--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
From what I recall of the spec (which, caveat, I haven't read closely since the announcement), one of the biggest incompatibilities is that objects are just looked up by ID, without passing a refname context in which they are being viewed. This doesn't work with Gerrit's permission system.
--
From what I recall of the spec (which, caveat, I haven't read closely since the announcement), one of the biggest incompatibilities is that objects are just looked up by ID, without passing a refname context in which they are being viewed. This doesn't work with Gerrit's permission system.
On Mon, Oct 5, 2015 at 11:28 PM, 'Dave Borowitz' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:From what I recall of the spec (which, caveat, I haven't read closely since the announcement), one of the biggest incompatibilities is that objects are just looked up by ID, without passing a refname context in which they are being viewed. This doesn't work with Gerrit's permission system.Some months ago we discussed exactly this issue.If I remember it well, the URL used to put a large object is composed by the LFS server.Assuming the LFS server is a Gerrit plugin it could build such a URL which would containthe project-branch into the URL.On Mon, Oct 5, 2015 at 4:44 PM, Doug Kelly <doug...@gmail.com> wrote:Hey all,I've been toying with the idea of adding Git LFS support to Gerrit for a while now -- possibly through the plugins API. Most of this shouldn't be too bad, since you can easily register the new SSH command (although due to the limitations on how commands can be bound, the plugin would have to be named "git-lfs-authenticate")... and you can bind a new servlet to handle the Git LFS download/upload. There's a few key points with this:* Obviously, the file storage part would have to be written.* A new capability for LFS upload (by project?) would probably be worth adding (possible via the existing plugin extension points).* The existing capability for project read is probably good enough, but it may be worthwhile adding a new capability, especially if not all users have access to refs/* for a project. This would come with a caveat that there's no way to enforce branch permissions with Git LFS.* I'd imagine the storage could be organized by project to isolate objects from different projects (along with making permissions per project).* Another "nice to have" would be the ability for plugins to bind top-level commands differing from the name of the plugin. This would just increase clarity for those using SSH (although HTTP authentication would need to be configured for LFS to work at all).
Edwin Kempin
Software Engineer
Google Germany GmbH
Dienerstraße 12
80331 München
Geschäftsführer: Graham Law, Christine Elizabeth Flores
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Diese E-Mail ist vertraulich. Wenn Sie nicht der richtige Adressat sind, leiten Sie diese bitte nicht weiter, informieren Sie den Absender und löschen Sie die E-Mail und alle Anhänge. Vielen Dank.
This e-mail is confidential. If you are not the right addressee please do not forward it, please inform the sender, and please erase this e-mail including any attachments. Thanks.
On Monday, October 5, 2015 at 4:29:02 PM UTC-5, Dave Borowitz wrote:From what I recall of the spec (which, caveat, I haven't read closely since the announcement), one of the biggest incompatibilities is that objects are just looked up by ID, without passing a refname context in which they are being viewed. This doesn't work with Gerrit's permission system.Yep. That would be correct (why I suggested a special capability for the plugin)... so, it would work, just not by refname.
