diff options
author | Lukas Fleischer <lfleischer@archlinux.org> | 2015-06-11 17:48:48 +0200 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2015-06-11 17:56:26 +0200 |
commit | a0f3060f234418993aaeee0962cfdbd25f37b940 (patch) | |
tree | 9ec240c441cb1b108be5966282480d87179f832d | |
parent | e254a3154463b5705367c925c4edb5a094506e45 (diff) | |
download | aur-a0f3060f234418993aaeee0962cfdbd25f37b940.tar.gz aur-a0f3060f234418993aaeee0962cfdbd25f37b940.tar.xz |
git-update: Deny non-fast-forwards
To make sure we never lose any history, non-fast-forwards are forbidden.
Instead of relying on receive.denyNonFastForwards, add a simple check to
the update hook. This has the added benefit of more flexibility.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r-- | INSTALL | 1 | ||||
-rwxr-xr-x | git-interface/git-update.py | 9 |
2 files changed, 9 insertions, 1 deletions
@@ -29,7 +29,6 @@ Setup on Arch Linux # cd /srv/http/aurweb/aur.git/ # git init --bare # ln -s ../../git-interface/git-update.py hooks/update - # git config --local receive.denyNonFastForwards true # chown -R aur . 7) Install the git-auth wrapper script: diff --git a/git-interface/git-update.py b/git-interface/git-update.py index 7898f39d..3f6cfc1a 100755 --- a/git-interface/git-update.py +++ b/git-interface/git-update.py @@ -178,6 +178,15 @@ if refname != "refs/heads/master": die("pushing to a branch other than master is restricted") repo = pygit2.Repository(repo_path) + +# Detect and deny non-fast-forwards. +if sha1_old != "0000000000000000000000000000000000000000": + walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL) + walker.hide(sha1_new) + if next(walker, None) != None: + die("denying non-fast-forward (you should pull first)") + +# Prepare the walker that validates new commits. walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL) if sha1_old != "0000000000000000000000000000000000000000": walker.hide(sha1_old) |