[PATCH] Add stream-tar command - gitano-dev - listmaster.pepperfish.net

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[PATCH] Add stream-tar command

[RFC 0/7] gitano-auth refactor

[PATCH 00/12] A series of...

Richard Maw

Tuesday, 5 November 2013 Tue, 5 Nov '13

12:58 a.m.

Repo: git://git.gitano.org.uk/personal/richardmaw/gitano.git Ref: add-stream-tar Sha1: c07dc8fa5eb1c080b5ce741e980660be64a1da4e Land: master It's more or less hacked in at this point, though it appears to work, as the yarn test can attest to. Richard Maw (1): Add stream-tar command lib/gitano/repocommand.lua | 22 ++++++++++++++++++++++ lib/gitano/repository.lua | 11 +++++++++++ testing/02-commands-stream-tar.yarn | 30 ++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 testing/02-commands-stream-tar.yarn -- 1.8.2.3

Reply

Show replies by date

Richard Maw

Tuesday, 5 November Tue, 5 Nov

12:58 a.m.

--- lib/gitano/repocommand.lua | 22 ++++++++++++++++++++++ lib/gitano/repository.lua | 11 +++++++++++ testing/02-commands-stream-tar.yarn | 30 ++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 testing/02-commands-stream-tar.yarn diff --git a/lib/gitano/repocommand.lua b/lib/gitano/repocommand.lua index 4d70a8b..7df1847 100644 --- a/lib/gitano/repocommand.lua +++ b/lib/gitano/repocommand.lua @@ -69,6 +69,24 @@ local function builtin_simple_run(config, repo, cmdline, env) return proc:wait() end +local builtin_stream_tar_short = "Get a tar stream of repository" +local builtin_stream_tar_helptext = [[ +usage: stream-tar repo + +Get the contents of a git repository as a tar stream. This is a faster +way of cloning, but the receiver has to do extra work to make it appear +like a normal clone. + +You must have read access to the repository to run stream-tar. +]] +local function builtin_stream_tar_prep(config, repo, cmdline, context) + context.operation = "read" + return repo:run_lace(context) +end +local function builtin_stream_tar_run(config, repo, cmdline, env) + return repo:stream_tar() +end + local function register_repocommand(register_cmd) assert(register_cmd("gc", builtin_gc_short, builtin_gc_helptext, builtin_simple_validate, builtin_gc_prep, @@ -82,6 +100,10 @@ local function register_repocommand(register_cmd) assert(register_cmd("fsck", builtin_fsck_short, builtin_fsck_helptext, builtin_simple_validate, builtin_fsck_prep, builtin_simple_run, true, false)) + assert(register_cmd("stream-tar", builtin_stream_tar_short, + builtin_stream_tar_helptext, + builtin_simple_validate, builtin_stream_tar_prep, + builtin_stream_tar_run, true, false)) end return { diff --git a/lib/gitano/repository.lua b/lib/gitano/repository.lua index 796e162..a81a9f6 100644 --- a/lib/gitano/repository.lua +++ b/lib/gitano/repository.lua @@ -687,6 +687,17 @@ function repo_method:save_admin(reason, username) return self:run_checks() end +function repo_method:stream_tar() + local proc = sp.spawn_simple{ + 'tar', 'c', '-C', self:fs_path(), '.' + } + local how, why = proc:wait() + if how ~= "exit" or why ~= 0 then + return false, ("Tar failed: %s: %d"):format(how, why) + end + return how, why +end + local repo_meta = { __index = repo_method, } diff --git a/testing/02-commands-stream-tar.yarn b/testing/02-commands-stream-tar.yarn new file mode 100644 index 0000000..3541a4c --- /dev/null +++ b/testing/02-commands-stream-tar.yarn @@ -0,0 +1,30 @@ + + +`stream-tar <repo>` +=================== + +The `stream-tar` command can be used to clone a repository, but bypass +the repacking logic of the git server. + +This requires extra work on the client to get it into the right +format. For a mirror, this involves removing any branches that aren't in +`refs/heads` or `refs/tags`, for non-mirror clones, it needs to be turned +into a non-bare repository. + +Basic operation +=============== + + SCENARIO Basic operation of stream-tar + GIVEN a standard instance + WHEN testinstance adminkey runs create stoat + AND testinstance adminkey runs stream-tar stoat + THEN testinstance stdout can be extracted as badger + AND testinstance has a clone of badger + +Implementations +=============== + + IMPLEMENTS THEN ([a-z][a-z0-9]*) ([^ ]+) can be extracted as ([^ ]+) + exdir="$DATADIR/user-home-$MATCH_1/$MATCH_3" + mkdir -p "$exdir" + tar xf "$DATADIR/$MATCH_2" -C "$exdir" -- 1.8.2.3

