I am setting up a continous integration (CI) system for an open source project and I want to allow forking developers to use the system, but I do not want anyone to do a clone or fetch from the CI git repo, the repo.
Any advice on limiting the https smart protocol to push only, blocking clone and fetch?
Looking at http-backend.c
542 static struct service_cmd {
543 const char *method;
544 const char *pattern;
545 void (*imp)(char *);
546 } services[] = {
547 {"GET", "/HEAD$", get_head},
548 {"GET", "/info/refs$", get_info_refs},
549 {"GET", "/objects/info/alternates$", get_text_file},
550 {"GET", "/objects/info/http-alternates$", get_text_file},
551 {"GET", "/objects/info/packs$", get_info_packs},
552 {"GET", "/objects/[0-9a-f]{2}/[0-9a-f]{38}$", get_loose_object},
553 {"GET", "/objects/pack/pack-[0-9a-f]{40}\\.pack$", get_pack_file},
554 {"GET", "/objects/pack/pack-[0-9a-f]{40}\\.idx$", get_idx_file},
555
556 {"POST", "/git-upload-pack$", service_rpc},
557 {"POST", "/git-receive-pack$", service_rpc}
558 };
I feel I could just filter /git-receive-pack and /objects/ .
I am going to build my test system now.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html