gitnamespaces.txt

gitnamespaces(7)
================

NAME
----
gitnamespaces - Git namespaces

SYNOPSIS
--------
[verse]
GIT_NAMESPACE=<namespace> 'git upload-pack'
GIT_NAMESPACE=<namespace> 'git receive-pack'


DESCRIPTION
-----------

Git supports dividing the refs of a single repository into multiple
namespaces, each of which has its own branches, tags, and HEAD. Git can
expose each namespace as an independent repository to pull from and push
to, while sharing the object store, and exposing all the refs to
operations such as linkgit:git-gc[1].

Storing multiple repositories as namespaces of a single repository
avoids storing duplicate copies of the same objects, such as when
storing multiple branches of the same source. The alternates mechanism
provides similar support for avoiding duplicates, but alternates do not
prevent duplication between new objects added to the repositories
without ongoing maintenance, while namespaces do.

To specify a namespace, set the `GIT_NAMESPACE` environment variable to
the namespace. For each ref namespace, Git stores the corresponding
refs in a directory under `refs/namespaces/`. For example,
`GIT_NAMESPACE=foo` will store refs under `refs/namespaces/foo/`. You
can also specify namespaces via the `--namespace` option to
linkgit:git[1].

Note that namespaces which include a `/` will expand to a hierarchy of
namespaces; for example, `GIT_NAMESPACE=foo/bar` will store refs under
`refs/namespaces/foo/refs/namespaces/bar/`. This makes paths in
`GIT_NAMESPACE` behave hierarchically, so that cloning with
`GIT_NAMESPACE=foo/bar` produces the same result as cloning with
`GIT_NAMESPACE=foo` and cloning from that repo with `GIT_NAMESPACE=bar`. It
also avoids ambiguity with strange namespace paths such as `foo/refs/heads/`,
which could otherwise generate directory/file conflicts within the `refs`
directory.

linkgit:git-upload-pack[1] and linkgit:git-receive-pack[1] rewrite the
names of refs as specified by `GIT_NAMESPACE`. git-upload-pack and
git-receive-pack will ignore all references outside the specified
namespace.

The smart HTTP server, linkgit:git-http-backend[1], will pass
GIT_NAMESPACE through to the backend programs; see
linkgit:git-http-backend[1] for sample configuration to expose
repository namespaces as repositories.

For a simple local test, you can use linkgit:git-remote-ext[1]:

----------
git clone ext::'git --namespace=foo %s /tmp/prefixed.git'
----------

SECURITY
--------

Anyone with access to any namespace within a repository can potentially
access objects from any other namespace stored in the same repository.
You can't directly say "give me object ABCD" if you don't have a ref to
it, but you can do some other sneaky things like:

. Claiming to push ABCD, at which point the server will optimize out the
 need for you to actually send it. Now you have a ref to ABCD and can
 fetch it (claiming not to have it, of course).

. Requesting other refs, claiming that you have ABCD, at which point the
 server may generate deltas against ABCD.

None of this causes a problem if you only host public repositories, or
if everyone who may read one namespace may also read everything in every
other namespace (for instance, if everyone in an organization has read
permission to every repository).