diff options
| author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-07-19 09:17:06 +0300 |
|---|---|---|
| committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2022-07-21 07:43:49 +0300 |
| commit | 4a789524c7a786a2c8fb0019c3ac20a66c1f9431 (patch) | |
| tree | c9b8b29c27e2aad11d60c7ed0fc51cd0f193dc84 | |
| parent | b67c3828c16a2af7c1a93f2a3f30dadba3089513 (diff) | |
git: Don't advertise internal references via git-upload-pack(1)pks-git-dont-advertise-hidden-refs
Gitaly knows two different types of internal references: once those that
are read-only and thus hidden from git-receive-pack(1), and then those
that should only be used internally and which are thus neither readable
nor writeable. We already handle the former type of internal references
by setting up `receive.hideRefs`, but we don't handle the latter type.
Fix this by setting up hidden reference for git-upload-pack(1). This
causes us to not advertise references with a prefix of `refs/tmp` or
`refs/keep-around` when fetching from repositories.
Note that because we set `transport.hideRefs=!refs/` in our gitaly-ssh
executable, this change does not impact internal fetches. This is
expected and required to keep e.g. `ReplicateRepository()` working
correctly.
Changelog: fixed
| -rw-r--r-- | internal/git/command_description.go | 22 | ||||
| -rw-r--r-- | internal/gitaly/service/smarthttp/inforefs_test.go | 4 |
2 files changed, 20 insertions, 6 deletions
diff --git a/internal/git/command_description.go b/internal/git/command_description.go index c6cabb959..a04746913 100644 --- a/internal/git/command_description.go +++ b/internal/git/command_description.go @@ -298,12 +298,12 @@ var commandDescriptions = map[string]commandDescription{ }, "upload-pack": { flags: scNoRefUpdates, - opts: append([]GlobalOption{ + opts: append(append([]GlobalOption{ ConfigPair{Key: "uploadpack.allowFilter", Value: "true"}, // Enables the capability to request individual SHA1's from the // remote repo. ConfigPair{Key: "uploadpack.allowAnySHA1InWant", Value: "true"}, - }, packConfiguration()...), + }, hiddenUploadPackRefPrefixes()...), packConfiguration()...), }, "version": { flags: scNoRefUpdates, @@ -391,6 +391,24 @@ func hiddenReceivePackRefPrefixes() []GlobalOption { return config } +func hiddenUploadPackRefPrefixes() []GlobalOption { + config := make([]GlobalOption, 0, len(InternalRefPrefixes)) + + for refPrefix, refType := range InternalRefPrefixes { + switch refType { + case InternalReferenceTypeHidden: + config = append(config, ConfigPair{Key: "uploadpack.hideRefs", Value: refPrefix}) + case InternalReferenceTypeReadonly: + // git-upload-pack(1) doesn't allow writing references, and we do want to + // announce read-only references that aren't hidden. + default: + panic(fmt.Sprintf("unhandled internal reference type: %v", refType)) + } + } + + return config +} + // fsckConfiguration generates our fsck configuration, including ignored checks. The prefix must // either be "receive" or "fetch" and indicates whether it should apply to git-receive-pack(1) or to // git-fetch-pack(1). diff --git a/internal/gitaly/service/smarthttp/inforefs_test.go b/internal/gitaly/service/smarthttp/inforefs_test.go index 65c9a080a..9b371bf7f 100644 --- a/internal/gitaly/service/smarthttp/inforefs_test.go +++ b/internal/gitaly/service/smarthttp/inforefs_test.go @@ -100,8 +100,6 @@ func TestInfoRefsUploadPack_internalRefs(t *testing.T) { expectedAdvertisements: []string{ "HEAD", "refs/heads/main\n", - // This is a bug as temporary references should be hidden. - "refs/tmp/1\n", }, }, { @@ -109,8 +107,6 @@ func TestInfoRefsUploadPack_internalRefs(t *testing.T) { expectedAdvertisements: []string{ "HEAD", "refs/heads/main\n", - // This is a bug as keep-around references should be hidden. - "refs/keep-around/1\n", }, }, } { |