[aur-dev] [PATCH 1/2] git-update: Deny non-fast-forwards
Lukas Fleischer
lfleischer at archlinux.org
Thu Jun 11 15:59:07 UTC 2015
To make sure we never lose any history, non-fast-forwards are forbidden.
Instead of relying on receive.denyNonFastForwards, add a simple check to
the update hook. This has the added benefit of more flexibility.
Signed-off-by: Lukas Fleischer <lfleischer at archlinux.org>
---
INSTALL | 1 -
git-interface/git-update.py | 9 +++++++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/INSTALL b/INSTALL
index 50405df..a2a6153 100644
--- a/INSTALL
+++ b/INSTALL
@@ -29,7 +29,6 @@ Setup on Arch Linux
# cd /srv/http/aurweb/aur.git/
# git init --bare
# ln -s ../../git-interface/git-update.py hooks/update
- # git config --local receive.denyNonFastForwards true
# chown -R aur .
7) Install the git-auth wrapper script:
diff --git a/git-interface/git-update.py b/git-interface/git-update.py
index 7898f39..3f6cfc1 100755
--- a/git-interface/git-update.py
+++ b/git-interface/git-update.py
@@ -178,6 +178,15 @@ if refname != "refs/heads/master":
die("pushing to a branch other than master is restricted")
repo = pygit2.Repository(repo_path)
+
+# Detect and deny non-fast-forwards.
+if sha1_old != "0000000000000000000000000000000000000000":
+ walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL)
+ walker.hide(sha1_new)
+ if next(walker, None) != None:
+ die("denying non-fast-forward (you should pull first)")
+
+# Prepare the walker that validates new commits.
walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL)
if sha1_old != "0000000000000000000000000000000000000000":
walker.hide(sha1_old)
--
2.4.2
More information about the aur-dev
mailing list