From patchwork Thu Jul 4 00:38:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "brian m. carlson" X-Patchwork-Id: 13723093 Received: from complex.crustytoothpaste.net (complex.crustytoothpaste.net [172.105.7.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1C7223DE for ; Thu, 4 Jul 2024 00:40:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=172.105.7.114 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720053635; cv=none; b=gi5KFJloPfq+2j0MX03pB1J+MyM59EarZoKMs2CO9PL+KRm/ZcRiQ7Sws652jTjT+lR8uDMln0pqVEwmBhn6h7MJntvEZXK6gYZvIPVhaVj9EPv9i9B/DV1dN3J5YS8SB/geyFvcxbZGyVdNfkSMBO87lgt0HsJDeLbnSJ5iIdw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720053635; c=relaxed/simple; bh=B8m4f5yFWS/y869OG/dDnD5pF0tJnXz+lxQAnaC3FDU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RURIg33o8GTrNWTkC9Zsq5qWDxV1RuubdzvbLwGw74g7P2PaBzX11tJ6Ev543xRN9DHhJmd1NRZ5NntunS9i8TFeJ+GxoAT3QDvPOr9AKgGZH0K2DPsRH5IQr4cz2ex2EShfsyQ3xgY7ZBmJ6vfRk+SHKzrxqAvgl9oGRg4g27M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=crustytoothpaste.net; spf=pass smtp.mailfrom=crustytoothpaste.net; dkim=pass (3072-bit key) header.d=crustytoothpaste.net header.i=@crustytoothpaste.net header.b=fZ26rRvL; arc=none smtp.client-ip=172.105.7.114 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=crustytoothpaste.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=crustytoothpaste.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (3072-bit key) header.d=crustytoothpaste.net header.i=@crustytoothpaste.net header.b="fZ26rRvL" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crustytoothpaste.net; s=default; t=1720053631; bh=B8m4f5yFWS/y869OG/dDnD5pF0tJnXz+lxQAnaC3FDU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Reply-To: Subject:Date:To:CC:Resent-Date:Resent-From:Resent-To:Resent-Cc: In-Reply-To:References:Content-Type:Content-Disposition; b=fZ26rRvLUIYjUxc2Qx56HblEXZ8zd9NXNHmtcpVBq9S9kPZ1Qr8azi6oGBd29zKSP GTCxlJX12KUqinRn1z6kzM1Dh//v3+qerbQudxKvkotdEhLo8EQe47oapjz+O4q23V E5fm6EUpzZeNSNrONIG3wIocc5Puan/lthskMBUUGQbiBUMcJ9J1HWbfuvokxz4F4f iCbvrB1aPNSpjHPlXNwzd9+ca0BxxmQOJBdDZZ7FahB1KYrSF4YL/NSH0qgSH+Dmyi vGfPekyUdCroKjmaKZ54WxmOJsYaO7/V1bMVaUJjnvMeROIIJiiQxQuSqDq6NI2bQo EfNPatVkHrD+r5haPZyoea9IbFOoy4MPrxPKuTItSFtfCjC3c2mMrPZg7Z+pnPZGas j7r5IBp3NaHPp1wNdf/90iQTWMV+eMwqrZQ0D51gdj+LKAfVgmqNAGK9O87pNR1LUw /t1UDA3O44zkzWjDC1ATVgKdTcs74vlXALcV1hihU7vwubKMLON Received: from tapette.crustytoothpaste.net (unknown [IPv6:2001:470:b056:101:e59a:3ed0:5f5c:31f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by complex.crustytoothpaste.net (Postfix) with ESMTPSA id C0C0920999; Thu, 4 Jul 2024 00:40:31 +0000 (UTC) From: "brian m. carlson" To: Cc: Junio C Hamano , Johannes Schindelin , Eric Sunshine , Derrick Stolee , Jeff King Subject: [PATCH v3 1/4] gitfaq: add documentation on proxies Date: Thu, 4 Jul 2024 00:38:15 +0000 Message-ID: <20240704003818.750223-2-sandals@crustytoothpaste.net> X-Mailer: git-send-email 2.45.2.753.g447d99e1c3b In-Reply-To: <20240704003818.750223-1-sandals@crustytoothpaste.net> References: <20240704003818.750223-1-sandals@crustytoothpaste.net> Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Many corporate environments and local systems have proxies in use. Note the situations in which proxies can be used and how to configure them. At the same time, note what standards a proxy must follow to work with Git. Explicitly call out certain classes that are known to routinely have problems reported various places online, including in the Git for Windows issue tracker and on Stack Overflow, and recommend against the use of such software, noting that they are associated with