diff options
authorJunio C Hamano <>2022-08-05 22:51:36 (GMT)
committerJunio C Hamano <>2022-08-05 22:51:37 (GMT)
commitef7b9ad032be2f0f06186083f3319c18bc002921 (patch)
parentd16978517c20911cbef6f98b78c6ec84ae1be57d (diff)
parentf5adaa5cc31006ad6a2a62d5be008e3453a365e4 (diff)
Merge branch 'ds/doc-wo-whitelist' into maint
Avoid "white/black-list" in documentation and code comments. source: <> * ds/doc-wo-whitelist: transport.c: avoid "whitelist" t: avoid "whitelist" git.txt: remove redundant language git-cvsserver: clarify directory list daemon: clarify directory arguments
11 files changed, 39 insertions, 40 deletions
diff --git a/Documentation/git-cvsserver.txt b/Documentation/git-cvsserver.txt
index 4dc57ed..53f111b 100644
--- a/Documentation/git-cvsserver.txt
+++ b/Documentation/git-cvsserver.txt
@@ -63,11 +63,10 @@ Print version information and exit
Print usage information and exit
-You can specify a list of allowed directories. If no directories
-are given, all are allowed. This is an additional restriction, gitcvs
-access still needs to be enabled by the `gitcvs.enabled` config option
-unless `--export-all` was given, too.
+The remaining arguments provide a list of directories. If no directories
+are given, then all are allowed. Repositories within these directories
+still require the `gitcvs.enabled` config option, unless `--export-all`
+is specified.
@@ -311,11 +310,13 @@ ENVIRONMENT
These variables obviate the need for command-line options in some
circumstances, allowing easier restricted usage through git-shell.
-GIT_CVSSERVER_BASE_PATH takes the place of the argument to --base-path.
+ This variable replaces the argument to --base-path.
-GIT_CVSSERVER_ROOT specifies a single-directory whitelist. The
-repository must still be configured to allow access through
-git-cvsserver, as described above.
+ This variable specifies a single directory, replacing the
+ `<directory>...` argument list. The repository still requires the
+ `gitcvs.enabled` config option, unless `--export-all` is specified.
When these environment variables are set, the corresponding
command-line arguments may not be used.
diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt
index fdc28c0..236df51 100644
--- a/Documentation/git-daemon.txt
+++ b/Documentation/git-daemon.txt
@@ -32,8 +32,8 @@ that service if it is enabled.
It verifies that the directory has the magic file "git-daemon-export-ok", and
it will refuse to export any Git directory that hasn't explicitly been marked
for export this way (unless the `--export-all` parameter is specified). If you
-pass some directory paths as 'git daemon' arguments, you can further restrict
-the offers to a whitelist comprising of those.
+pass some directory paths as 'git daemon' arguments, the offers are limited to
+repositories within those directories.
By default, only `upload-pack` service is enabled, which serves
'git fetch-pack' and 'git ls-remote' clients, which are invoked
@@ -50,7 +50,7 @@ OPTIONS
Match paths exactly (i.e. don't allow "/foo/repo" when the real path is
"/foo/repo.git" or "/foo/repo/.git") and don't do user-relative paths.
'git daemon' will refuse to start when this option is enabled and no
- whitelist is specified.
+ directory arguments are provided.
Remap all the path requests as relative to the given path.
@@ -73,7 +73,7 @@ OPTIONS
%IP for the server's IP address, %P for the port number,
and %D for the absolute path of the named repository.
After interpolation, the path is validated against the directory
- whitelist.
+ list.
Allow pulling from all directories that look like Git repositories
@@ -218,9 +218,11 @@ standard output to be sent to the requestor as an error message when
it declines the service.
- A directory to add to the whitelist of allowed directories. Unless
- --strict-paths is specified this will also include subdirectories
- of each named directory.
+ The remaining arguments provide a list of directories. If any
+ directories are specified, then the `git-daemon` process will
+ serve a requested directory only if it is contained in one of
+ these directories. If `--strict-paths` is specified, then the
+ requested directory must match one of these directories exactly.
@@ -264,9 +266,8 @@ git 9418/tcp # Git Version Control System
'git daemon' as inetd server::
To set up 'git daemon' as an inetd service that handles any
- repository under the whitelisted set of directories, /pub/foo
- and /pub/bar, place an entry like the following into
- /etc/inetd all on one line:
+ repository within `/pub/foo` or `/pub/bar`, place an entry like
+ the following into `/etc/inetd` all on one line:
git stream tcp nowait nobody /usr/bin/git
diff --git a/Documentation/git.txt b/Documentation/git.txt
index 302607a..47a6095 100644
--- a/Documentation/git.txt
+++ b/Documentation/git.txt
@@ -885,9 +885,7 @@ for full details.
If set to a colon-separated list of protocols, behave as if
`protocol.allow` is set to `never`, and each of the listed
protocols has `protocol.<name>.allow` set to `always`
- (overriding any existing configuration). In other words, any
- protocol not mentioned will be disallowed (i.e., this is a
- whitelist, not a blacklist). See the description of
+ (overriding any existing configuration). See the description of
`protocol.allow` in linkgit:git-config[1] for more details.
diff --git a/daemon.c b/daemon.c
index 58f1077..0ae7d12 100644
--- a/daemon.c
+++ b/daemon.c
@@ -279,7 +279,7 @@ static const char *path_ok(const char *directory, struct hostinfo *hi)
/* The validation is done on the paths after enter_repo
* appends optional {.git,.git/.git} and friends, but
* it does not use getcwd(). So if your /pub is
- * a symlink to /mnt/pub, you can whitelist /pub and
+ * a symlink to /mnt/pub, you can include /pub and
* do not have to say /mnt/pub.
