external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

git-update: Deny non-fast-forwards

Browse source 
To make sure we never lose any history, non-fast-forwards are forbidden.
Instead of relying on receive.denyNonFastForwards, add a simple check to
the update hook. This has the added benefit of more flexibility.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Lukas Fleischer 2015-06-11 17:48:48 +02:00
parent e254a31544
commit a0f3060f23
2 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
INSTALL
View file

@ -29,7 +29,6 @@ Setup on Arch Linux
# cd /srv/http/aurweb/aur.git/ # cd /srv/http/aurweb/aur.git/
# git init --bare # git init --bare
# ln -s ../../git-interface/git-update.py hooks/update # ln -s ../../git-interface/git-update.py hooks/update
# git config --local receive.denyNonFastForwards true
# chown -R aur . # chown -R aur .
7) Install the git-auth wrapper script: 7) Install the git-auth wrapper script:

9
git-interface/git-update.py
View file

@ -178,6 +178,15 @@ if refname != "refs/heads/master":
die("pushing to a branch other than master is restricted") die("pushing to a branch other than master is restricted")
repo = pygit2.Repository(repo_path) repo = pygit2.Repository(repo_path)
# Detect and deny non-fast-forwards.
if sha1_old != "0000000000000000000000000000000000000000":
walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL)
walker.hide(sha1_new)
if next(walker, None) != None:
die("denying non-fast-forward (you should pull first)")
# Prepare the walker that validates new commits.
walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL) walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL)
if sha1_old != "0000000000000000000000000000000000000000": if sha1_old != "0000000000000000000000000000000000000000":
walker.hide(sha1_old) walker.hide(sha1_old)