I want to make release notes by using git notes, but I am not sure if other people change my git notes by using the same ref.
BTW, chmod 444 .git/refs/notes/abc_test & .git/logs/refs/notes/abc_test does not work.
Asked
Active
Viewed 158 times
4
Guildenstern
- 2,179
- 1
- 17
- 39
Flyakite
- 109
- 8
3 Answers
4
I don't think you really can protect published git notes.
What you can do is put them in an explicit namespace, as mentioned in here:
I think for "typical usage" one stores others' notes in a different place anyways, e.g. I store Thomas' list-notes in refs/remotes/trast/notes/ so that they don't interfer with my own notes.
If in the same namespace, then they can be merged:
git checkout refs/notes/commits
git fetch origin refs/notes/commits
git merge FETCH_HEAD
git update-ref refs/notes/commits HEAD
git checkout master
But that would change their content.
-
Note: this script (http://codereview.stackexchange.com/questions/15380/am-i-making-any-beginner-errors-in-the-bash-script-for-adding-trusted-timestamps) add some kind on verification on a `git notes` specific content, and acts as a wrapper to manipulate `git notes`. – VonC Nov 01 '12 at 09:43
-
Thank you for the quick response. I can use git to make some repository read-only, why cannot make some of the git notes read-only...If the published git notes cannot be protected, is would be unsafe... – Flyakite Nov 01 '12 at 09:43
-
@Flyakite because once you have fetched those notes in your local repo, they are yours to modify and push back. If your remote repo has Gitoliote V3 though, then you could reject notes coming from anyone else than you with VREFS. See http://stackoverflow.com/a/10888358/6309 – VonC Nov 01 '12 at 09:45
-
@Flyakite the read-only you are speaking of is on the repo level (all repo read-only). We are talking about specific part of a git repo, and git doesn't block natively a part of a repo: if you can push to a repo, you can push anything. – VonC Nov 01 '12 at 09:46
1
This Git man page details how to remove sensitive data and it states that you can
add [the file] to the .gitignore to ensure it is not accidentally re-committed
I do not think that it is possible to have a file versioned, but not visible to others, due to the distributed model Git uses. Setting the file to read only will not have the desired effect once the file is copied to another user's repository.
Does that answer your question?
titusn
- 1,201
- 1
- 12
- 43
-
for a specific namespace of git notes, let's say xxx, which path should I add to .gitignore? Below does not work $ cat .gitignore /.git/refs/notes/xxx /.git/logs/refs/notes/xxx – Flyakite Nov 02 '12 at 01:56
-
Have you tried leaving out the starting slash (/)? That points to the root of your file system after all and according to the [gitignore man page](http://git-scm.com/docs/gitignore) the filenames in a particular .gitignore file are relative to the location of that file. So as far as I understand you could also put a .gitignore in the directory that contains the notes. If you want to add an entire directory, let the pattern end with / do in your example you could punt a .gitignore file in the notes dir that contains "**xxx/**" (without the quotes). – titusn Nov 02 '12 at 08:41
-
sorry for the typo, `.git/refs/notes/xxx` it should be like this. .gitignore will ignore the files when `git add something`. while git notes do not need to commit it by hand, run git push origin refs/notes/xxx would make it. As a result, .gitignore might not help on this. – Flyakite Nov 05 '12 at 02:15
1
In the same way you protect your own repository: don’t let anyone else push to it.
But since you are asking this then it might be the case that you are already in a shared repository. And while you can probably selectively “protect” certain branches, you can (probably) not do the same for specific refs like notes.
Then the only thing you can do is to make another (remote) repository somewhere else and push the notes thataway. Then tell people that the release notes are in another repository.
Guildenstern
- 2,179
- 1
- 17
- 39