Re: Git push failure in the case of SSH to localhost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 11, 2009 at 10:23 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote:
> "Ciprian Dorin, Craciun" <ciprian.craciun@xxxxxxxxx> writes:
>
>>     I'll merge both Junio's and Jeff's emails into one... My answers bellow.
>>
>> On Wed, Feb 11, 2009 at 9:40 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote:
>>> "Ciprian Dorin, Craciun" <ciprian.craciun@xxxxxxxxx> writes:
>>>
>>>> On Wed, Feb 11, 2009 at 9:27 PM, Junio C Hamano <gitster@xxxxxxxxx> wrote:
>>>>
>>>>> And why isn't it in $HOME/bin/?
>>>>
>>>>     No, it is inside .git/bin folder.
>>>
>>> You are not answering my question.
>>>
>>> I questioned the sanity of putting the scripts in .git/bin/ per
>>> repository.  Why shouldn't a useful script like your "branch-import"
>>> available to _all_ your repositories, possibly taking customization per
>>> repository from repository's .git/config file, so that it does what is
>>> appropriate in each repository?
>> ...
>>     Both these solutions work fine, except one concern: when moving
>> the repository I would also want to move my scripts,...
>
> Define "moving the repository".  More often than not, people move their
> repositories with "git clone" than "tar cf - | tar xf -".
>
> No matter how you are moving it to a new location, you would want to have
> a working set of "regular environment" you normally work in.  Why aren't
> you moving/copying your $HOME/bin at the same time to get a more familiar
> and useful environment?  Viewed under this light, I think your "I move my
> repository to a new machine" is a made up example that is not interesting
> at all, if you ask me.
>
> There are additional security implications.  You can invite a victim to
> run "git diff" in your repository which runs your .git/bin/git-diff, for
> example.


    By moving the repository I mean moving it on another machine...
Let me give you an example...

    Thus (inspired by one of my current usages of Git) suppose I'm
working at a scientific project (let's assume algorithmic nature) and
after I succeed in having a working version of my algorithm, I decide
to test it on a better hardware with bigger workloads... For this I
make a tar of my repository, and un-tar it on the remote machine. (On
this remote machine, as I don't have administrative rights, I've
compiled by hand the latest version of git and put it somewhere on my
path. But it would have been nice if I would have had the latest git
version already installed...)

    (Looking even further, I could use such a procedure to distribute
my code to an entire cluster... Which I'm working to do right now...)

    Where do the repository-custom commands get into the scene? Well
let's suppose I also want to track the run-traces of my algorithm for
results reproduction / debugging purposes. But these files are big
text files that differ in many unimportant places, and thus I would
like `git diff` to show me only the meaning-full differences (by using
external diff feature)... Also the custom diff is not very simple (it
needs a couple sed / grep / other pre-processing), so I decide to
create a special command (like git-diff-traces) that I put inside the
bin folder... (Maybe I would like also some cleaning of unimportant
lines before committing...)

    (About the cluster thing, what about a command like
git-cluster-push... This could be reused...)

    Now as you can see, the special commands that handle my traces are
only valid for this particular algorithm, thus for this particular
repository...

    Now suppose I want to send a tar-ball of this repository to
another person, and I weren't using the special purpose bin dir, I
would also have to remember to send him the scripts that are in some
other place than the repository, and also he would have to remember to
put them into the PATH each time he wants to use them... So as you
see, a lot of manual labor...

    The simplest way (by using my patch) is to do the following:
    * either send a tar of the repository (that contains the bin) (of
course he needs the patched version of Git);
    * either tell him to clone the repository and run a simple command
like ./git-repo-initialize that would create the .git/bin folder and
symlink or copy the special scripts there...

    About the security issue, I don't see any, if we add the bin
folder at the end of the search path, or just after the official
installation path...

    I don't think that this feature is more unsafe than the hooks system...

    Ciprian Craciun.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux