Server does not allow request for unadvertised object

Server does not allow request for unadvertised object

問題

在本身搭建的Gitlab中使用git fetch指定commit時，會出現權限問題

```shell

git fetch --depth=1 origin ada589e4a7f2003d0c31b8bec07df8d6745a9e3b

Server does not allow request for unadvertised object ada589e4a7f2003d0c31b8bec07df8d6745a9e3b

```

經過[官方文檔](https://git-scm.com/docs/git-...

- `uploadpack.allowTipSHA1InWant`

When uploadpack.hideRefs is in effect, allow upload-pack to accept a fetch request that asks for an object at the tip of a hidden ref (by default, such a request is rejected). See also uploadpack.hideRefs. Even if this is false, a client may be able to steal objects via the techniques described in the "SECURITY" section of the gitnamespaces[7] man page; it’s best to keep private data in a separate repository.

- `uploadpack.allowReachableSHA1InWant`

Allow upload-pack to accept a fetch request that asks for an object that is reachable from any ref tip. However, note that calculating object reachability is computationally expensive. Defaults to false. Even if this is false, a client may be able to steal objects via the techniques described in the "SECURITY" section of the gitnamespaces[7] man page; it’s best to keep private data in a separate repository.

- `uploadpack.allowAnySHA1InWant`

Allow upload-pack to accept a fetch request that asks for any object at all. Defaults to false.

Gitlab服務器端配置

GItlab Server 中的git config在`/opt/gitlab/embedded/etc/gitconfig`，能夠經過修改girlab.rb來實現配置化統一管理

```rb

omnibus_gitconfig['system'] = { "uploadpack" => ["allowAnySHA1InWant = true"] }

```

`注意:` /var/opt/gitlab/.gitconfig是用戶的config不是server的config,不要去錯路徑

gitlab重啓後去查看`/opt/gitlab/embedded/etc/gitconfig`，可見uploadpack配置已經生效

```config

[pack]

threads = 1

[receive]

fsckObjects = true

advertisePushOptions = true

[repack]

writeBitmaps = true

[transfer]

hideRefs=^refs/tmp/

hideRefs=^refs/keep-around/

hideRefs=^refs/remotes/

[core]

alternateRefsCommand="exit 0 #"

fsyncObjectFiles = true

[uploadpack]

allowAnySHA1InWant = true

```

實測

1. Gitlab 打開 `allowReachableSHA1InWant`後

```shell

~/cmc-rules ᐅ git fetch --depth=1 origin ada589e4a7f2003d0c31b8bec07df8d6745a9e3b

remote: Total 0 (delta 0), reused 0 (delta 0)

From sdpgit.xxxx.com:sdp/rules

* branch ada589e4a7f2003d0c31b8bec07df8d6745a9e3b -> FETCH_HEAD

```

1. Gitlab `allowAnySHA1InWant`後

```shell

~/cmc-rules ᐅ git fetch --depth=1 origin 8726a92df167b4600ac99940aa7c3f8e9aabd52b

remote: Enumerating objects: 7, done.

remote: Counting objects: 100% (7/7), done.

remote: Compressing objects: 100% (1/1), done.

remote: Total 3 (delta 1), reused 3 (delta 1)

Unpacking objects: 100% (3/3), done.

From sdpgit.xxxx.com:sdp/rules

* branch 8726a92df167b4600ac99940aa7c3f8e9aabd52b -> FETCH_HEAD

```

1. 根據[Stackoverflow](https://stackoverflow.com/que... `allowTipSHA1InWant`對github有用

無測試環境，歡迎補充