Mounting Git commits as folders with NFS

Posted by pvtmert 2 days ago

Mounting Git commits as folders with NFS(jvns.ca)

66 points | 36 comments

thewisenerd 3 hours ago|

> None of these are the most efficient way to do this (you can use git show and git log -S or maybe git grep to accomplish something similar), but personally I always forget the syntax and navigating a filesystem feels easier to me.

i feel like some of the old-school commands will benefit from long args, e.g., '--search'. at the time of writing, the current `git log` documentation[1]'s `-S' has _one_ instance of the word 'search'.

(un)related to the article, author went on to contribute documentation updates to git, which were much needed [2]

[1]: https://git-scm.com/docs/git-log#Documentation/git-log.txt--... [2]: https://jvns.ca/blog/2026/01/08/a-data-model-for-git/

js2 3 hours ago|

What, you didn't know to search for pickaxe!? :-)

Meanwhile, --grep searches the log message. Yeah, the git CLI is an ergonomic nightmare and I've been using it since the very beginning.

FWIW, I can't think of a single time I've wanted to use -S instead of -G.

chungy 3 hours ago||

Related: Fossil has a `fusefs` subcommand: https://fossil-scm.org/home/help/fusefs

The DIRECTORY/checkins/ directory doesn't list out anything by itself, but you can look things up by any of the supported checkin names (hash, tag, branch, date...): https://fossil-scm.org/home/doc/trunk/www/checkin_names.wiki

Someone 2 days ago||

FTA: “problem 1: webdav or NFS?

The two filesystems I could that were natively supported by Mac OS were WebDav and NFS. I couldn’t tell which would be easier to implement so I just tried both”

I might find out that it is incomplete, buggy or a nuisance to use, but FSKit (https://developer.apple.com/documentation/FSKit) would be my first choice.

blaz0 3 hours ago|

macOS actually has an excellent SMB client, so the options actually are: WebDAV, NFS (3.0 and 4.0), SMB, FSKit.

oefrha 3 hours ago|||

By excellent do you mean bearable? macOS’s SMB stack is certainly not excellent.

nine_k 2 hours ago|||

Won't the SMB implementation be sufficient to mount git commits as folders?

jstanley 28 minutes ago||

No, because SMB doesn't support execute permissions. So either all your files are executable or none of them are.

adi_kurian 3 hours ago|||

By bearable do you mean it exists? It's fucking shite.

donatj 2 hours ago||

Which is why I'm so angry they're killing AFP. It works so much better and is super easy to set up a server for on a Linux

js2 3 hours ago||||

AFAIK, SMB doesn't support symbolic links.

pvtmert 2 days ago||

Given the advent of LLMs and agentic coding, I believe this article needs re-visiting as it makes it much more discoverable to compare individual files across commits.

ramses0 2 hours ago||

This is my favorite cursed finding: https://github.com/zevweiss/booze

FUSE-bindings for "filesystems in bash", eg:

https://github.com/zevweiss/booze/blob/master/cowsayfs.sh#L5...

    cs_read()
    {
      if ! [[ "$1" =~ ^/($cowpat)/[^/]+$ ]]; then
        booze_err=-$EINVAL
        return 1
      elif [ "$3" != 0 ]; then
        return 0
      fi

      local msg="${1#/*/}"
      local cow="${1#/}"
      cow="${cow%%/*}"
      cowsay -f "$cow" "$msg"
    }

...I think that WebDAV is "the way" compared to FUSE, but I'm always intrigued by the idea of virtual filesystems as an implementation face.

ulrischa 3 hours ago||

Nice idea. But when taking commits as folders one should delete, add and remame files in the folder and that is not possible in a commit because it creates another commit. So I think this is nit the right mental model

wtallis 3 hours ago|

Files and folders can be read-only, a concept that has been around for about as long as the folders abstraction itself.

IshKebab 57 minutes ago||

> I fixed this by defining an inode(string) function which hashed a string to get the inode number, and using the tree ID / blob ID as the string to hash.

The tree/blob ID is already a hash though. You don't need to hash it again. Just use the first 8 bytes of the tree ID as the inode.

steveBK123 3 hours ago||

NFS.. stop right there

mmh0000 2 hours ago|

You're being downvoted, but, seriously... NFS is a joke for anything outside of an enterprise setup with a bunch of ancillary support services in place.

The fact that NFSv4 has no concept of true "Authentication" and just blindly accepts whatever the client sends is the craziest network application design ever:

  Client: Hi, NFS server, I'm Bob! UID=1000
  Server: Hi Bob! Here's access to all of Bob's files! I trust you and don't need a password or anything!
  Client: Thanks!!!

