• Scott J. Goldman's avatar
    add uploadarchive.allowUnreachable option · 7671b632
    Scott J. Goldman authored
    In commit ee27ca4a, we started restricting remote git-archive
    invocations to only accessing reachable commits. This
    matches what upload-pack allows, but does restrict some
    useful cases (e.g., HEAD:foo). We loosened this in 0f544ee8,
    which allows `foo:bar` as long as `foo` is a ref tip.
    However, that still doesn't allow many useful things, like:
    
      1. Commits accessible from a ref, like `foo^:bar`, which
         are reachable
    
      2. Arbitrary sha1s, even if they are reachable.
    
    We can do a full object-reachability check for these cases,
    but it can be quite expensive if the client has sent us the
    sha1 of a tree; we have to visit every sub-tree of every
    commit in the worst case.
    
    Let's instead give site admins an escape hatch, in case they
    prefer the more liberal behavior.  For many sites, the full
    object database is public anyway (e.g., if you allow dumb
    walker access), or the site admin may simply decide the
    security/convenience tradeoff is not worth it.
    
    This patch adds a new config option to disable the
    restrictions added in ee27ca4a. It defaults to off, meaning
    there is no change in behavior by default.
    Signed-off-by: default avatarJeff King <peff@peff.net>
    Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
    7671b632
git-upload-archive.txt 2.04 KB