On Wed, Apr 15, 2009 at 01:09:43PM +1000, Nguyen Thai Ngoc Duy wrote: > On Wed, Apr 15, 2009 at 6:27 AM, Robin H. Johnson <robbat2@xxxxxxxxxx> wrote: > > So, from the Gentoo side right now, we're looking at this: > > 1. Setup git-bundle for initial downloads. > > 2. Disallow initial clones over git:// (allow updates ONLY) > How can you do that? If I understand git protocol correctly, there is > no difference between a fetch request and a clone one. I'm planning on adding a new hook, in upload-pack. Inputs: want_obj, have_obj Not sure of the best way to pass them yet, probably stdin, 'want ....', 'have ....'. Probably best to run right before git-rev-list. For the Gentoo-specific content of the hook, I'm after this design: - you don't send ANY have => you get the error - you have is too old => you get the error - you ask for something non-existent => you get the error The error will be a message instructing you to use the bundle, and pointing to a URL with detailed instructions. The 'too old' case is to able better DoS prevention, stopping somebody malicious from finding the first commit in the bundle, and pretending they have it, asking for a pack from that to the HEAD. -- Robin Hugh Johnson Gentoo Linux Developer & Infra Guy E-Mail : robbat2@xxxxxxxxxx GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
Attachment:
pgpo14IPYyonb.pgp
Description: PGP signature