mirror of
https://github.com/git/git
synced 2024-09-12 21:04:12 +00:00
ee27ca4a78
Usually git is careful not to allow clients to fetch arbitrary objects from the database; for example, objects received via upload-pack must be reachable from a ref. Upload-archive breaks this by feeding the client's tree-ish directly to get_sha1, which will accept arbitrary hex sha1s, reflogs, etc. This is not a problem if all of your objects are publicly reachable anyway (or at least public to anybody who can run upload-archive). Or if you are making the repo available by dumb protocols like http or rsync (in which case the client can read your whole object db directly). But for sites which allow access only through smart protocols, clients may be able to fetch trees from commits that exist in the server's object database but are not referenced (e.g., because history was rewound). This patch tightens upload-archive's lookup to use dwim_ref rather than get_sha1. This means a remote client can only fetch the tip of a named ref, not an arbitrary sha1 or reflog entry. This also restricts some legitimate requests, too: 1. Reachable non-tip commits, like: git archive --remote=$url v1.0~5 2. Sub-trees of reachable commits, like: git archive --remote=$url v1.7.7:Documentation Local requests continue to use get_sha1, and are not restricted at all. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
225 lines
6 KiB
Bash
Executable file
225 lines
6 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# Copyright (C) 2005 Rene Scharfe
|
|
#
|
|
|
|
test_description='git tar-tree and git get-tar-commit-id test
|
|
|
|
This test covers the topics of file contents, commit date handling and
|
|
commit id embedding:
|
|
|
|
The contents of the repository is compared to the extracted tar
|
|
archive. The repository contains simple text files, symlinks and a
|
|
binary file (/bin/sh). Only paths shorter than 99 characters are
|
|
used.
|
|
|
|
git tar-tree applies the commit date to every file in the archive it
|
|
creates. The test sets the commit date to a specific value and checks
|
|
if the tar archive contains that value.
|
|
|
|
When giving git tar-tree a commit id (in contrast to a tree id) it
|
|
embeds this commit id into the tar archive as a comment. The test
|
|
checks the ability of git get-tar-commit-id to figure it out from the
|
|
tar file.
|
|
|
|
'
|
|
|
|
. ./test-lib.sh
|
|
UNZIP=${UNZIP:-unzip}
|
|
|
|
SUBSTFORMAT=%H%n
|
|
|
|
test_expect_success \
|
|
'populate workdir' \
|
|
'mkdir a b c &&
|
|
echo simple textfile >a/a &&
|
|
mkdir a/bin &&
|
|
cp /bin/sh a/bin &&
|
|
printf "A\$Format:%s\$O" "$SUBSTFORMAT" >a/substfile1 &&
|
|
printf "A not substituted O" >a/substfile2 &&
|
|
ln -s a a/l1 &&
|
|
(p=long_path_to_a_file && cd a &&
|
|
for depth in 1 2 3 4 5; do mkdir $p && cd $p; done &&
|
|
echo text >file_with_long_path) &&
|
|
(cd a && find .) | sort >a.lst'
|
|
|
|
test_expect_success \
|
|
'add ignored file' \
|
|
'echo ignore me >a/ignored &&
|
|
echo ignored export-ignore >.gitattributes'
|
|
|
|
test_expect_success \
|
|
'add files to repository' \
|
|
'find a -type f | xargs git update-index --add &&
|
|
find a -type l | xargs git update-index --add &&
|
|
treeid=`git write-tree` &&
|
|
echo $treeid >treeid &&
|
|
git update-ref HEAD $(TZ=GMT GIT_COMMITTER_DATE="2005-05-27 22:00:00" \
|
|
git commit-tree $treeid </dev/null)'
|
|
|
|
test_expect_success \
|
|
'create bare clone' \
|
|
'git clone --bare . bare.git &&
|
|
cp .gitattributes bare.git/info/attributes'
|
|
|
|
test_expect_success \
|
|
'remove ignored file' \
|
|
'rm a/ignored'
|
|
|
|
test_expect_success \
|
|
'git archive' \
|
|
'git archive HEAD >b.tar'
|
|
|
|
test_expect_success \
|
|
'git tar-tree' \
|
|
'git tar-tree HEAD >b2.tar'
|
|
|
|
test_expect_success \
|
|
'git archive vs. git tar-tree' \
|
|
'diff b.tar b2.tar'
|
|
|
|
test_expect_success \
|
|
'git archive in a bare repo' \
|
|
'(cd bare.git && git archive HEAD) >b3.tar'
|
|
|
|
test_expect_success \
|
|
