From: Sun Chao <sunchao9@xxxxxxxxxx>
If uploadpack.allowTipSHA1InWant or uploadpack.allowReachableSHA1InWant
is set to true, the private commits of hiding refs can be fetched by
the client. The new "hide-refs" hook is used to hide our refs and we
wish to hide the private commits either.
"git-upload-pack" or "git-receive-pack" can use "hide-refs" hook to
filter the references during the reference discovery phase. If a ref
is hidden by the "hide-refs" hook, its private data cannot be fetched
by the client even if uploadpack.allowTipSHA1InWant or
uploadpack.allowReachableSHA1InWant is set to true.
Signed-off-by: Sun Chao <sunchao9@xxxxxxxxxx>
---
Documentation/githooks.txt | 49 ++++++++++++++++++++++++++++++++++++++
1 file changed, 49 insertions(+)
diff --git a/Documentation/githooks.txt b/Documentation/githooks.txt
index a16e62bc8c8..b26e50a4ea7 100644
--- a/Documentation/githooks.txt
+++ b/Documentation/githooks.txt
@@ -249,6 +249,55 @@ If this hook exits with a non-zero status, `git push` will abort without
pushing anything. Information about why the push is rejected may be sent
to the user by writing to standard error.
+[[hide-refs]]
+hide-refs
+~~~~~~~~~
+
+This hook would be invoked by 'git-receive-pack' and 'git-upload-pack'
+during the reference discovery phase, each reference will be filtered
+by this hook. The hook executes once with no arguments for each
+'git-upload-pack' and 'git-receive-pack' process. Once the hook is invoked,
+a version number and server process name ('uploadpack' or 'receive') will
+send to it in pkt-line format, followed by a flush-pkt. The hook should
+respond with its version number.
+
+During the reference discovery phase, each reference will be filtered by
+this hook. In the following example, the letter 'G' stands for
+'git-receive-pack' or 'git-upload-pack', and the letter 'H' stands for
+this hook. The hook decides if the reference will be hidden or not, it
+sends the result back in pkt-line format protocol, and a response 'hide'
+means the references will be hidden to the client.
+
+ # Version negotiation
+ G: PKT-LINE(version=1\0uploadpack)
+ G: flush-pkt
+ H: PKT-LINE(version=1)
+ H: flush-pkt
+
+ # Send reference filter request to hook
+ G: PKT-LINE(ref <refname>:<refnamefull>)
+ G: flush-pkt
+
+ # Receive the result from the hook.
+ # Case 1: this reference is hidden
+ H: PKT-LINE(hide)
+ H: flush-pkt
+
+ # Case 2: this reference can be advertised
+ H: flush-pkt
+
+To enable the `hide-refs` hook, we should config hiderefs with a `hook:`
+option, e.g. if we want to pass all the refs to the new hook except for
+the tags:
+
+ git config --add transfer.hiderefs hook:
+ git config --add transfer.hiderefs hook:!refs/tags/
+
+the `hide-refs` will be called during the reference discovery phase and
+check each matched reference, a 'hide' response means the reference will
+be hidden for its private data even if `allowTipSHA1InWant` or
+`allowReachableSHA1InWant` is set to true.
+
[[pre-receive]]
pre-receive
~~~~~~~~~~~
--
gitgitgadget
