freshlybakedca.ke / git
Git fork
fork atom

git-cvsserver: clarify directory list

The documentation and error messages for git-cvsserver include some
references to a "whitelist" that is not otherwise included in the
documentation. When different parts of the documentation do not use
common language, this can lead to confusion as to how things are meant
to operate.

Further, the word "whitelist" has cultural implications that make its
use non-inclusive. Thankfully, we can remove it while increasing
clarity.

Update Documentation/git-cvsserver.txt in a similar way to the previous
change to Documentation/git-daemon.txt. The optional '<directory>...'
list can specify a list of allowed directories. We refer to that list
directly inside of the documentation for the GIT_CVSSERVER_ROOT
environment variable.

While modifying this documentation, update the environment variables to
use a list format. We use the modern way of tabbing the description of
each variable in this section. We do _not_ update the description of
'<directory>...' to use tabs this way since the rest of the items in the
OPTIONS list do not use this modern formatting.

A single error message in the actual git-cvsserver.perl code refers to
the whitelist during argument parsing. Instead, refer to the directory
list that has been clarified in the documentation.

Signed-off-by: Derrick Stolee <derrickstolee@github.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

authored by

Derrick Stolee and committed by
Junio C Hamano acc5e287 dee8a145

+12 -11
unified split
+10 -9
Documentation/git-cvsserver.txt
··· 63 63 Print usage information and exit 64 64 65 65 <directory>:: 66 - You can specify a list of allowed directories. If no directories 67 - are given, all are allowed. This is an additional restriction, gitcvs 68 - access still needs to be enabled by the `gitcvs.enabled` config option 69 - unless `--export-all` was given, too. 70 - 66 + The remaining arguments provide a list of directories. If no directories 67 + are given, then all are allowed. Repositories within these directories 68 + still require the `gitcvs.enabled` config option, unless `--export-all` 69 + is specified. 71 70 72 71 LIMITATIONS 73 72 ----------- ··· 311 310 These variables obviate the need for command-line options in some 312 311 circumstances, allowing easier restricted usage through git-shell. 313 312 314 - GIT_CVSSERVER_BASE_PATH takes the place of the argument to --base-path. 313 + GIT_CVSSERVER_BASE_PATH:: 314 + This variable replaces the argument to --base-path. 315 315 316 - GIT_CVSSERVER_ROOT specifies a single-directory whitelist. The 317 - repository must still be configured to allow access through 318 - git-cvsserver, as described above. 316 + GIT_CVSSERVER_ROOT:: 317 + This variable specifies a single directory, replacing the 318 + `<directory>...` argument list. The repository still requires the 319 + `gitcvs.enabled` config option, unless `--export-all` is specified. 319 320 320 321 When these environment variables are set, the corresponding 321 322 command-line arguments may not be used.
+1 -1
git-cvsserver.perl
··· 152 152 153 153 # don't export the whole system unless the users requests it 154 154 if ($state->{'export-all'} && !@{$state->{allowed_roots}}) { 155 - die "--export-all can only be used together with an explicit whitelist\n"; 155 + die "--export-all can only be used together with an explicit '<directory>...' list\n"; 156 156 } 157 157 158 158 # Environment handling for running under git-shell
+1 -1
t/t9400-git-cvsserver-server.sh
··· 221 221 'cat request-anonymous | git-cvsserver --export-all pserver "$WORKDIR" >log 2>&1 && 222 222 sed -ne \$p log | grep "^I LOVE YOU\$"' 223 223 224 - test_expect_success 'req_Root failure (export-all w/o whitelist)' \ 224 + test_expect_success 'req_Root failure (export-all w/o directory list)' \ 225 225 '! (cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 || false)' 226 226 227 227 test_expect_success 'req_Root (everything together)' \