* Do not say /pub/.
@@ -298,7 +298,7 @@ static const char *path_ok(const char *directory, struct hostinfo *hi)
return path;
- logerror("'%s': not in whitelist", path);
+ logerror("'%s': not in directory list", path);
return NULL; /* Fallthrough. Deny by default */
@@ -403,7 +403,7 @@ static int run_service(const char *dir, struct daemon_service *service,
* a "git-daemon-export-ok" flag that says that the other side
* is ok with us doing this.
- * path_ok() uses enter_repo() and does whitelist checking.
+ * path_ok() uses enter_repo() and checks for included directories.
* We only need to make sure the repository is exported.
@@ -1444,7 +1444,7 @@ int cmd_main(int argc, const char **argv)
cred = prepare_credentials(user_name, group_name);
if (strict_paths && (!ok_paths || !*ok_paths))
- die("option --strict-paths requires a whitelist");
+ die("option --strict-paths requires '<directory>' arguments");
if (base_path && !is_directory(base_path))
die("base-path '%s' does not exist or is not a directory",
diff --git a/git-cvsserver.perl b/git-cvsserver.perl
index 4c81180..7b75736 100755
--- a/git-cvsserver.perl
+++ b/git-cvsserver.perl
@@ -152,7 +152,7 @@ $state->{allowed_roots} = [ @ARGV ];
# don't export the whole system unless the users requests it
if ($state->{'export-all'} && !@{$state->{allowed_roots}}) {
- die "--export-all can only be used together with an explicit whitelist\n";
+ die "--export-all can only be used together with an explicit '<directory>...' list\n";
# Environment handling for running under git-shell
diff --git a/t/ b/t/
index 83babe5..890622b 100644
--- a/t/
+++ b/t/
@@ -1,7 +1,7 @@
# Test routines for checking protocol disabling.
-# Test clone/fetch/push with GIT_ALLOW_PROTOCOL whitelist
-test_whitelist () {
+# Test clone/fetch/push with GIT_ALLOW_PROTOCOL environment variable
+test_allow_var () {
@@ -183,7 +183,7 @@ test_config () {
# $2 - machine-readable name of the protocol
# $3 - the URL to try cloning
test_proto () {
- test_whitelist "$@"
+ test_allow_var "$@"
test_config "$@"
diff --git a/t/ b/t/
index af8772f..d8da5f5 100755
--- a/t/
+++ b/t/
@@ -16,7 +16,7 @@ test_expect_success 'create git-accessible repo' '
test_proto "smart http" http "$HTTPD_URL/smart/repo.git"
-test_expect_success 'curl redirects respect whitelist' '
+test_expect_success 'http(s) transport respects GIT_ALLOW_PROTOCOL' '
test_must_fail env GIT_ALLOW_PROTOCOL=http:https \
git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr &&
diff --git a/t/ b/t/
index 06f55a1..4d5956c 100755
--- a/t/
+++ b/t/
@@ -1,6 +1,6 @@
-test_description='test protocol whitelisting with submodules'
+test_description='test protocol filtering with submodules'
. ./
@@ -36,7 +36,7 @@ test_expect_success 'update of ext not allowed' '
test_must_fail git -C dst submodule update ext-module
-test_expect_success 'user can override whitelist' '
+test_expect_success 'user can filter protocols with GIT_ALLOW_PROTOCOL' '
GIT_ALLOW_PROTOCOL=ext git -C dst submodule update ext-module
diff --git a/t/ b/t/
index 210ddf0..379b19f 100755
--- a/t/
+++ b/t/
@@ -221,7 +221,7 @@ test_expect_success 'req_Root (export-all)' \
'cat request-anonymous | git-cvsserver --export-all pserver "$WORKDIR" >log 2>&1 &&
sed -ne \$p log | grep "^I LOVE YOU\$"'
-test_expect_success 'req_Root failure (export-all w/o whitelist)' \
+test_expect_success 'req_Root failure (export-all w/o directory list)' \
'! (cat request-anonymous | git-cvsserver --export-all pserver >log 2>&1 || false)'
test_expect_success 'req_Root (everything together)' \
diff --git a/t/ b/t/
index 6da7273..8c44856 100644
--- a/t/
+++ b/t/
@@ -651,8 +651,7 @@ test_set_prereq () {
# test_unset_prereq()
- # (Temporary?) whitelist of things we can't easily
- # pretend not to support
+ # List of things we can't easily pretend to not support
# Inspecting whether GIT_TEST_FAIL_PREREQS is on
diff --git a/transport.c b/transport.c
index 52db7a3..b51e991 100644
--- a/transport.c
+++ b/transport.c
@@ -940,7 +940,7 @@ static int external_specification_len(const char *url)
return strchr(url, ':') - url;
-static const struct string_list *protocol_whitelist(void)
+static const struct string_list *protocol_allow_list(void)
static int enabled = -1;
static struct string_list allowed = STRING_LIST_INIT_DUP;
@@ -1020,9 +1020,9 @@ static enum protocol_allow_config get_protocol_config(const char *type)
int is_transport_allowed(const char *type, int from_user)
- const struct string_list *whitelist = protocol_whitelist();
- if (whitelist)
- return string_list_has_string(whitelist, type);
+ const struct string_list *allow_list = protocol_allow_list();
+ if (allow_list)
+ return string_list_has_string(allow_list, type);
switch (get_protocol_config(type)) {