As for why considering such a plugin? If nothing else, it could be possible to expose the info/lfs special path which would allow us to pass a reference to the actual Git LFS server (for example, if using Artifactory). This would eliminate the manual configuration of Git LFS.As far as actually storing the objects and accessing them from this hypothetical LFS plugin? This could be a neat extension for some -- since it could work within the existing confines of Gerrit (credentials would match, no need for a separate server, etc.) -- the underlying storage could be anything (even putting it on NFS would possibly work for some users).So, my thought is not to extend core Gerrit (other than to the extent necessary to make such features possible), but to provide a plugin as an alternative to standalone systems like Artifactory for those who would like an all-in-one solution (or, in the case of an existing Artifactory deployment, being able to point to it).--Doug
--
On Mon, Oct 5, 2015 at 11:28 PM, Doug Kelly <doug...@gmail.com> wrote:
On Monday, October 5, 2015 at 4:29:02 PM UTC-5, Dave Borowitz wrote:From what I recall of the spec (which, caveat, I haven't read closely since the announcement), one of the biggest incompatibilities is that objects are just looked up by ID, without passing a refname context in which they are being viewed. This doesn't work with Gerrit's permission system.Yep. That would be correct (why I suggested a special capability for the plugin)... so, it would work, just not by refname.Personally, I think this is very dangerous. People spend all this time setting up complex branch level ACLs and then you give them a plugin that throws those ACLs out the window. It's only a matter of time until something is leaked because someone thought their branch-level ACLs would also apply to large files but they don't.But I don't think the branch ACL problem is unsolvable. Two things come to mind:1. Can we do a visibility check efficiently? Doing it naively (walk all visible refs looking for the particular large file ID) is easy. Throwing a cache in front of that may help. Doing something more sophisticated, like git does with reachability bitmaps, may help even more. (But note that since large file IDs are not git object IDs, existing reachability bitmaps don't actually help.)2. Can we add a branch parameter to the API to give Gerrit a hint for what branch to check reachability from? I mentioned this in passing to Rick shortly after the launch, and he didn't seem opposed.
As the remaining details are hashed out with how to handle the LFS implementation, that could be added later. Having support in JGit to handle the backend storage would also be very nice -- so seeing that work was at least started on that is pretty cool.
--
Then the plugin would list all LF visible from the authorized and fetched ref...
Great initiative Doug!We also contemplated a Git LFS plugin to enable Git LFS with gerrit Authorization. Never had time to realize any of them though.We though about taking advantage of the initial visibility check from the initial clone/fetch from gerrit, and propagate that to the git LFS plugin. Then the plugin would list all LF visible from the authorized and fetched ref, when the ssh call to authorize the LF comes from the client then the plugin would respond with short-lived url's of the LF OR authenticate the user in some other way.But I never attempted to realize any of this so it might as well be crazy-talk.I think one problem with the branch/LO mapping in the URL is that it's not 1-1 mapping:Say you have a protected branch (prot) and upload a LF (LF-a)to that branch, later on you create a new branch (open) that is not protected but reaches 'LF-a', then everyone can access the 'open' branch but the visibility of 'LF-a' is determined by the visibility of the 'prot' branch. And in most cases you don't have a relationship where visibility of 'prot' is a subset of visibility of 'open' so it doesn't make sense to set the URL to <something>~open~<something> either.But I might have misunderstood your intentions.
On Wed, Oct 7, 2015 at 1:58 AM Sven Selberg <sven.s...@sonymobile.com> wrote:Great initiative Doug!We also contemplated a Git LFS plugin to enable Git LFS with gerrit Authorization. Never had time to realize any of them though.We though about taking advantage of the initial visibility check from the initial clone/fetch from gerrit, and propagate that to the git LFS plugin. Then the plugin would list all LF visible from the authorized and fetched ref, when the ssh call to authorize the LF comes from the client then the plugin would respond with short-lived url's of the LF OR authenticate the user in some other way.But I never attempted to realize any of this so it might as well be crazy-talk.I think one problem with the branch/LO mapping in the URL is that it's not 1-1 mapping:Say you have a protected branch (prot) and upload a LF (LF-a)to that branch, later on you create a new branch (open) that is not protected but reaches 'LF-a', then everyone can access the 'open' branch but the visibility of 'LF-a' is determined by the visibility of the 'prot' branch. And in most cases you don't have a relationship where visibility of 'prot' is a subset of visibility of 'open' so it doesn't make sense to set the URL to <something>~open~<something> either.But I might have misunderstood your intentions.Right, I think that was what Dave was referring to, and I was trying to come up with some ideas off the top of my head. The idea of passing a branch name would not be to store some information permanently about the objects, but to try to hint to the server where to start a reachability check.
