[PATCH v2] upload-pack: Optionally allow fetching any sha1

[PATCH v2] upload-pack: Optionally allow fetching any sha1

[David Turner]

It seems a little silly to do a reachabilty check in the case where we
trust the user to access absolutely everything in the repository.

Also, it's racy in a distributed system -- perhaps one server
advertises a ref, but another has since had a force-push to that ref,
and perhaps the two HTTP requests end up directed to these different
servers.

Signed-off-by: David Turner <dturner@twosigma.com>
---

Actually, I realized as forgot the doco.  Sorry.

 Documentation/config.txt         |  5 +++++
 Documentation/git-fetch-pack.txt |  6 +++---
 t/t5551-http-fetch-smart.sh      | 22 ++++++++++++++++++++++
 upload-pack.c                    | 10 +++++++++-
 4 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/Documentation/config.txt b/Documentation/config.txt
index a0ab66a..b7f9991 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -2961,6 +2961,11 @@ uploadpack.allowReachableSHA1InWant::
 	calculating object reachability is computationally expensive.
 	Defaults to `false`.
 
+uploadpack.allowAnySHA1InWant::
+	Allow `upload-pack` to accept a fetch request that asks for any
+	object at all.
+	Defaults to `false`.
+
 uploadpack.keepAlive::
 	When `upload-pack` has started `pack-objects`, there may be a
 	quiet period while `pack-objects` prepares the pack. Normally
diff --git a/Documentation/git-fetch-pack.txt b/Documentation/git-fetch-pack.txt
index d45f6ad..f7ebe36 100644
--- a/Documentation/git-fetch-pack.txt
+++ b/Documentation/git-fetch-pack.txt
@@ -119,9 +119,9 @@ be in a separate packet, and the list must end with a flush packet.
 	$GIT_DIR (e.g. "HEAD", "refs/heads/master").  When
 	unspecified, update from all heads the remote side has.
 +
-If the remote has enabled the options `uploadpack.allowTipSHA1InWant` or
-`uploadpack.allowReachableSHA1InWant`, they may alternatively be 40-hex
-sha1s present on the remote.
+If the remote has enabled the options `uploadpack.allowTipSHA1InWant`,
+`uploadpack.allowReachableSHA1InWant`, or `uploadpack.allowAnySHA1InWant`,
+they may alternatively be 40-hex sha1s present on the remote.
 
 SEE ALSO
 --------
diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh
index 43665ab..8d3db40 100755
--- a/t/t5551-http-fetch-smart.sh
+++ b/t/t5551-http-fetch-smart.sh
@@ -306,6 +306,28 @@ test_expect_success 'test allowreachablesha1inwant with unreachable' '
 	test_must_fail git -C test_reachable.git fetch origin "$(git rev-parse HEAD)"
 '
 
