git-commit-vandalism/t/t5509-fetch-push-namespaces.sh

167 lines
5.8 KiB
Bash
Raw Normal View History

#!/bin/sh
test_description='fetch/push involving ref namespaces'
. ./test-lib.sh
test_expect_success setup '
transport: add protocol policy config option Previously the `GIT_ALLOW_PROTOCOL` environment variable was used to specify a whitelist of protocols to be used in clone/fetch/push commands. This patch introduces new configuration options for more fine-grained control for allowing/disallowing protocols. This also has the added benefit of allowing easier construction of a protocol whitelist on systems where setting an environment variable is non-trivial. Now users can specify a policy to be used for each type of protocol via the 'protocol.<name>.allow' config option. A default policy for all unconfigured protocols can be set with the 'protocol.allow' config option. If no user configured default is made git will allow known-safe protocols (http, https, git, ssh, file), disallow known-dangerous protocols (ext), and have a default policy of `user` for all other protocols. The supported policies are `always`, `never`, and `user`. The `user` policy can be used to configure a protocol to be usable when explicitly used by a user, while disallowing it for commands which run clone/fetch/push commands without direct user intervention (e.g. recursive initialization of submodules). Commands which can potentially clone/fetch/push from untrusted repositories without user intervention can export `GIT_PROTOCOL_FROM_USER` with a value of '0' to prevent protocols configured to the `user` policy from being used. Fix remote-ext tests to use the new config to allow the ext protocol to be tested. Based on a patch by Jeff King <peff@peff.net> Signed-off-by: Brandon Williams <bmwill@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-12-14 23:39:52 +01:00
git config --global protocol.ext.allow user &&
test_tick &&
git init original &&
(
cd original &&
echo 0 >count &&
git add count &&
test_commit 0 &&
echo 1 >count &&
git add count &&
test_commit 1 &&
git remote add pushee-namespaced "ext::git --namespace=namespace %s ../pushee" &&
git remote add pushee-unnamespaced ../pushee
) &&
commit0=$(cd original && git rev-parse HEAD^) &&
commit1=$(cd original && git rev-parse HEAD) &&
git init --bare pushee &&
git init puller
'
test_expect_success 'pushing into a repository using a ref namespace' '
(
cd original &&
git push pushee-namespaced master &&
git ls-remote pushee-namespaced >actual &&
printf "$commit1\trefs/heads/master\n" >expected &&
test_cmp expected actual &&
git push pushee-namespaced --tags &&
git ls-remote pushee-namespaced >actual &&
printf "$commit0\trefs/tags/0\n" >>expected &&
printf "$commit1\trefs/tags/1\n" >>expected &&
test_cmp expected actual &&
# Verify that the GIT_NAMESPACE environment variable works as well
GIT_NAMESPACE=namespace git ls-remote "ext::git %s ../pushee" >actual &&
test_cmp expected actual &&
# Verify that --namespace overrides GIT_NAMESPACE
GIT_NAMESPACE=garbage git ls-remote pushee-namespaced >actual &&
test_cmp expected actual &&
# Try a namespace with no content
git ls-remote "ext::git --namespace=garbage %s ../pushee" >actual &&
test_must_be_empty actual &&
git ls-remote pushee-unnamespaced >actual &&
sed -e "s|refs/|refs/namespaces/namespace/refs/|" expected >expected.unnamespaced &&
test_cmp expected.unnamespaced actual
)
'
test_expect_success 'pulling from a repository using a ref namespace' '
(
cd puller &&
git remote add -f pushee-namespaced "ext::git --namespace=namespace %s ../pushee" &&
git for-each-ref refs/ >actual &&
printf "$commit1 commit\trefs/remotes/pushee-namespaced/master\n" >expected &&
printf "$commit0 commit\trefs/tags/0\n" >>expected &&
printf "$commit1 commit\trefs/tags/1\n" >>expected &&
test_cmp expected actual
)
'