If you know something about the commit the user's currently on
On Wed, Oct 7, 2015 at 2:31 PM, Doug Kelly <doug...@gmail.com> wrote:On Wed, Oct 7, 2015 at 1:58 AM Sven Selberg <sven.s...@sonymobile.com> wrote:Great initiative Doug!We also contemplated a Git LFS plugin to enable Git LFS with gerrit Authorization. Never had time to realize any of them though.We though about taking advantage of the initial visibility check from the initial clone/fetch from gerrit, and propagate that to the git LFS plugin. Then the plugin would list all LF visible from the authorized and fetched ref, when the ssh call to authorize the LF comes from the client then the plugin would respond with short-lived url's of the LF OR authenticate the user in some other way.But I never attempted to realize any of this so it might as well be crazy-talk.I think one problem with the branch/LO mapping in the URL is that it's not 1-1 mapping:Say you have a protected branch (prot) and upload a LF (LF-a)to that branch, later on you create a new branch (open) that is not protected but reaches 'LF-a', then everyone can access the 'open' branch but the visibility of 'LF-a' is determined by the visibility of the 'prot' branch. And in most cases you don't have a relationship where visibility of 'prot' is a subset of visibility of 'open' so it doesn't make sense to set the URL to <something>~open~<something> either.But I might have misunderstood your intentions.Right, I think that was what Dave was referring to, and I was trying to come up with some ideas off the top of my head. The idea of passing a branch name would not be to store some information permanently about the objects, but to try to hint to the server where to start a reachability check.+1If you know something about the commit the user's currently onA client can never fetch a commit by its SHA1. Instead it fetches via reference(s).Therefore, I think, we always know "something about the commit the user's is on".
A client can never fetch a commit by its SHA1. Instead it fetches via reference(s).Therefore, I think, we always know "something about the commit the user's is on".
On Wed, Oct 7, 2015 at 8:25 AM Saša Živkov <ziv...@gmail.com> wrote:On Wed, Oct 7, 2015 at 2:31 PM, Doug Kelly <doug...@gmail.com> wrote:On Wed, Oct 7, 2015 at 1:58 AM Sven Selberg <sven.s...@sonymobile.com> wrote:Great initiative Doug!We also contemplated a Git LFS plugin to enable Git LFS with gerrit Authorization. Never had time to realize any of them though.We though about taking advantage of the initial visibility check from the initial clone/fetch from gerrit, and propagate that to the git LFS plugin. Then the plugin would list all LF visible from the authorized and fetched ref, when the ssh call to authorize the LF comes from the client then the plugin would respond with short-lived url's of the LF OR authenticate the user in some other way.But I never attempted to realize any of this so it might as well be crazy-talk.I think one problem with the branch/LO mapping in the URL is that it's not 1-1 mapping:Say you have a protected branch (prot) and upload a LF (LF-a)to that branch, later on you create a new branch (open) that is not protected but reaches 'LF-a', then everyone can access the 'open' branch but the visibility of 'LF-a' is determined by the visibility of the 'prot' branch. And in most cases you don't have a relationship where visibility of 'prot' is a subset of visibility of 'open' so it doesn't make sense to set the URL to <something>~open~<something> either.But I might have misunderstood your intentions.Right, I think that was what Dave was referring to, and I was trying to come up with some ideas off the top of my head. The idea of passing a branch name would not be to store some information permanently about the objects, but to try to hint to the server where to start a reachability check.+1If you know something about the commit the user's currently onA client can never fetch a commit by its SHA1. Instead it fetches via reference(s).Therefore, I think, we always know "something about the commit the user's is on".Ah, what I was referring to was in the LFS protocol, the communication is very basic -- it happens outside the normal git channel, and instead is just a HTTP GET request for "/objects/<OID>" where <OID> is the LFS object ID. No information about the branch/commit in Git the user is on is contained within this request. (If using the batch API, it could be a little different, requesting /objects/batch with the OID posted in a JSON request, but otherwise is the same idea.) This returns the reference to the actual storage link for the client, though.
