1GITNAMESPACES(7)                  Git Manual                  GITNAMESPACES(7)
2
3
4

NAME

6       gitnamespaces - Git namespaces
7

SYNOPSIS

9       GIT_NAMESPACE=<namespace> git upload-pack
10       GIT_NAMESPACE=<namespace> git receive-pack
11

DESCRIPTION

13       Git supports dividing the refs of a single repository into multiple
14       namespaces, each of which has its own branches, tags, and HEAD. Git can
15       expose each namespace as an independent repository to pull from and
16       push to, while sharing the object store, and exposing all the refs to
17       operations such as git-gc(1).
18
19       Storing multiple repositories as namespaces of a single repository
20       avoids storing duplicate copies of the same objects, such as when
21       storing multiple branches of the same source. The alternates mechanism
22       provides similar support for avoiding duplicates, but alternates do not
23       prevent duplication between new objects added to the repositories
24       without ongoing maintenance, while namespaces do.
25
26       To specify a namespace, set the GIT_NAMESPACE environment variable to
27       the namespace. For each ref namespace, Git stores the corresponding
28       refs in a directory under refs/namespaces/. For example,
29       GIT_NAMESPACE=foo will store refs under refs/namespaces/foo/. You can
30       also specify namespaces via the --namespace option to git(1).
31
32       Note that namespaces which include a / will expand to a hierarchy of
33       namespaces; for example, GIT_NAMESPACE=foo/bar will store refs under
34       refs/namespaces/foo/refs/namespaces/bar/. This makes paths in
35       GIT_NAMESPACE behave hierarchically, so that cloning with
36       GIT_NAMESPACE=foo/bar produces the same result as cloning with
37       GIT_NAMESPACE=foo and cloning from that repo with GIT_NAMESPACE=bar. It
38       also avoids ambiguity with strange namespace paths such as
39       foo/refs/heads/, which could otherwise generate directory/file
40       conflicts within the refs directory.
41
42       git-upload-pack(1) and git-receive-pack(1) rewrite the names of refs as
43       specified by GIT_NAMESPACE. git-upload-pack and git-receive-pack will
44       ignore all references outside the specified namespace.
45
46       The smart HTTP server, git-http-backend(1), will pass GIT_NAMESPACE
47       through to the backend programs; see git-http-backend(1) for sample
48       configuration to expose repository namespaces as repositories.
49
50       For a simple local test, you can use git-remote-ext(1):
51
52           git clone ext::'git --namespace=foo %s /tmp/prefixed.git'
53

SECURITY

55       The fetch and push protocols are not designed to prevent one side from
56       stealing data from the other repository that was not intended to be
57       shared. If you have private data that you need to protect from a
58       malicious peer, your best option is to store it in another repository.
59       This applies to both clients and servers. In particular, namespaces on
60       a server are not effective for read access control; you should only
61       grant read access to a namespace to clients that you would trust with
62       read access to the entire repository.
63
64       The known attack vectors are as follows:
65
66        1. The victim sends "have" lines advertising the IDs of objects it has
67           that are not explicitly intended to be shared but can be used to
68           optimize the transfer if the peer also has them. The attacker
69           chooses an object ID X to steal and sends a ref to X, but isn’t
70           required to send the content of X because the victim already has
71           it. Now the victim believes that the attacker has X, and it sends
72           the content of X back to the attacker later. (This attack is most
73           straightforward for a client to perform on a server, by creating a
74           ref to X in the namespace the client has access to and then
75           fetching it. The most likely way for a server to perform it on a
76           client is to "merge" X into a public branch and hope that the user
77           does additional work on this branch and pushes it back to the
78           server without noticing the merge.)
79
80        2. As in #1, the attacker chooses an object ID X to steal. The victim
81           sends an object Y that the attacker already has, and the attacker
82           falsely claims to have X and not Y, so the victim sends Y as a
83           delta against X. The delta reveals regions of X that are similar to
84           Y to the attacker.
85

GIT

87       Part of the git(1) suite
88
89
90
91Git 2.39.1                        2023-01-13                  GITNAMESPACES(7)
Impressum