git-cvsserver: clarify directory list

The documentation and error messages for git-cvsserver include some
references to a "whitelist" that is not otherwise included in the
documentation. When different parts of the documentation do not use
common language, this can lead to confusion as to how things are meant
to operate.

Further, the word "whitelist" has cultural implications that make its
use non-inclusive. Thankfully, we can remove it while increasing
clarity.

Update Documentation/git-cvsserver.txt in a similar way to the previous
change to Documentation/git-daemon.txt. The optional '<directory>...'
list can specify a list of allowed directories. We refer to that list
directly inside of the documentation for the GIT_CVSSERVER_ROOT
environment variable.

While modifying this documentation, update the environment variables to
use a list format. We use the modern way of tabbing the description of
each variable in this section. We do _not_ update the description of
'<directory>...' to use tabs this way since the rest of the items in the
OPTIONS list do not use this modern formatting.

A single error message in the actual git-cvsserver.perl code refers to
the whitelist during argument parsing. Instead, refer to the directory
list that has been clarified in the documentation.

Signed-off-by: Derrick Stolee <derrickstolee@github.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Derrick Stolee 2022-07-19 18:32:14 +00:00 committed by Junio C Hamano
parent dee8a1455c
commit acc5e287f2
3 changed files with 12 additions and 11 deletions

View File

@ -63,11 +63,10 @@ Print version information and exit
Print usage information and exit Print usage information and exit
<directory>:: <directory>::
You can specify a list of allowed directories. If no directories The remaining arguments provide a list of directories. If no directories
are given, all are allowed. This is an additional restriction, gitcvs are given, then all are allowed. Repositories within these directories
access still needs to be enabled by the `gitcvs.enabled` config option still require the `gitcvs.enabled` config option, unless `--export-all`
unless `--export-all` was given, too. is specified.
LIMITATIONS LIMITATIONS
----------- -----------
@ -311,11 +310,13 @@ ENVIRONMENT
These variables obviate the need for command-line options in some These variables obviate the need for command-line options in some
circumstances, allowing easier restricted usage through git-shell. circumstances, allowing easier restricted usage through git-shell.
GIT_CVSSERVER_BASE_PATH takes the place of the argument to --base-path. GIT_CVSSERVER_BASE_PATH::
This variable replaces the argument to --base-path.
GIT_CVSSERVER_ROOT specifies a single-directory whitelist. The GIT_CVSSERVER_ROOT::
repository must still be configured to allow access through This variable specifies a single directory, replacing the
git-cvsserver, as described above. `<directory>...` argument list. The repository still requires the
`gitcvs.enabled` config option, unless `--export-all` is specified.
When these environment variables are set, the corresponding When these environment variables are set, the corresponding
command-line arguments may not be used. command-line arguments may not be used.

View File

@ -152,7 +152,7 @@ $state->{allowed_roots} = [ @ARGV ];
# don't export the whole system unless the users requests it # don't export the whole system unless the users requests it
if ($state->{'export-all'} && !@{$state->{allowed_roots}}) { if ($state->{'export-all'} && !@{$state->{allowed_roots}}) {
die "--export-all can only be used together with an explicit whitelist\n"; die "--export-all can only be used together with an explicit '<directory>...' list\n";
} }
# Environment handling for running under git-shell # Environment handling for running under git-shell

View File

@ -221,7 +221,7 @@ test_expect_success 'req_Root (export-all)' \
'cat request-anonymous | git-cvsserver --export-all pserver "$WORKDIR" >log 2>&1 && 'cat request-anonymous | git-cvsserver --export-all pserver "$WORKDIR" >log 2>&1 &&
sed -ne \$p log | grep "^I LOVE YOU\$"' sed -ne \$p log | grep "^I LOVE YOU\$"'
test_expect_success 'req_Root failure (export-all w/o whitelist)' \ test_expect_success 'req_Root failure (export-all w/o directory list)' \
'! (cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 || false)' '! (cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 || false)'
test_expect_success 'req_Root (everything together)' \ test_expect_success 'req_Root (everything together)' \