summaryrefslogtreecommitdiff
path: root/sha1_name.c
diff options
context:
space:
mode:
authorLibravatar Scott J. Goldman <scottjg@github.com>2014-02-28 05:04:19 -0500
committerLibravatar Junio C Hamano <gitster@pobox.com>2014-02-28 09:55:37 -0800
commit7671b63211712e5163ed46d4c93d0b75680c886c (patch)
tree7de8871a0ebc22a47a81410fb6e1e34fe326f879 /sha1_name.c
parentdocs: clarify remote restrictions for git-upload-archive (diff)
downloadtgif-7671b63211712e5163ed46d4c93d0b75680c886c.tar.xz
add uploadarchive.allowUnreachable option
In commit ee27ca4, we started restricting remote git-archive invocations to only accessing reachable commits. This matches what upload-pack allows, but does restrict some useful cases (e.g., HEAD:foo). We loosened this in 0f544ee, which allows `foo:bar` as long as `foo` is a ref tip. However, that still doesn't allow many useful things, like: 1. Commits accessible from a ref, like `foo^:bar`, which are reachable 2. Arbitrary sha1s, even if they are reachable. We can do a full object-reachability check for these cases, but it can be quite expensive if the client has sent us the sha1 of a tree; we have to visit every sub-tree of every commit in the worst case. Let's instead give site admins an escape hatch, in case they prefer the more liberal behavior. For many sites, the full object database is public anyway (e.g., if you allow dumb walker access), or the site admin may simply decide the security/convenience tradeoff is not worth it. This patch adds a new config option to disable the restrictions added in ee27ca4. It defaults to off, meaning there is no change in behavior by default. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'sha1_name.c')
0 files changed, 0 insertions, 0 deletions