+test_expect_success 'test allowanysha1inwant with unreachable' '
+	test_when_finished "rm -rf test_reachable.git; git reset --hard $(git rev-parse HEAD)" &&
+
+	#create unreachable sha
+	echo content >file2 &&
+	git add file2 &&
+	git commit -m two &&
+	git push public HEAD:refs/heads/doomed &&
+	git push public :refs/heads/doomed &&
+
+	server="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
+	master_sha=$(git -C "$server" rev-parse refs/heads/master) &&
+	git -C "$server" config uploadpack.allowreachablesha1inwant 1 &&
+
+	git init --bare test_reachable.git &&
+	git -C test_reachable.git remote add origin "$HTTPD_URL/smart/repo.git" &&
+	test_must_fail git -C test_reachable.git fetch origin "$(git rev-parse HEAD)" &&
+
+	git -C "$server" config uploadpack.allowanysha1inwant 1 &&
+	git -C test_reachable.git fetch origin "$(git rev-parse HEAD)"
+'
+
 test_expect_success EXPENSIVE 'http can handle enormous ref negotiation' '
 	(
 		cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
diff --git a/upload-pack.c b/upload-pack.c
index e0db8b4..7597ba3 100644
--- a/upload-pack.c
+++ b/upload-pack.c
@@ -46,6 +46,8 @@ static int no_progress, daemon_mode;
 #define ALLOW_TIP_SHA1	01
 /* Allow request of a sha1 if it is reachable from a ref (possibly hidden ref). */
 #define ALLOW_REACHABLE_SHA1	02
+/* Allow request of any sha1. Implies ALLOW_TIP_SHA1 and ALLOW_REACHABLE_SHA1. */
+#define ALLOW_ANY_SHA1	07
 static unsigned int allow_unadvertised_object_request;
 static int shallow_nr;
 static struct object_array have_obj;
@@ -825,7 +827,8 @@ static void receive_needs(void)
 			    sha1_to_hex(sha1_buf));
 		if (!(o->flags & WANTED)) {
 			o->flags |= WANTED;
-			if (!is_our_ref(o))
+			if (!((allow_unadvertised_object_request & ALLOW_ANY_SHA1) == ALLOW_ANY_SHA1
+			      || is_our_ref(o)))
 				has_non_tip = 1;
 			add_object_array(o, NULL, &want_obj);
 		}
@@ -1008,6 +1011,11 @@ static int upload_pack_config(const char *var, const char *value, void *unused)
 			allow_unadvertised_object_request |= ALLOW_REACHABLE_SHA1;
 		else
 			allow_unadvertised_object_request &= ~ALLOW_REACHABLE_SHA1;
+	} else if (!strcmp("uploadpack.allowanysha1inwant", var)) {
+		if (git_config_bool(var, value))
+			allow_unadvertised_object_request |= ALLOW_ANY_SHA1;
+		else
+			allow_unadvertised_object_request &= ~ALLOW_ANY_SHA1;
 	} else if (!strcmp("uploadpack.keepalive", var)) {
 		keepalive = git_config_int(var, value);
 		if (!keepalive)
-- 
2.8.0.rc4.22.g8ae061a

Re: [PATCH v2] upload-pack: Optionally allow fetching any sha1

[Junio C Hamano]

David Turner <dturner@twosigma.com> writes:

> diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh
> index 43665ab..8d3db40 100755

It seems that I haven't heard of 43665ab.

> --- a/t/t5551-http-fetch-smart.sh
> +++ b/t/t5551-http-fetch-smart.sh
> @@ -306,6 +306,28 @@ test_expect_success 'test allowreachablesha1inwant with unreachable' '
>  	test_must_fail git -C test_reachable.git fetch origin "$(git rev-parse HEAD)"
>  '

Specifically, the above seems to be missing in my tree.

Perhaps you noticed the lack of test for allowReachableSHA1InWant
and added one, but forgot to send it out, while building this patch
on top?

> +uploadpack.allowAnySHA1InWant::
> +	Allow `upload-pack` to accept a fetch request that asks for any
> +	object at all.
> +	Defaults to `false`.

RE: [PATCH v2] upload-pack: Optionally allow fetching any sha1

[David Turner]

Sorry about that -- the first version of this patch noted:

"""This one is on top of yesterday's patch, "remote-curl: don't hang when
a server dies before any output".

That's because I want my test to show that allowanysha1inhead allows a
fetch to succeed where allowreachablesha1inhead would fail.  Prior to
the previous patch, the first fetch's failure would instead be a hang.""""

But I didn't carry over this message to v2.

> -----Original Message-----
> From: Junio C Hamano [mailto:gitster@pobox.com]
> Sent: Saturday, November 12, 2016 8:23 PM
> To: David Turner
> Cc: git@vger.kernel.org; spearce@spearce.org
> Subject: Re: [PATCH v2] upload-pack: Optionally allow fetching any sha1
> 
> David Turner <dturner@twosigma.com> writes:
> 
> > diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh
> > index 43665ab..8d3db40 100755
> 
> It seems that I haven't heard of 43665ab.
> 
> > --- a/t/t5551-http-fetch-smart.sh
> > +++ b/t/t5551-http-fetch-smart.sh
> > @@ -306,6 +306,28 @@ test_expect_success 'test allowreachablesha1inwant
> with unreachable' '
> >  	test_must_fail git -C test_reachable.git fetch origin "$(git rev-
> parse HEAD)"
> >  '
> 
> Specifically, the above seems to be missing in my tree.
> 
> Perhaps you noticed the lack of test for allowReachableSHA1InWant and
> added one, but forgot to send it out, while building this patch on top?
> 
> > +uploadpack.allowAnySHA1InWant::
> > +	Allow `upload-pack` to accept a fetch request that asks for any
> > +	object at all.
> > +	Defaults to `false`.