# This test with clone --mirror checks for possible regressions in clone
# or the machinery underneath it. It ensures that no future change
# causes clone to ignore refs in refs/namespaces/*. In particular, it
# protects against a regression caused by any future change to the refs
# machinery that might cause it to ignore refs outside of refs/heads/*
# or refs/tags/*. More generally, this test also checks the high-level
# functionality of using clone --mirror to back up a set of repos hosted
# in the namespaces of a single repo.
test_expect_success 'mirroring a repository using a ref namespace' '
git clone --mirror pushee mirror &&
(
cd mirror &&
git for-each-ref refs/ >actual &&
printf "$commit1 commit\trefs/namespaces/namespace/refs/heads/master\n" >expected &&
printf "$commit0 commit\trefs/namespaces/namespace/refs/tags/0\n" >>expected &&
printf "$commit1 commit\trefs/namespaces/namespace/refs/tags/1\n" >>expected &&
test_cmp expected actual
)
'
test_expect_success 'hide namespaced refs with transfer.hideRefs' '
GIT_NAMESPACE=namespace \
git -C pushee -c transfer.hideRefs=refs/tags \
ls-remote "ext::git %s ." >actual &&
printf "$commit1\trefs/heads/master\n" >expected &&
test_cmp expected actual
'
test_expect_success 'check that transfer.hideRefs does not match unstripped refs' '
GIT_NAMESPACE=namespace \
git -C pushee -c transfer.hideRefs=refs/namespaces/namespace/refs/tags \
ls-remote "ext::git %s ." >actual &&
printf "$commit1\trefs/heads/master\n" >expected &&
printf "$commit0\trefs/tags/0\n" >>expected &&
printf "$commit1\trefs/tags/1\n" >>expected &&
test_cmp expected actual
'
test_expect_success 'hide full refs with transfer.hideRefs' '
GIT_NAMESPACE=namespace \
git -C pushee -c transfer.hideRefs="^refs/namespaces/namespace/refs/tags" \
ls-remote "ext::git %s ." >actual &&
printf "$commit1\trefs/heads/master\n" >expected &&
test_cmp expected actual
'
test_expect_success 'try to update a hidden ref' '
test_config -C pushee transfer.hideRefs refs/heads/master &&
test_must_fail git -C original push pushee-namespaced master
'
test_expect_success 'try to update a ref that is not hidden' '
test_config -C pushee transfer.hideRefs refs/namespaces/namespace/refs/heads/master &&
git -C original push pushee-namespaced master
'
test_expect_success 'try to update a hidden full ref' '
test_config -C pushee transfer.hideRefs "^refs/namespaces/namespace/refs/heads/master" &&
test_must_fail git -C original push pushee-namespaced master
'
upload-pack: strip namespace from symref data Since 7171d8c15f (upload-pack: send symbolic ref information as capability, 2013-09-17), we've sent cloning and fetching clients special information about which branch HEAD is pointing to, so that they don't have to guess based on matching up commit ids. However, this feature has never worked properly with the GIT_NAMESPACE feature. Because upload-pack uses head_ref_namespaced(find_symref), we do find and report on refs/namespaces/foo/HEAD instead of the actual HEAD of the repo. This makes sense, since the branch pointed to by the top-level HEAD may not be advertised at all. But we do two things wrong: 1. We report the full name refs/namespaces/foo/HEAD, instead of just HEAD. Meaning no client is going to bother doing anything with that symref, since we're not otherwise advertising it. 2. We report the symref destination using its full name (e.g., refs/namespaces/foo/refs/heads/master). That's similarly useless to the client, who only saw "refs/heads/master" in the advertisement. We should be stripping the namespace prefix off of both places (which this patch fixes). Likely nobody noticed because we tend to do the right thing anyway. Bug (1) means that we said nothing about HEAD (just refs/namespace/foo/HEAD). And so the client half of the code, from a45b5f0552 (connect: annotate refs with their symref information in get_remote_head(), 2013-09-17), does not annotate HEAD, and we use the fallback in guess_remote_head(), matching refs by object id. Which is usually right. It only falls down in ambiguous cases, like the one laid out in the included test. This also means that we don't have to worry about breaking anybody who was putting pre-stripped names into their namespace symrefs when we fix bug (2). Because of bug (1), nobody would have been using the symref we advertised in the first place (not to mention that those symrefs would have appeared broken for any non-namespaced access). Note that we have separate fixes here for the v0 and v2 protocols. The symref advertisement moved in v2 to be a part of the ls-refs command. This actually gets part (1) right, since the symref annotation piggy-backs on the existing ref advertisement, which is properly stripped. But it still needs a fix for part (2). The included tests cover both protocols. Reported-by: Bryan Turner <bturner@atlassian.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2019-05-23 08:11:21 +02:00
test_expect_success 'set up ambiguous HEAD' '
git init ambiguous &&
(
cd ambiguous &&
git commit --allow-empty -m foo &&
git update-ref refs/namespaces/ns/refs/heads/one HEAD &&
git update-ref refs/namespaces/ns/refs/heads/two HEAD &&
git symbolic-ref refs/namespaces/ns/HEAD \
refs/namespaces/ns/refs/heads/two
)
'
test_expect_success 'clone chooses correct HEAD (v0)' '
GIT_NAMESPACE=ns git -c protocol.version=0 \
clone ambiguous ambiguous-v0 &&
echo refs/heads/two >expect &&
git -C ambiguous-v0 symbolic-ref HEAD >actual &&
test_cmp expect actual
'
test_expect_success 'clone chooses correct HEAD (v2)' '
GIT_NAMESPACE=ns git -c protocol.version=2 \
clone ambiguous ambiguous-v2 &&
echo refs/heads/two >expect &&
git -C ambiguous-v2 symbolic-ref HEAD >actual &&
test_cmp expect actual
'
receive.denyCurrentBranch: respect all worktrees The receive.denyCurrentBranch config option controls what happens if you push to a branch that is checked out into a non-bare repository. By default, it rejects it. It can be disabled via `ignore` or `warn`. Another yet trickier option is `updateInstead`. However, this setting was forgotten when the git worktree command was introduced: only the main worktree's current branch is respected. With this change, all worktrees are respected. That change also leads to revealing another bug, i.e. `receive.denyCurrentBranch = true` was ignored when pushing into a non-bare repository's unborn current branch using ref namespaces. As `is_ref_checked_out()` returns 0 which means `receive-pack` does not get into conditional statement to switch `deny_current_branch` accordingly (ignore, warn, refuse, unconfigured, updateInstead). receive.denyCurrentBranch uses the function `refs_resolve_ref_unsafe()` (called via `resolve_refdup()`) to resolve the symbolic ref HEAD, but that function fails when HEAD does not point at a valid commit. As we replace the call to `refs_resolve_ref_unsafe()` with `find_shared_symref()`, which has no problem finding the worktree for a given branch even if it is unborn yet, this bug is fixed at the same time: receive.denyCurrentBranch now also handles worktrees with unborn branches as intended even while using ref namespaces. Helped-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Hariom Verma <hariom18599@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-02-23 19:57:10 +01:00
test_expect_success 'denyCurrentBranch and unborn branch with ref namespace' '
(
cd original &&
git init unborn &&
git remote add unborn-namespaced "ext::git --namespace=namespace %s unborn" &&
test_must_fail git push unborn-namespaced HEAD:master &&
git -C unborn config receive.denyCurrentBranch updateInstead &&
git push unborn-namespaced HEAD:master
)
'
test_done