From: Sun Chao <sunchao9@xxxxxxxxxx>
If uploadpack.allowTipSHA1InWant or
uploadpack.allowReachableSHA1InWant are set to true, the private
commits of hide refs can be fetched by client. The new "hide-refs"
hook are used to hide our refs and we wish to hide the private
commits either.
"git upload-pack" or "git receive-pack" can use "hide-refs" hook to
filter the references during reference discovery phase. If a ref is
hided by "hide-refs" hook, its private data cannot be fetched by
client even if uploadpack.allowTipSHA1InWant or
uploadpack.allowReachableSHA1InWant are set to true.
Signed-off-by: Sun Chao <sunchao9@xxxxxxxxxx>
---
Documentation/githooks.txt | 48 ++++++++++++++++++++++++++++++++++++++
1 file changed, 48 insertions(+)
diff --git a/Documentation/githooks.txt b/Documentation/githooks.txt
index a16e62bc8c8..314bddedc1f 100644
--- a/Documentation/githooks.txt
+++ b/Documentation/githooks.txt
@@ -249,6 +249,54 @@ If this hook exits with a non-zero status, `git push` will abort without
pushing anything. Information about why the push is rejected may be sent
to the user by writing to standard error.
+[[hide-refs]]
+hide-refs
+~~~~~~~~~
+
+This hook would be invoked by 'git-receive-pack' and 'git-upload-pack'
+during the reference discovery phase, each reference and will be filtered
+by this hook. The hook executes once with no arguments for each
+'git-upload-pack' and 'git-receive-pack' process. Once the hook is invoked,
+a version number and server process name ('uploadpack' or 'receive') will
+send to it in pkt-line format, followed by a flush-pkt. The hook should
+respond with its version number.
+
+During reference discovery phase, each reference will be filtered by this
+hook. In the following example, the letter 'G' stands for 'git-receive-pack'
+or 'git-upload-pack' and the letter 'H' stands for this hook. The hook
+decides if the reference will be hidden or not, it sends result back in
+pkt-line format protocol, a response "hide" the references will hidden
+to the client.
+
+ # Version negotiation
+ G: PKT-LINE(version=1\0uploadpack)
+ G: flush-pkt
+ H: PKT-LINE(version=1)
+ H: flush-pkt
+
+ # Send reference filter request to hook
+ G: PKT-LINE(ref <refname>:<refnamefull>)
+ G: flush-pkt
+
+ # Receive result from the hook.
+ # Case 1: this reference is hidden
+ H: PKT-LINE(hide)
+ H: flush-pkt
+
+ # Case 2: this reference can be advertised
+ H: flush-pkt
+
+To enable the `hide-refs` hook, we should config hiderefs with `hook:`
+option, eg:
+
+ git config --add transfer.hiderefs hook:refs/prefix1/
+ git config --add uploadpack.hiderefs hook:!refs/prefix2/
+
+the `hide-refs` will be called during reference discovery phase and
+check each matched reference, a 'hide' response means the reference will
+be hidden for its private data even if `allowTipSHA1InWant` and
+`allowReachableSHA1InWant` are set to true.
+
[[pre-receive]]
pre-receive
~~~~~~~~~~~
--
gitgitgadget