myriad security problems (including, for example, breaking sandboxing and image integrity[0], and, for TLS middleboxes, the use of insecure protocols and ciphers and lack of certificate verification[1]). Don't mention the specific nature of these security problems in the FAQ entry because they are extremely numerous and varied and we wish to keep the FAQ entry relatively brief. [0] https://issues.chromium.org/issues/40285192 [1] https://faculty.cc.gatech.edu/~mbailey/publications/ndss17_interception.pdf Signed-off-by: brian m. carlson --- Documentation/gitfaq.txt | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/Documentation/gitfaq.txt b/Documentation/gitfaq.txt index 8c1f2d5675..e4125b1178 100644 --- a/Documentation/gitfaq.txt +++ b/Documentation/gitfaq.txt @@ -241,6 +241,42 @@ How do I know if I want to do a fetch or a pull?:: ignore the upstream changes. A pull consists of a fetch followed immediately by either a merge or rebase. See linkgit:git-pull[1]. +[[proxy]] +Can I use a proxy with Git?:: + Yes, Git supports the use of proxies. Git honors the standard `http_proxy`, + `https_proxy`, and `no_proxy` environment variables commonly used on Unix, and + it also can be configured with `http.proxy` and similar options for HTTPS (see + linkgit:git-config[1]). The `http.proxy` and related options can be + customized on a per-URL pattern basis. In addition, Git can in theory + function normally with transparent proxies that exist on the network. ++ +For SSH, Git can support a proxy using OpenSSH's `ProxyCommand`. Commonly used +tools include `netcat` and `socat`. However, they must be configured not to +exit when seeing EOF on standard input, which usually means that `netcat` will +require `-q` and `socat` will require a timeout with something like `-t 10`. +This is required because the way the Git SSH server knows that no more requests +will be made is an EOF on standard input, but when that happens, the server may +not have yet processed the final request, so dropping the connection at that +point would interrupt that request. ++ +An example configuration entry in `~/.ssh/config` with an HTTP proxy might look +like this: ++ +---- +Host git.example.org + User git + ProxyCommand socat -t 10 - PROXY:proxy.example.org:%h:%p,proxyport=8080 +---- ++ +Note that in all cases, for Git to work properly, the proxy must be completely +transparent. The proxy cannot modify, tamper with, or buffer the connection in +any way, or Git will almost certainly fail to work. Note that many proxies, +including many TLS middleboxes, Windows antivirus and firewall programs other +than Windows Defender and Windows Firewall, and filtering proxies fail to meet +this standard, and as a result end up breaking Git. Because of the many +reports of problems and their poor security history, we recommend against the +use of these classes of software and devices. + Merging and Rebasing -------------------- From patchwork Thu Jul 4 00:38:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "brian m. carlson" X-Patchwork-Id: 13723091 Received: from complex.crustytoothpaste.net (complex.crustytoothpaste.net [172.105.7.