'git archive vs. the same in a bare repo' \
|
|
'test_cmp b.tar b3.tar'
|
|
|
|
test_expect_success \
|
|
'validate file modification time' \
|
|
'mkdir extract &&
|
|
"$TAR" xf b.tar -C extract a/a &&
|
|
test-chmtime -v +0 extract/a/a |cut -f 1 >b.mtime &&
|
|
echo "1117231200" >expected.mtime &&
|
|
diff expected.mtime b.mtime'
|
|
|
|
test_expect_success \
|
|
'git get-tar-commit-id' \
|
|
'git get-tar-commit-id <b.tar >b.commitid &&
|
|
diff .git/$(git symbolic-ref HEAD) b.commitid'
|
|
|
|
test_expect_success \
|
|
'extract tar archive' \
|
|
'(cd b && "$TAR" xf -) <b.tar'
|
|
|
|
test_expect_success \
|
|
'validate filenames' \
|
|
'(cd b/a && find .) | sort >b.lst &&
|
|
diff a.lst b.lst'
|
|
|
|
test_expect_success \
|
|
'validate file contents' \
|
|
'diff -r a b/a'
|
|
|
|
test_expect_success \
|
|
'git tar-tree with prefix' \
|
|
'git tar-tree HEAD prefix >c.tar'
|
|
|
|
test_expect_success \
|
|
'extract tar archive with prefix' \
|
|
'(cd c && "$TAR" xf -) <c.tar'
|
|
|
|
test_expect_success \
|
|
'validate filenames with prefix' \
|
|
'(cd c/prefix/a && find .) | sort >c.lst &&
|
|
diff a.lst c.lst'
|
|
|
|
test_expect_success \
|
|
'validate file contents with prefix' \
|
|
'diff -r a c/prefix/a'
|
|
|
|
test_expect_success \
|
|
'create archives with substfiles' \
|
|
'echo "substfile?" export-subst >a/.gitattributes &&
|
|
git archive HEAD >f.tar &&
|
|
git archive --prefix=prefix/ HEAD >g.tar &&
|
|
rm a/.gitattributes'
|
|
|
|
test_expect_success \
|
|
'extract substfiles' \
|
|
'(mkdir f && cd f && "$TAR" xf -) <f.tar'
|
|
|
|
test_expect_success \
|
|
'validate substfile contents' \
|
|
'git log --max-count=1 "--pretty=format:A${SUBSTFORMAT}O" HEAD \
|
|
>f/a/substfile1.expected &&
|
|
diff f/a/substfile1.expected f/a/substfile1 &&
|
|
diff a/substfile2 f/a/substfile2
|
|
'
|
|
|
|
test_expect_success \
|
|
'extract substfiles from archive with prefix' \
|
|
'(mkdir g && cd g && "$TAR" xf -) <g.tar'
|
|
|
|
test_expect_success \
|
|
'validate substfile contents from archive with prefix' \
|
|
'git log --max-count=1 "--pretty=format:A${SUBSTFORMAT}O" HEAD \
|
|
>g/prefix/a/substfile1.expected &&
|
|
diff g/prefix/a/substfile1.expected g/prefix/a/substfile1 &&
|
|
diff a/substfile2 g/prefix/a/substfile2
|
|
'
|
|
|
|
test_expect_success \
|
|
'git archive --format=zip' \
|
|
'git archive --format=zip HEAD >d.zip'
|
|
|
|
test_expect_success \
|
|
'git archive --format=zip in a bare repo' \
|
|
'(cd bare.git && git archive --format=zip HEAD) >d1.zip'
|
|
|
|
test_expect_success \
|
|
'git archive --format=zip vs. the same in a bare repo' \
|
|
'test_cmp d.zip d1.zip'
|
|
|
|
$UNZIP -v >/dev/null 2>&1
|
|
if [ $? -eq 127 ]; then
|
|
echo "Skipping ZIP tests, because unzip was not found"
|
|
test_done
|
|
exit
|
|
fi
|
|
|
|
test_expect_success \
|
|
'extract ZIP archive' \
|
|
'(mkdir d && cd d && $UNZIP ../d.zip)'
|
|
|
|
test_expect_success \
|
|
'validate filenames' \
|
|
'(cd d/a && find .) | sort >d.lst &&
|
|
diff a.lst d.lst'
|
|
|
|
test_expect_success \
|
|
'validate file contents' \
|
|
'diff -r a d/a'
|
|
|
|
test_expect_success \
|
|
'git archive --format=zip with prefix' \
|
|
'git archive --format=zip --prefix=prefix/ HEAD >e.zip'
|
|
|
|
test_expect_success \
|
|
'extract ZIP archive with prefix' \
|
|
'(mkdir e && cd e && $UNZIP ../e.zip)'
|
|
|
|
test_expect_success \
|
|
'validate filenames with prefix' \
|
|
'(cd e/prefix/a && find .) | sort >e.lst &&
|
|
diff a.lst e.lst'
|
|
|
|
test_expect_success \
|
|
'validate file contents with prefix' \
|
|
'diff -r a e/prefix/a'
|
|
|
|
test_expect_success \
|
|
'git archive --list outside of a git repo' \
|
|
'GIT_DIR=some/non-existing/directory git archive --list'
|
|
|
|
test_expect_success 'clients cannot access unreachable commits' '
|
|
test_commit unreachable &&
|
|
sha1=`git rev-parse HEAD` &&
|
|
git reset --hard HEAD^ &&
|
|
git archive $sha1 >remote.tar &&
|
|
test_must_fail git archive --remote=. $sha1 >remote.tar
|
|
'
|
|
|
|
test_done
|