Does ostree support remote repo or ref access control? #3373
-
|
I am currently exploring the capabilities of OSTree for managing a remote repository with multiple branches. My specific use case involves allowing different users or groups to access only certain branches within this repository. For instance, user A should have access to branch "main," while user B should be able to access branches "test" and "production." |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
OSTree just fetches content over HTTP; the client is not "smart". You can e.g. set up a webserver which requires a cookie or certificates to access say (And if a client knows out of band the commit object it may also know the digest for its content, which pushes the problem to gating on dirtree objects etc) |
Beta Was this translation helpful? Give feedback.
OSTree just fetches content over HTTP; the client is not "smart". You can e.g. set up a webserver which requires a cookie or certificates to access say
refs/heads/<branchname>- however, note that because ostree also strongly encourages deduplication via its object-based model, if a client happens to know the sha digest of a commit pointed to by a ref, it can still be fetched unless you gate access to the commits as well, which can be harder to do.(And if a client knows out of band the commit object it may also know the digest for its content, which pushes the problem to gating on dirtree objects etc)