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1CD333C0 for ; Thu, 4 Jul 2024 00:40:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=172.105.7.114 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720053634; cv=none; b=tWG7Mqpely8nLYXSWwBPF0u5d0i/LBNgRWrtKjM6VydIhdqae1vr7cMWWZoyJ3tO+nm7qZf2RJmEedij+TUzSTgFTp111UEuwnp0KES6SEzFJUIkXRmySFoey4pqJQUplj4vymMKYVdeMPucb+1rSYtY0En66ON0MMOmnD8CTrE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720053634; c=relaxed/simple; bh=FbHioWXJq+XqgbqH86sTYywMa7bfYsQ5H8vK1iwwxdg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BZzYs5Su/QeucqjMRZclWBuurxkjmIO89Ud16o9BPlse73AtVx+VB4eZBnHufZ2ZJ0aEhtK597letgwP2KU7AscO0EYU5efxalSym3qk86VIWI4mBJqhJO9AlJijswIlymnwvqMOuzeRRidWUaQSmwbP96s0Lo1tPULxOw1sWQM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=crustytoothpaste.net; spf=pass smtp.mailfrom=crustytoothpaste.net; dkim=pass (3072-bit key) header.d=crustytoothpaste.net header.i=@crustytoothpaste.net header.b=JGmEB17O; arc=none smtp.client-ip=172.105.7.114 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=crustytoothpaste.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=crustytoothpaste.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (3072-bit key) header.d=crustytoothpaste.net header.i=@crustytoothpaste.net header.b="JGmEB17O" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crustytoothpaste.net; s=default; t=1720053631; bh=FbHioWXJq+XqgbqH86sTYywMa7bfYsQ5H8vK1iwwxdg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Reply-To: Subject:Date:To:CC:Resent-Date:Resent-From:Resent-To:Resent-Cc: In-Reply-To:References:Content-Type:Content-Disposition; b=JGmEB17OpUwz/qi7zmzXmP+LJSMze/QQtYGFNAnAvFgIxj+cYa39kirVzH4ltLt/K E2mkY84eeqzaY3wl+TYpPDrHQYas//Z7C+4AWIRdFdTlcK/hyUwkQW1nuZATXSVXAo eX9qG6itIerlo1ukM26uubKh/xhBTavF7AV5qi9mmyYRfVwtiqdfFWtr5AVEUMSPCz CKJRTCKBvJvD+8z64hQAIu2wuGOqK3AHvn1uyn7THAhQrjpe8v+2EXcaLuy7EDRHhe 5ty9abP58L5Ln9DRwrEyCyLEWlytJ8uT9c4yy/KnRvV6Q6j5NH7hZp3a4hNvlA7b71 IlZYDK6+qIIG9Mxs3kw0wfffXDFdvjqmY8a4kEuEt4sW3iFRqcaD6/XQ/lbtrbD9Aa GNPkwVH1BqaY8B1K5qZ5dwKazsm6F7cZYDeRsFzaLMhTOwIzoxJlTKprEiiLACnhf6 d6fz6K6EXjNEfc3y5XHEaIiYzfnkOoOf0Re9IiJb/kGnMg5utz9 Received: from tapette.crustytoothpaste.net (unknown [IPv6:2001:470:b056:101:e59a:3ed0:5f5c:31f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by complex.crustytoothpaste.net (Postfix) with ESMTPSA id CF9132099A; Thu, 4 Jul 2024 00:40:31 +0000 (UTC) From: "brian m. carlson" To: Cc: Junio C Hamano , Johannes Schindelin , Eric Sunshine , Derrick Stolee , Jeff King Subject: [PATCH v3 2/4] gitfaq: give advice on using eol attribute in gitattributes Date: Thu, 4 Jul 2024 00:38:16 +0000 Message-ID: <20240704003818.750223-3-sandals@crustytoothpaste.net> X-Mailer: git-send-email 2.45.2.753.g447d99e1c3b In-Reply-To: <20240704003818.750223-1-sandals@crustytoothpaste.net> References: <20240704003818.750223-1-sandals@crustytoothpaste.net> Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In the FAQ, we tell people how to use the text attribute, but we fail to explain what to do with the eol attribute. As we ourselves have noticed, most shell implementations do not care for carriage returns, and as such, people will practically always want them to use LF endings. Similar things can be said for batch files on Windows, except with CRLF endings. Since these are common things to have in a repository, let's help users make a good decision by recommending that they use the gitattributes file to correctly check out the endings. In addition, let's correct the cross-reference to this question, which originally referred to "the following entry", even though a new entry has been inserted in between. The cross-reference notation should prevent this from occurring and provide a link in formats, such as HTML, which support that. Signed-off-by: brian m. carlson --- Documentation/gitfaq.txt | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/Documentation/gitfaq.txt b/Documentation/gitfaq.txt index e4125b1178..cdc5f5f4f8 100644 --- a/Documentation/gitfaq.txt +++ b/Documentation/gitfaq.txt @@ -393,8 +393,9 @@ I'm on Windows and git diff