In
b79cf959b2 (upload-pack.c: allow banning certain object filter(s),
2020-02-26), we introduced functionality to disallow certain object
filters from being chosen from within 'git upload-pack'. Traditionally,
administrators use this functionality to disallow filters that are known
to perform slowly, for e.g., those that do not have bitmap-level
filtering.
In the past, the '--filter=tree:<n>' was one such filter that does not
have bitmap-level filtering support, and so was likely to be banned by
administrators.
However, in the previous couple of commits, we introduced bitmap-level
filtering for the case when 'n' is equal to '0', i.e., as if we had a
'--filter=tree:none' choice.
While it would be sufficient to simply write
$ git config uploadpackfilter.tree.allow true
(since it would allow all values of 'n'), we would like to be able to
allow this filter for certain values of 'n', i.e., those no greater than
some pre-specified maximum.
In order to do this, introduce a new configuration key, as follows:
$ git config uploadpackfilter.tree.maxDepth <m>
where '<m>' specifies the maximum allowed value of 'n' in the filter
'tree:n'. Administrators who wish to allow for only the value '0' can
write:
$ git config uploadpackfilter.tree.allow true
$ git config uploadpackfilter.tree.maxDepth 0
which allows '--filter=tree:0', but no other values.
Signed-off-by: Taylor Blau <me@ttaylorr.com>
Acked-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
combined filters, both `combine` and all of the nested filter
kinds must be allowed. Defaults to `uploadpackfilter.allow`.
+uploadpackfilter.tree.maxDepth::
+ Only allow `--filter=tree=<n>` when `n` is no more than the value of
+ `uploadpackfilter.tree.maxDepth`. If set, this also implies
+ `uploadpackfilter.tree.allow=true`, unless this configuration
+ variable had already been set. Has no effect if unset.
+
uploadpack.allowRefInWant::
If this option is set, `upload-pack` will support the `ref-in-want`
feature of the protocol version 2 `fetch` command. This feature
grep "filter '\''blob:none'\'' not supported" err
'
+test_expect_success 'upload-pack limits tree depth filters' '
+ test_config -C srv.bare uploadpackfilter.allow false &&
+ test_config -C srv.bare uploadpackfilter.tree.allow true &&
+ test_config -C srv.bare uploadpackfilter.tree.maxDepth 0 &&
+ test_must_fail ok=sigpipe git clone --no-checkout --filter=tree:1 \
+ "file://$(pwd)/srv.bare" pc3 2>err &&
+ grep "tree filter allows max depth 0, but got 1" err
+'
+
test_expect_success 'partial clone fetches blobs pointed to by refs even if normally filtered out' '
rm -rf src dst &&
git init src &&
unsigned use_include_tag : 1;
unsigned allow_filter : 1;
unsigned allow_filter_fallback : 1;
+ unsigned long tree_filter_max_depth;
unsigned done : 1; /* v2 only */
unsigned allow_ref_in_want : 1; /* v2 only */
data->extra_edge_obj = extra_edge_obj;
data->allowed_filters = allowed_filters;
data->allow_filter_fallback = 1;
+ data->tree_filter_max_depth = ULONG_MAX;
packet_writer_init(&data->writer, 1);
data->keepalive = 5;
if (!allowed)
send_err_and_die(data, "filter '%s' not supported", key);
+
+ if (opts->choice == LOFC_TREE_DEPTH &&
+ opts->tree_exclude_depth > data->tree_filter_max_depth)
+ send_err_and_die(data,
+ "tree filter allows max depth %lu, but got %lu",
+ data->tree_filter_max_depth,
+ opts->tree_exclude_depth);
}
static void check_filter_recurse(struct upload_pack_data *data,
if (!strcmp(key, "allow"))
string_list_insert(&data->allowed_filters, buf.buf)->util =
(void *)(intptr_t)git_config_bool(var, value);
+ else if (!strcmp(buf.buf, "tree") && !strcmp(key, "maxdepth")) {
+ if (!value) {
+ strbuf_release(&buf);
+ return config_error_nonbool(var);
+ }
+ string_list_insert(&data->allowed_filters, buf.buf)->util =
+ (void *)(intptr_t)1;
+ data->tree_filter_max_depth = git_config_ulong(var, value);
+ }
strbuf_release(&buf);
return 0;
projects / thirdparty / git.git / commitdiff