Reply

Daniel Silverstone

2:16 a.m.

On Mon, Nov 04, 2013 at 15:58:18 +0000, Richard Maw wrote:

+function repo_method:stream_tar() + local proc = sp.spawn_simple{ + 'tar', 'c', '-C', self:fs_path(), '.' + }

This seems a tad simplistic. At minimum we should strip out the hooks and info tree since those are system specific. Also it'd be nice if we could anonymise the tarball coming out so it doesn't contain UIDs/GIDs which could leak data about the system to a potential attacker -- remember we do not trust anyone fully, not even gitano-admin. It'd also be really really nice if it could have an option to filter the refs to turn refs/heads/* into refs/remotes/origin/* and automatically add a remote to the config, perhaps turning it non-bare and setting it all inside a .git, so you could do: ssh git@gitmachine stream-tar fooproject non-bare | tar xv cd non-bare git checkout master That would rock very hard indeed. D. -- Daniel Silverstone http://www.digital-scurf.org/ PGP mail accepted and encouraged. Key Id: 3CCE BABE 206C 3B69

Reply

Richard Maw

8:50 p.m.

On 4 November 2013 17:16, Daniel Silverstone <dsilvers(a)digital-scurf.org>wrote:

This seems a tad simplistic. At minimum we should strip out the hooks and info tree since those are system specific.

I think for the next version, it should use the same whitelist as we used for lorry.

Also it'd be nice if we could anonymise the tarball coming out so it doesn't contain UIDs/GIDs which could leak data about the system to a potential attacker -- remember we do not trust anyone fully, not even gitano-admin.

Busybox's tar does not support the required options, unfortunately. If we were to allow this we'd have to copy the repository and fiddle with it beforehand. This would diminish the gains for using stream-tar in the first place. You get --numeric-owner to get it to extract based on stored uid instead of user name, but that's about it. Busybox's cpio on the other hand _has_ got -R/--owner explicitly for this use case. I may see how difficult it would be to use cpio instead.

It'd also be really really nice if it could have an option to filter the refs to turn refs/heads/* into refs/remotes/origin/* and automatically add a remote to the config, perhaps turning it non-bare and setting it all inside a .git, so you could do: ssh git@gitmachine stream-tar fooproject non-bare | tar xv cd non-bare git checkout master That would rock very hard indeed.

Hm, it may be possible to do this without copying the repository. Prepending .git to the path could be handled with a symlink, and if I can get tar to append to the stream I could include replacement refs and config. If this proves to be nasty or impossible, then I'd argue it's better for the client to do this, since there'll be some fiddling on the user side needed anyway to get a usable workspace. If HEAD is master, then you'd need to used git reset --hard HEAD, rather than just git checkout master.

Reply

Daniel Silverstone

2:19 a.m.

On Mon, Nov 04, 2013 at 15:58:17 +0000, Richard Maw wrote:

Repo: git://git.gitano.org.uk/personal/richardmaw/gitano.git Ref: add-stream-tar Sha1: c07dc8fa5eb1c080b5ce741e980660be64a1da4e Land: master It's more or less hacked in at this point, though it appears to work, as the yarn test can attest to.

I've made some comments on the patch mail itself. For now, I'm -1ing this patch, but with appropriate responses that could be upgraded to a +1. D. -- Daniel Silverstone http://www.digital-scurf.org/ PGP mail accepted and encouraged. Key Id: 3CCE BABE 206C 3B69

Reply

3198

days inactive

3199

days old

gitano-dev@gitano.org.uk

Manage subscription

4 comments

2 participants

tags (0)

participants (2)

Daniel Silverstone
Richard Maw