shows my files as having a `^M` at the end.:: + You can store the files in the repository with Unix line endings and convert them automatically to your platform's line endings. To do that, set the -configuration option `core.eol` to `native` and see the following entry for -information about how to configure files as text or binary. +configuration option `core.eol` to `native` and see +<> +for information about how to configure files as text or binary. + You can also control this behavior with the `core.whitespace` setting if you don't wish to remove the carriage returns from your line endings. @@ -456,14 +457,26 @@ references, URLs, and hashes stored in the repository. + We also recommend setting a linkgit:gitattributes[5] file to explicitly mark which files are text and which are binary. If you want Git to guess, you can -set the attribute `text=auto`. For example, the following might be appropriate -in some projects: +set the attribute `text=auto`. ++ +With text files, Git will generally ensure that LF endings are used in the +repository, and will honor `core.autocrlf` and `core.eol` to decide what options +to use when checking files out. You can also override this by specifying a +particular line ending such as `eol=lf` or `eol=crlf` if those files must always +have that ending in the working tree (e.g., for functionality reasons). ++ +For example, generally shell files must have LF endings and batch files must +have CRLF endings, so the following might be appropriate in some projects: + ---- # By default, guess. * text=auto # Mark all C files as text. *.c text +# Ensure all shell files have LF endings and all batch files have CRLF +# endings in the working tree and both have LF in the repo. +*.sh text eol=lf +*.bat text eol=crlf # Mark all JPEG files as binary. *.jpg binary ---- From patchwork Thu Jul 4 00:38:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "brian m. carlson" X-Patchwork-Id: 13723092 Received: from complex.crustytoothpaste.net (complex.crustytoothpaste.net [172.105.7.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD4084A39 for ; Thu, 4 Jul 2024 00:40:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=172.105.7.114 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720053634; cv=none; b=bV72aAF5jEzdfG+gWaQXZcULwbzM/dWlLRFnRW+RrejteFrnNbTWQrwBEBSqsnMNs7rJTaAgFxX2nu1Syl8qHqSGOpGQ+0uBR9ayJS9ao+qs8Wkg3uh8fv9qW1L4p9gpMtLiU5ImI0N5Mq2UqDIgpFt97zBdX0MBYiRYkbrgAdU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720053634; c=relaxed/simple; bh=XlOtHuNUm0f/7zoiDx9kbftESPlo7p4haRdi15IrNvA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=VCzd2hvDDpEwJLw0jIHytJRHRpxfjww74gLeAB4kdq1dFCinLkRzFLbXbPlYC+T7TtuFyiUyJ8okgmiNk1/0qLt7/tx+5NuCVhvjqLCQCkkuBHb6Xn/iwK8iQhXaY7TfX9loms5fTbyWX7S2fV3CtRZLpkDA8tY8koiv0wT1M7U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=crustytoothpaste.net; spf=pass smtp.mailfrom=crustytoothpaste.net; dkim=pass (3072-bit key) header.d=crustytoothpaste.net header.i=@crustytoothpaste.net header.b=uVxvEm+Q; arc=none smtp.client-ip=172.105.7.114 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=crustytoothpaste.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=crustytoothpaste.