Some of you may nitpick and say, "well ackkkuallyy, NFS supports authentication through GSSAPI/krb."

And to you, I say, that's crazy! Setting up Kerberos just to authenticate users for access to my Linux ISOs is a crazy large requirement! Sure, it might make sense for an enterprise that already uses Kerberos + LDAP + NFS + certificate management, but for everyone else, that's a lot of infrastructure to set up and maintain for what should be BASIC functionality.

EDIT

ALSO!!! Why the fork does NFS run as a kernel module (nfsd)!? Shouldn't that be an external daemon!? Who the heck thought any of this was a good idea!?

  <sarcasm mode> 
    Dev1: Here's a great idea! Let's run an insecure network server in Kernel space! 
    Dev2: OMG! You're so smart! Let's also exclude any encryption!!!
 </>

//end rant of an old, bitter Linux sysadmin

chungy 2 hours ago|||

Funny part is, that NFSv4 supports SIDs for user authentication, but the Linux implementation leaves it out (among all the other ACL features) simply on the basis that Linux doesn't support them at all.

The FreeBSD, Solaris, Mac OS X, and Windows (yes, even Windows) implementations of NFSv4 are fully featured with this stuff.

feurio 35 minutes ago||||

> Setting up Kerberos just to authenticate users for access to my Linux ISOs is a crazy large requirement!

Export as read only?

projektfu 2 hours ago||||

Will this matter if it's running on localhost and only accessible to the users there? She's just using it as a stand-in for FUSE.

mmh0000 2 hours ago||

To be clear: I am not criticizing the use case in the article. It's a silly, fun, and creative hacking together of technology.

I am criticizing NFS as a whole, and specifically its Linux implementation.

nine_k 2 hours ago||||

Does this mean that I can connect to an NFS server saying my UID=0 and get local root?

mmh0000 2 hours ago||

Usually, no. NFS defaults to "root_squash," which silently changes UID=0 to the UID of the `nfsnobody` user.

However, in the /etc/exports file, you can (but shouldn't) add the share option "no_root_squash" which disables that.

So, root access is slightly protected. But all other users are wide open.

IshKebab 48 minutes ago||||

Even worse is the .nfs "silly renaming" nonsense. I was under the impression that NFSv4 fixed that but someone told me it doesn't.

steveBK123 2 hours ago||||

So many battle scars from NFS in production for me as well.

Wish the downvoters all the best in their future NFS endeavors.

skydhash 2 hours ago|||

> The fact that NFSv4 has no concept of true "Authentication" and just blindly accepts whatever the client sends is the craziest network application design ever

Doesn’t the secure option require ports only a root user can bind too? And you can always create secure tunnels if the physical network is insecure.

mmh0000 2 hours ago||

Sure, if you (the admin) have full control over the NFS server, the network, and the client devices, NFS can be secure with the help of Kerberos. But this isn't a simple thing. A Kerberos server needs to be set up, Kerberos clients need to be configured on the NFS server and client, tickets need to be issued, firewall ports need to be opened, and user accounts need to be centrally managed. That's all fine for an Enterprise.

Now, how about this common scenario: I want to run a file-sharing server on my network. I want a random "friend" to come over and grab a copy of a file, but I don't want them to see any other files on the NFS server.

So, the "friend" has root access on their device. They can just log in and lie to the NFS server, claim they're my UID, and see all my files that I didn't want them to access. Configuring KRB in that scenario is totally impractical.

skydhash 1 hour ago||

> Now, how about this common scenario: I want to run a file-sharing server on my network. I want a random "friend" to come over and grab a copy of a file, but I don't want them to see any other files on the NFS server.

How is that a common scenario? Why not give them your drive and the encryption key while you’re at it? It would be way faster.

The correct scenario would be to just copy the file and serve it with ftp or http on another interface.

mmh0000 50 minutes ago||

Ah, so you agree NFS is not fit for purpose (network file sharing), and I should use something else to share files over the network.

EDIT (the above is a bit more snark than I intended, let me add a little more):

NFS's direct (still widely used) competitor, SMB, natively supports:

  - Authentication
  - Transfer encryption
  - Authentication encryption
  - Has open implementations across platforms
  - Supports individual account management, and large enterprisey account management (LDAP/AD/etc)

With SMB, I can share out a directory on the network that allows visitors access, optionally authenticated with a simple username and password.

I can share out specific directories with easy control over who can access what. You know, basic network file sharing capabilities.

[[ And, don't take this as a love for SMB, it too has many issues and legacy junk ]]

LoganDark 2 hours ago||

I feel like mounting Jujutsu changes as folders would be more practical since they're stable across rebases?

deepspace 2 hours ago|

The dot-com era called. They want ClearCase back.

More comments...