Re: GIT archive invocation with SHA sum

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Manfred Rudigier <manfred.rudigier@xxxxxxxxxx> writes:

> we have recently upgraded our Ubuntu server to 12.04, which comes
> with a newer version of GIT. However, we have noticed that git
> archive -remote does not work anymore by specifying the SHA sum of
> a commit.
> ...
> I have read that this restriction was made for some kind of
> security reason, and one possibility would be to add a config
> option on the server repo to turn off this safety check. As we
> manage the git repos ourselves, this would be perfectly ok for us.
>
> What is the current status of this - is there already such a config option?

No, there isn't.

I am no going to say that such a change will never happen, but you
may want to rethink the way you transfer the source material to your
build system, especially your build system is rebuilding each and
every versions of the software.

I can understand that the use of "git archive" can give you a way to
start from an empty directory and build afresh for every version,
but it is stupid to _transfer_ the full copy of the source material
300 times over the network in order to rebuild 300 versions a day,
all of which will be quite similar to each other (after all, the
difference between them will be limited by the productivity of your
workforce).

Fortunately, it is quite simple to fix.  You can maintain a single
bare repository on the build machine (i.e. the one you currently run
"git archive --remote" on), and run "git fetch --mirror" against the
machine that hosts the repository (i.e. the one you currently run
"git archive --remote" against) to keep it up to date.  That way,
you should be able to drastically cut the amount of the network
traffic from the source repository and the build server.

Then, you copy out from that bare repository (i.e. the one you have
on your build server that you "git fetch --mirror" into) using "git
archive" into a fresh directory to build.  Because this invocation
of "git archive" is purely local to the machine, you do not need any
configuration option to bust the "you can only see the branches
available to you" security measure to copy things out.

If your build server is building only the tagged versions for
releases (I doubt that is the case, but I am writing this just for
completeness), "git archive --remove" should be able to reach them,
so you do not need such a configuration option, either.

Hrm?
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]