I have a central repository at server
and local repos at local
. In the server
repo there is a branch live
, that pulls from master
sometimes, adds some modifications and is then used to update a service.
The live
branch of server
is of no interest for the users in their local
repositories. They should not see it nor be able to fetch it / push to it, in short, interact with it in any way.
Is there any way in Git to allow such a behaviour: Prevent a branch of server
from being listed in the local
repositories?
local$ git remote add server example.com
local$ git fetch server
local$ git branch --remotes
server/foo
server/live # <-- don't show this branch
server/master
A solution on server
would be preferred. But as of now, since there is no untrusted committer at the moment, solutions just hiding the live
branch via config in local
repos would work, too.
Edit: as of git 1.8.2, git supports transfer.hiderefs
(spelled transfer.hideRefs
in the git config documentation). It was somewhat buggy until git 2.3.5 / 2.4.0 (as in, avoid it if you allow smart-http transfer, until you have 2.3.5 or 2.4.0 installed on the server).
To hide server/live:
git config --add transfer.hiderefs refs/heads/server/live
This is not perfect hiding: it exposes the existence of the name to push probes (as does receive.hiderefs
). See also uploadpack.allowTipSHA1InWant
.
No: the standard git remote protocols allow incoming querents to see all references. (You could fake it by removing the reference while serving clients, then re-inserting it, but you'd have to avoid any garbage collections from running if that is the only reference to the commit in question, and of course the reference would be unavailable to your own code at that time as well. It would be simpler to just clone the repo, and then remove the ref and serve from the "de-live-d" clone. Equivalently, but even simpler and probably faster, use a different repo to hold the "live" branch in the first place—that repo can fetch from the shared one as usual, but have its own private "live" branch.)
You can prevent someone or anyone from updating any references you like, through the usual pre-receive and update hooks. But any reference you have, someone else can see.