dist-git proof of concept phase 2 ready for testing

Hans Ulrich Niedermann hun at n-dimensional.de
Sun Dec 20 09:28:16 UTC 2009 

On Sat, 19 Dec 2009 10:56:57 -0800
Jesse Keating <jkeating at redhat.com> wrote:

> We definitely want to allow topic branches pushed to the main repo.  I
> think we'll have to agree on a namespace to use for these, perhaps
> following the dist-cvs example and call them private-*

private/* would have the advantage of allowing easier branch name
wildcards in git ("git push origin 'private/*'").

OTOH, branch or tag names with slashes in them have the potential
to confuse tools and people.

> The way the ACL system works is that it matches on the refs you're
> pushing up, so for packages that have per-branch ACLs only the refs
> that match the branch have ACLs on them, and the assumption is that
> without an ACL you have no rights to it.  That's likely why your push
> failed, but I'd like to see the message to confirm.  It shouldn't be
> too hard to tweak the ACL creation script to add W access to anybody
> who has W access already to the private-* namespace.

Currently, it appears that I can push arbitrarily named branches, at
least if the package does not have per branch ACLs:

$ git push origin moo private/moo private-moo
Counting objects: 11, done.
Delta compression using 2 threads.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 759 bytes, done.
Total 9 (delta 8), reused 0 (delta 0)
To ssh://ndim@pkgs.stg.fedoraproject.org/cstream
 * [new branch]      moo -> moo
 * [new branch]      private/moo -> private/moo
 * [new branch]      private-moo -> private-moo
$

And the same happens with (non-signed, non-annotated) tags:

$ git push origin meh private/meh private-meh
Total 0 (delta 0), reused 0 (delta 0)
To ssh://ndim@pkgs.stg.fedoraproject.org/cstream
 * [new tag]         meh -> meh
 * [new tag]         private/meh -> private/meh
 * [new tag]         private-meh -> private-meh
$

I guess even without per branch ACLs, the ACL system should take a look
at what I am actually pushing and verify its tag/branch names match some
kind of wildcard whitelist. For tags, it might also check their type
(annotated, signed).

-- 
Hans Ulrich Niedermann
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20091220/c13409a5/attachment.sig>

More information about the fedora-devel-list mailing list