PATCH v6 0/5] hiderefs: add hide-refs hook to hide refs dynamically Sun Chao via GitGitGadget
2022-09-20 8:22 ` [PATCH v6 1/5] " Sun Chao via GitGitGadget
2022-09-20 8:22 ` [PATCH v6 2/5] hiderefs: use a new flag to mark force hidden refs Sun Chao via GitGitGadget
2022-09-20 8:22 ` [PATCH v6 3/5] hiderefs: hornor hide flags in wire protocol V2 Sun Chao via GitGitGadget
2022-09-20 8:22 ` [PATCH v6 4/5] test: add test cases for hide-refs hook Sun Chao via GitGitGadget
2022-09-20 8:22 ` [PATCH v6 5/5] doc: add documentation for the " Sun Chao via GitGitGadget
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.1301.v4.git.git.1660575688.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=16657101987@163.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).