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (3072-bit key) header.d=crustytoothpaste.net header.i=@crustytoothpaste.net header.b="uVxvEm+Q" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crustytoothpaste.net; s=default; t=1720053631; bh=XlOtHuNUm0f/7zoiDx9kbftESPlo7p4haRdi15IrNvA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Reply-To: Subject:Date:To:CC:Resent-Date:Resent-From:Resent-To:Resent-Cc: In-Reply-To:References:Content-Type:Content-Disposition; b=uVxvEm+QnK7wF1qBLGu6NfPgr5c5LZRsdwug1brDe6kn8n5yXyC4lari6aUOa59v9 XEBcKdYLh3o+zl3ZZN/gVTRiC634Q4SYKGPCX2r+RbcY/1um1nDhQEw1TsO/mOMFWR CTP9uX6cS+GcxbmNXvtiFijpcfbqrIUKGOCwUhuRVZdqWGbDHZ8FeSbShdmYxBrmh9 wi2LpIWdqqdXbQJeOTItBa1lb+os3hGT3Y6KGy4rkSEt2Ga80+lNEx0Srk3ezv4611 yB7OAEhaGDbQGngWmFZD91svg3VVx2wqlMrTuOgHGHTogz+Dne+7hl3i+XKRCO2o0u 0W9krDuNazuO+guO1neScl+cIHT4mY4fNuQGWQK77JiMgpF+8NJ6JXS9wE1G1gjqBp UPzCUPS4Cl/v/qTQYPtsvJjK7j/aIk5c4zkHaIpY1BR75LCaJ5Su1jj229dEF1Dl8n HFuI1IXKr3JKzhQeeKfApQFUWWbtxZBb5crQxA1pEZgpZYVPzgm Received: from tapette.crustytoothpaste.net (unknown [IPv6:2001:470:b056:101:e59a:3ed0:5f5c:31f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by complex.crustytoothpaste.net (Postfix) with ESMTPSA id E189E2099B; Thu, 4 Jul 2024 00:40:31 +0000 (UTC) From: "brian m. carlson" To: Cc: Junio C Hamano , Johannes Schindelin , Eric Sunshine , Derrick Stolee , Jeff King Subject: [PATCH v3 3/4] gitfaq: add entry about syncing working trees Date: Thu, 4 Jul 2024 00:38:17 +0000 Message-ID: <20240704003818.750223-4-sandals@crustytoothpaste.net> X-Mailer: git-send-email 2.45.2.753.g447d99e1c3b In-Reply-To: <20240704003818.750223-1-sandals@crustytoothpaste.net> References: <20240704003818.750223-1-sandals@crustytoothpaste.net> Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Users very commonly want to sync their working tree with uncommitted changes across machines, often to carry across in-progress work or stashes. Despite this not being a recommended approach, users want to do it and are not dissuaded by suggestions not to, so let's recommend a sensible technique. The technique that many users are using is their preferred cloud syncing service, which is a bad idea. Users have reported problems where they end up with duplicate files that won't go away (with names like "file.c 2"), broken references, oddly named references that have date stamps appended to them, missing objects, and general corruption and data loss. That's because almost all of these tools sync file by file, which is a great technique if your project is a single word processing document or spreadsheet, but is utterly abysmal for Git repositories because they don't necessarily snapshot the entire repository correctly. They also tend to sync the files immediately instead of when the repository is quiescent, so writing multiple files, as occurs during a commit or a gc, can confuse the tools and lead to corruption. We know that the old standby, rsync, is up to the task, provided that the repository is quiescent, so let's suggest that and dissuade people from using cloud syncing tools. Let's tell people about common things they should be aware of before doing this and that this is still potentially risky. Additionally, let's tell people that Git's security model does not permit sharing working trees across users in case they planned to do that. While we'd still prefer users didn't try to do this, hopefully this will lead them in a safer direction. Signed-off-by: brian m. carlson --- Documentation/gitfaq.txt | 48 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/Documentation/gitfaq.txt b/Documentation/gitfaq.txt index cdc5f5f4f8..0e7f1c680d 100644 --- a/Documentation/gitfaq.txt +++ b/Documentation/gitfaq.txt @@ -83,8 +83,8 @@ Windows would be the configuration `"C:\Program Files\Vim\gvim.exe" --nofork`, which quotes the filename with spaces and specifies the `--nofork` option to avoid backgrounding the process. -Credentials ------------ +Credentials and Transfers +------------------------- [[http-credentials]] How do I specify my credentials when pushing