GITNAMESPACES(7)          (08/17/2021)           GITNAMESPACES(7)

          gitnamespaces - Git namespaces

          GIT_NAMESPACE=<namespace> git upload-pack
          GIT_NAMESPACE=<namespace> git receive-pack

          Git supports dividing the refs of a single repository into
          multiple namespaces, each of which has its own branches,
          tags, and HEAD. Git can expose each namespace as an
          independent repository to pull from and push to, while
          sharing the object store, and exposing all the refs to
          operations such as git-gc(1).

          Storing multiple repositories as namespaces of a single
          repository avoids storing duplicate copies of the same
          objects, such as when storing multiple branches of the same
          source. The alternates mechanism provides similar support
          for avoiding duplicates, but alternates do not prevent
          duplication between new objects added to the repositories
          without ongoing maintenance, while namespaces do.

          To specify a namespace, set the GIT_NAMESPACE environment
          variable to the namespace. For each ref namespace, Git
          stores the corresponding refs in a directory under
          refs/namespaces/. For example, GIT_NAMESPACE=foo will store
          refs under refs/namespaces/foo/. You can also specify
          namespaces via the --namespace option to git(1).

          Note that namespaces which include a / will expand to a
          hierarchy of namespaces; for example, GIT_NAMESPACE=foo/bar
          will store refs under
          refs/namespaces/foo/refs/namespaces/bar/. This makes paths
          in GIT_NAMESPACE behave hierarchically, so that cloning with
          GIT_NAMESPACE=foo/bar produces the same result as cloning
          with GIT_NAMESPACE=foo and cloning from that repo with
          GIT_NAMESPACE=bar. It also avoids ambiguity with strange
          namespace paths such as foo/refs/heads/, which could
          otherwise generate directory/file conflicts within the refs

          git-upload-pack(1) and git-receive-pack(1) rewrite the names
          of refs as specified by GIT_NAMESPACE. git-upload-pack and
          git-receive-pack will ignore all references outside the
          specified namespace.

          The smart HTTP server, git-http-backend(1), will pass
          GIT_NAMESPACE through to the backend programs; see git-

     Page 1                     Git 2.33.0           (printed 5/22/22)

     GITNAMESPACES(7)          (08/17/2021)           GITNAMESPACES(7)

          http-backend(1) for sample configuration to expose
          repository namespaces as repositories.

          For a simple local test, you can use git-remote-ext(1):

              git clone ext::'git --namespace=foo %s /tmp/prefixed.git'

          The fetch and push protocols are not designed to prevent one
          side from stealing data from the other repository that was
          not intended to be shared. If you have private data that you
          need to protect from a malicious peer, your best option is
          to store it in another repository. This applies to both
          clients and servers. In particular, namespaces on a server
          are not effective for read access control; you should only
          grant read access to a namespace to clients that you would
          trust with read access to the entire repository.

          The known attack vectors are as follows:

           1. The victim sends "have" lines advertising the IDs of
              objects it has that are not explicitly intended to be
              shared but can be used to optimize the transfer if the
              peer also has them. The attacker chooses an object ID X
              to steal and sends a ref to X, but isncqt required to
              send the content of X because the victim already has it.
              Now the victim believes that the attacker has X, and it
              sends the content of X back to the attacker later. (This
              attack is most straightforward for a client to perform
              on a server, by creating a ref to X in the namespace the
              client has access to and then fetching it. The most
              likely way for a server to perform it on a client is to
              "merge" X into a public branch and hope that the user
              does additional work on this branch and pushes it back
              to the server without noticing the merge.)

           2. As in #1, the attacker chooses an object ID X to steal.
              The victim sends an object Y that the attacker already
              has, and the attacker falsely claims to have X and not
              Y, so the victim sends Y as a delta against X. The delta
              reveals regions of X that are similar to Y to the

          Part of the git(1) suite

     Page 2                     Git 2.33.0           (printed 5/22/22)