On Wed, Oct 7, 2015 at 6:25 AM, Saša Živkov <ziv...@gmail.com> wrote:A client can never fetch a commit by its SHA1. Instead it fetches via reference(s).Therefore, I think, we always know "something about the commit the user's is on".Just as a matter of correction, post 1.8.3 git-core clients can try to fetch any commit. Its now a valid in the wire protocol to ask for something by SHA-1. Servers usually disallow this, as evaluating "is commit reachable" is very time consuming. Its more feasible with bitmap indexes, but not implemented in Gerrit Code Review at this time.
git-core 2.5.0 servers can opt-in with uploadpack.allowReachableSHA1InWant set to true.
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
On Wed, Oct 7, 2015 at 5:27 PM, 'Shawn Pearce' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:On Wed, Oct 7, 2015 at 6:25 AM, Saša Živkov <ziv...@gmail.com> wrote:A client can never fetch a commit by its SHA1. Instead it fetches via reference(s).Therefore, I think, we always know "something about the commit the user's is on".Just as a matter of correction, post 1.8.3 git-core clients can try to fetch any commit. Its now a valid in the wire protocol to ask for something by SHA-1. Servers usually disallow this, as evaluating "is commit reachable" is very time consuming. Its more feasible with bitmap indexes, but not implemented in Gerrit Code Review at this time.As discussed in issue 175 [1] you can also configure[uploadpack] allowTipSha1InWant = trueon your repo and then fetch tips by SHA-1.
On Wed, Oct 7, 2015 at 5:32 PM, Edwin Kempin <eke...@google.com> wrote:On Wed, Oct 7, 2015 at 5:27 PM, 'Shawn Pearce' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:On Wed, Oct 7, 2015 at 6:25 AM, Saša Živkov <ziv...@gmail.com> wrote:A client can never fetch a commit by its SHA1. Instead it fetches via reference(s).Therefore, I think, we always know "something about the commit the user's is on".Just as a matter of correction, post 1.8.3 git-core clients can try to fetch any commit. Its now a valid in the wire protocol to ask for something by SHA-1. Servers usually disallow this, as evaluating "is commit reachable" is very time consuming. Its more feasible with bitmap indexes, but not implemented in Gerrit Code Review at this time.As discussed in issue 175 [1] you can also configure[uploadpack] allowTipSha1InWant = trueon your repo and then fetch tips by SHA-1.Can one then fetch any SHA-1 from that repository?
Are reachability/readability checks done for the SHA1 being fetched?
we pushed a first working LFS implementation for review which includesJGit:- protocol support for the LFS batch API [1]two storage implementations for storing the large objects- simple file system storage [1]- Amazon S3 storage [2]Gerrit integration:- integration of the protocol implementation into gerrit core [3]- plugin lfs-storage-fs [4] integrating the file system storage based implementation into Gerrit
On Mon, Jul 11, 2016 at 10:41 AM, David Pursehouse <david.pu...@gmail.com> wrote:On Sun, Jan 31, 2016 at 9:59 AM Matthias Sohn <matthi...@gmail.com> wrote:we pushed a first working LFS implementation for review which includesJGit:- protocol support for the LFS batch API [1]two storage implementations for storing the large objects- simple file system storage [1]- Amazon S3 storage [2]Gerrit integration:- integration of the protocol implementation into gerrit core [3]- plugin lfs-storage-fs [4] integrating the file system storage based implementation into GerritIn the implementation so far, LFS is enabled by adding a plugin that implements the extension point. By doing so, LFS is enabled globally for all projects.Was there any specific reason not to allow it to be configurable (enabled or not) on a per-project level?No.Actually, I just wanted to start working on that feature: have a (white) list of projects for which LFS is enabled.However, if you already started working on that then I will await your change and review it :-)Let me know.
There are two ideas behind it:1. have it configurable in UI in "Project Options" called like "Enable Git LFS" with 3 values "disabled" (default), "read-only", "active"where "disabled" when none plugin is loaded or project is hidden, "read-only" when project is "read-only" or when user selects it for when project is "active", "active" only when project is active and user selects feature to "active"
2. and/or (as these ideas don't exclude each other ;)) have extension point in LfsPluginServlet that would basically call for validation - again would have to reach to project.config to get it