over HTTP?:: @@ -185,6 +185,50 @@ Then, you can adjust your push URL to use `git@example_author` or `git@example_committer` instead of `git@example.org` (e.g., `git remote set-url git@example_author:org1/project1.git`). +[[sync-working-tree]] +How do I sync a working tree across systems?:: + First, decide whether you want to do this at all. Git works best when you + push or pull your work using the typical `git push` and `git fetch` commands + and isn't designed to share a working tree across systems. This is + potentially risky and in some cases can cause repository corruption or data + loss. ++ +Usually, doing so will cause `git status` to need to re-read every file in the +working tree. Additionally, Git's security model does not permit sharing a +working tree across untrusted users, so it is only safe to sync a working tree +if it will only be used by a single user across all machines. ++ +It is important not to use a cloud syncing service to sync any portion of a Git +repository, since this can cause corruption, such as missing objects, changed +or added files, broken refs, and a wide variety of other corruption. These +services tend to sync file by file on a continuous basis and don't understand +the structure of a Git repository. This is especially bad if they sync the +repository in the middle of it being updated, since that is very likely to +cause incomplete or partial updates and therefore data loss. ++ +Therefore, it's better to push your work to either the other system or a central +server using the normal push and pull mechanism. However, this doesn't always +preserve important data, like stashes, so some people prefer to share a working +tree across systems. ++ +If you do this, the recommended approach is to use `rsync -a --delete-after` +(ideally with an encrypted connection such as with `ssh`) on the root of +repository. You should ensure several things when you do this: ++ +* If you have additional worktrees or a separate Git directory, they must be + synced at the same time as the main working tree and repository. +* You are comfortable with the destination directory being an exact copy of the + source directory, _deleting any data that is already there_. +* The repository (including all worktrees and the Git directory) is in a + quiescent state for the duration of the transfer (that is, no operations of + any sort are taking place on it, including background operations like `git + gc` and operations invoked by your editor). ++ +Be aware that even with these recommendations, syncing in this way has some risk +since it bypasses Git's normal integrity checking for repositories, so having +backups is advised. You may also wish to do a `git fsck` to verify the +integrity of your data on the destination system after syncing. + Common Issues ------------- From patchwork Thu Jul 4 00:38:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "brian m. carlson" X-Patchwork-Id: 13723094 Received: from complex.crustytoothpaste.net (complex.crustytoothpaste.net [172.105.7.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD3CC4431 for ; Thu, 4 Jul 2024 00:40:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=172.105.7.114 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720053635; cv=none; b=sIbPZ2ZqGgAyxdrIqtKxsGOAREQvLfwDzxS5U4tHdo5hOQ2gWYDAT2yN/ux1RbsxEf/hO27D3dFQS6zJdPitt7xW1ewRU+A+PwVcWnegA7ZCBKpzSFz4+DW+Z7y+v7HnLO4PR8s5qMUS+cVvI6Rgj8t65IyDdpK8fORRwHOBWOw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720053635; c=relaxed/simple; bh=Ddpg71eDm99y1YtJE85ulYA4kSVEGfhXpF2+21TIyt8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OLi9ofcUTm542fB/VdmABE+qja8UOFP/pLKHq8KEF0W2Bvg11xQi/aZFTPrIlX7g54XUXDhpn5BUDC6bxUIoKSxW7tGkhflAOWUPxdXFZzwJJFt0abIVDgKK5qtDfb7T8mgsHAazdV+EuUeA/MQrBrocfDyo6Q0EaYQhd0MDRQ4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=crustytoothpaste.net; spf=pass smtp.mailfrom=crustytoothpaste.net; dkim=pass (3072-bit key) header.d=crustytoothpaste.net header.i=@crustytoothpaste.net header.b=t0VB2VZt; arc=none smtp.client-ip=172.105.7.114 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=crustytoothpaste.