From: Derrick Stolee <derrickstolee@xxxxxxxxxx> The documentation and error messages for git-cvsserver include some references to a "whitelist" that is not otherwise included in the documentation. When different parts of the documentation do not use common language, this can lead to confusion as to how things are meant to operate. Further, the word "whitelist" has cultural implications that make its use non-inclusive. Thankfully, we can remove it while increasing clarity. Update Documentation/git-cvsserver.txt in a similar way to the previous change to Documentation/git-daemon.txt. The optional '<directory>...' list can specify a list of allowed directories. We refer to that list directly inside of the documentation for the GIT_CVSSERVER_ROOT environment variable. While modifying this documentation, update the environment variables to use a list format. We use the modern way of tabbing the description of each variable in this section. We do _not_ update the description of '<directory>...' to use tabs this way since the rest of the items in the OPTIONS list do not use this modern formatting. A single error message in the actual git-cvsserver.perl code refers to the whitelist during argument parsing. Instead, refer to the directory list that has been clarified in the documentation. Signed-off-by: Derrick Stolee <derrickstolee@xxxxxxxxxx> --- Documentation/git-cvsserver.txt | 19 ++++++++++--------- git-cvsserver.perl | 2 +- t/t9400-git-cvsserver-server.sh | 2 +- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt index 4dc57ed2547..53f111bc0ac 100644 --- a/Documentation/git-cvsserver.txt +++ b/Documentation/git-cvsserver.txt @@ -63,11 +63,10 @@ Print version information and exit Print usage information and exit <directory>:: -You can specify a list of allowed directories. If no directories -are given, all are allowed. This is an additional restriction, gitcvs -access still needs to be enabled by the `gitcvs.enabled` config option -unless `--export-all` was given, too. - +The remaining arguments provide a list of directories. If no directories +are given, then all are allowed. Repositories within these directories +still require the `gitcvs.enabled` config option, unless `--export-all` +is specified. LIMITATIONS ----------- @@ -311,11 +310,13 @@ ENVIRONMENT These variables obviate the need for command-line options in some circumstances, allowing easier restricted usage through git-shell. -GIT_CVSSERVER_BASE_PATH takes the place of the argument to --base-path. +GIT_CVSSERVER_BASE_PATH:: + This variable replaces the argument to --base-path. -GIT_CVSSERVER_ROOT specifies a single-directory whitelist. The -repository must still be configured to allow access through -git-cvsserver, as described above. +GIT_CVSSERVER_ROOT:: + This variable specifies a single directory, replacing the + `<directory>...` argument list. The repository still requires the + `gitcvs.enabled` config option, unless `--export-all` is specified. When these environment variables are set, the corresponding command-line arguments may not be used. diff --git a/git-cvsserver.perl b/git-cvsserver.perl index 4c8118010a8..7b757360e28 100755 --- a/git-cvsserver.perl +++ b/git-cvsserver.perl @@ -152,7 +152,7 @@ $state->{allowed_roots} = [ @ARGV ]; # don't export the whole system unless the users requests it if ($state->{'export-all'} && !@{$state->{allowed_roots}}) { - die "--export-all can only be used together with an explicit whitelist\n"; + die "--export-all can only be used together with an explicit '<directory>...' list\n"; } # Environment handling for running under git-shell diff --git a/t/t9400-git-cvsserver-server.sh b/t/t9400-git-cvsserver-server.sh index 210ddf09e30..379b19f2f85 100755 --- a/t/t9400-git-cvsserver-server.sh +++ b/t/t9400-git-cvsserver-server.sh @@ -221,7 +221,7 @@ test_expect_success 'req_Root (export-all)' \ 'cat request-anonymous | git-cvsserver --export-all pserver "$WORKDIR" >log 2>&1 && sed -ne \$p log | grep "^I LOVE YOU\$"' -test_expect_success 'req_Root failure (export-all w/o whitelist)' \ +test_expect_success 'req_Root failure (export-all w/o directory list)' \ '! (cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 || false)' test_expect_success 'req_Root (everything together)' \ -- gitgitgadget