Documentation / config / transfer.txton commit Merge tag 'v2.23.0-rc2' of git://git.kernel.org/pub/scm/git/git (d6d5cbf)
   1transfer.fsckObjects::
   2        When `fetch.fsckObjects` or `receive.fsckObjects` are
   3        not set, the value of this variable is used instead.
   4        Defaults to false.
   5+
   6When set, the fetch or receive will abort in the case of a malformed
   7object or a link to a nonexistent object. In addition, various other
   8issues are checked for, including legacy issues (see `fsck.<msg-id>`),
   9and potential security issues like the existence of a `.GIT` directory
  10or a malicious `.gitmodules` file (see the release notes for v2.2.1
  11and v2.17.1 for details). Other sanity and security checks may be
  12added in future releases.
  13+
  14On the receiving side, failing fsckObjects will make those objects
  15unreachable, see "QUARANTINE ENVIRONMENT" in
  16linkgit:git-receive-pack[1]. On the fetch side, malformed objects will
  17instead be left unreferenced in the repository.
  18+
  19Due to the non-quarantine nature of the `fetch.fsckObjects`
  20implementation it cannot be relied upon to leave the object store
  21clean like `receive.fsckObjects` can.
  22+
  23As objects are unpacked they're written to the object store, so there
  24can be cases where malicious objects get introduced even though the
  25"fetch" failed, only to have a subsequent "fetch" succeed because only
  26new incoming objects are checked, not those that have already been
  27written to the object store. That difference in behavior should not be
  28relied upon. In the future, such objects may be quarantined for
  29"fetch" as well.
  30+
  31For now, the paranoid need to find some way to emulate the quarantine
  32environment if they'd like the same protection as "push". E.g. in the
  33case of an internal mirror do the mirroring in two steps, one to fetch
  34the untrusted objects, and then do a second "push" (which will use the
  35quarantine) to another internal repo, and have internal clients
  36consume this pushed-to repository, or embargo internal fetches and
  37only allow them once a full "fsck" has run (and no new fetches have
  38happened in the meantime).
  39
  40transfer.hideRefs::
  41        String(s) `receive-pack` and `upload-pack` use to decide which
  42        refs to omit from their initial advertisements.  Use more than
  43        one definition to specify multiple prefix strings. A ref that is
  44        under the hierarchies listed in the value of this variable is
  45        excluded, and is hidden when responding to `git push` or `git
  46        fetch`.  See `receive.hideRefs` and `uploadpack.hideRefs` for
  47        program-specific versions of this config.
  48+
  49You may also include a `!` in front of the ref name to negate the entry,
  50explicitly exposing it, even if an earlier entry marked it as hidden.
  51If you have multiple hideRefs values, later entries override earlier ones
  52(and entries in more-specific config files override less-specific ones).
  53+
  54If a namespace is in use, the namespace prefix is stripped from each
  55reference before it is matched against `transfer.hiderefs` patterns.
  56For example, if `refs/heads/master` is specified in `transfer.hideRefs` and
  57the current namespace is `foo`, then `refs/namespaces/foo/refs/heads/master`
  58is omitted from the advertisements but `refs/heads/master` and
  59`refs/namespaces/bar/refs/heads/master` are still advertised as so-called
  60"have" lines. In order to match refs before stripping, add a `^` in front of
  61the ref name. If you combine `!` and `^`, `!` must be specified first.
  62+
  63Even if you hide refs, a client may still be able to steal the target
  64objects via the techniques described in the "SECURITY" section of the
  65linkgit:gitnamespaces[7] man page; it's best to keep private data in a
  66separate repository.
  67
  68transfer.unpackLimit::
  69        When `fetch.unpackLimit` or `receive.unpackLimit` are
  70        not set, the value of this variable is used instead.
  71        The default value is 100.