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=crustytoothpaste.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (3072-bit key) header.d=crustytoothpaste.net header.i=@crustytoothpaste.net header.b="t0VB2VZt" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=crustytoothpaste.net; s=default; t=1720053632; bh=Ddpg71eDm99y1YtJE85ulYA4kSVEGfhXpF2+21TIyt8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Reply-To: Subject:Date:To:CC:Resent-Date:Resent-From:Resent-To:Resent-Cc: In-Reply-To:References:Content-Type:Content-Disposition; b=t0VB2VZtxJXS8ZMGBLqFy2CqsFFJCTDnUYk9SOf9OWZKT/yky5FtsPQdHmyV4Uiwy vxoI6EFVN85qW5LaSkXdWF+t0C9jyzL7iTYzPrMm7FMjg84QPsJMW0zTJNf1/hQNrZ qKsdk4D2VMXdr6BPN0bVikJmrShpS8DkyyEy2sDWMwTbGWv30cVFybb6FM2i2B70FB N7DdkP/zkVXDGroj/F/IQggkDzaCELAJ1Ey2judlGNFmvutui6TyA4UbJcjFQmZB88 3r3qCQJFtJuQDIfW3VQbDPLExwYJ/YDnVeDWPNfyLfX3nnsvi7ebHcA+iXSaEDeXRf oKi9s79VZbmunavplaIkzaZrhk3ABM0NAbxWdnKqMfgCnFlIYeGvq4i73cbNxJcAuS 0OCDYm3PmMi/csmAHtozPvTdHVSPvCLfKNySXgdgVzL/6V7p1TYr0lwNBMWodPEFot 3/ufEiAT8hPOvKMIJuOXyBQBTrCsJpCra52F94nM4HpZ0/Bsh3e Received: from tapette.crustytoothpaste.net (unknown [IPv6:2001:470:b056:101:e59a:3ed0:5f5c:31f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by complex.crustytoothpaste.net (Postfix) with ESMTPSA id F04D52099C; Thu, 4 Jul 2024 00:40:31 +0000 (UTC) From: "brian m. carlson" To: Cc: Junio C Hamano , Johannes Schindelin , Eric Sunshine , Derrick Stolee , Jeff King Subject: [PATCH v3 4/4] doc: mention that proxies must be completely transparent Date: Thu, 4 Jul 2024 00:38:18 +0000 Message-ID: <20240704003818.750223-5-sandals@crustytoothpaste.net> X-Mailer: git-send-email 2.45.2.753.g447d99e1c3b In-Reply-To: <20240704003818.750223-1-sandals@crustytoothpaste.net> References: <20240704003818.750223-1-sandals@crustytoothpaste.net> Precedence: bulk X-Mailing-List: git@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We already document in the FAQ that proxies must be completely transparent and not modify the request or response in any way, but add similar documentation to the http.proxy entry. We know that while the FAQ is very useful, users sometimes are less likely to read in favor of the documentation specific to an option or command, so adding it in both places will help users be adequately informed. Signed-off-by: brian m. carlson --- Documentation/config/http.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Documentation/config/http.txt b/Documentation/config/http.txt index 2d4e0c9b86..a9c7480f6a 100644 --- a/Documentation/config/http.txt +++ b/Documentation/config/http.txt @@ -7,6 +7,11 @@ http.proxy:: linkgit:gitcredentials[7] for more information. The syntax thus is '[protocol://][user[:password]@]proxyhost[:port]'. This can be overridden on a per-remote basis; see remote..proxy ++ +Any proxy, however configured, must be completely transparent and must not +modify, transform, or buffer the request or response in any way. Proxies which +are not completely transparent are known to cause various forms of breakage +with Git. http.proxyAuthMethod:: Set the method with which to authenticate against the HTTP proxy. This