diff options
| author | Mathieu Bridon <bochecha@fedoraproject.org> | 2014-09-18 16:54:39 +0200 |
|---|---|---|
| committer | Pierre-Yves Chibon <pingou@pingoured.fr> | 2014-10-27 10:48:12 +0100 |
| commit | 7ab3ff28179a07037fef4207b7b5446c45a8479c (patch) | |
| tree | c814662f24fc4248f69d59f9fbb608fc5a298925 | |
| parent | 57e3254f1aea3638f9ceb9dd5f25ca58fa3843dd (diff) | |
| download | ansible-7ab3ff28179a07037fef4207b7b5446c45a8479c.tar.gz ansible-7ab3ff28179a07037fef4207b7b5446c45a8479c.tar.xz ansible-7ab3ff28179a07037fef4207b7b5446c45a8479c.zip | |
distgit: Block push of branches named 'origin/*'
We already use the update hook for gitolite.
This introduces a new update hook, which merely chains the gitolite one,
and a new one to block pushes to badly named branches.
The new hook was written originally by Till Maas.
https://fedorahosted.org/rel-eng/ticket/4071
| -rw-r--r-- | roles/distgit/files/setup_git_package | 12 | ||||
| -rw-r--r-- | roles/git/hooks/files/update-block-push-origin | 10 | ||||
| -rw-r--r-- | roles/git/hooks/files/update-chained | 12 | ||||
| -rw-r--r-- | roles/git/hooks/tasks/main.yml | 2 |
4 files changed, 34 insertions, 2 deletions
diff --git a/roles/distgit/files/setup_git_package b/roles/distgit/files/setup_git_package index 73f5d28bc..d474ffb05 100644 --- a/roles/distgit/files/setup_git_package +++ b/roles/distgit/files/setup_git_package @@ -108,9 +108,17 @@ git commit -q -m 'Initial setup of the repo' --author "$AUTHOR" git push -q origin master popd >/dev/null -# Put our special update hooks in place -ln -s /usr/share/gitolite/hooks/common/update $GITROOT/$PACKAGE.git/hooks/ +# Setup our update hooks +mkdir -p $GITROOT/$PACKAGE.git/hooks/update-chained.d +ln -s /usr/share/gitolite/hooks/common/update \ + $GITROOT/$PACKAGE.git/hooks/update-chained.d/update-gitolite +ln -s /usr/share/git-core/update-block-push-origin \ + $GITROOT/$PACKAGE.git/hooks/update-chained.d/update-block-push-origin +# This one kicks off all the others in update-chained.d +ln -s /usr/share/git-core/update-chained $GITROOT/$PACKAGE.git/hooks/update + +# Setup our post-receive hooks mkdir -p $GITROOT/$PACKAGE.git/hooks/post-receive-chained.d ln -s /usr/share/git-core/mail-hooks/gnome-post-receive-email \ $GITROOT/$PACKAGE.git/hooks/post-receive-chained.d/post-receive-email diff --git a/roles/git/hooks/files/update-block-push-origin b/roles/git/hooks/files/update-block-push-origin new file mode 100644 index 000000000..17380e313 --- /dev/null +++ b/roles/git/hooks/files/update-block-push-origin @@ -0,0 +1,10 @@ +#!/bin/sh +# +# Block pushes to branches if their name starts with `origin/` +# https://fedorahosted.org/rel-eng/ticket/4071 + +refname="${1}" +sha1_old="${2}" +sha1_new="${3}" + +echo "${refname}" | grep -qE '^refs/heads/origin/' && exit 1 || exit 0 diff --git a/roles/git/hooks/files/update-chained b/roles/git/hooks/files/update-chained new file mode 100644 index 000000000..6062f4bf9 --- /dev/null +++ b/roles/git/hooks/files/update-chained @@ -0,0 +1,12 @@ +#!/bin/bash + + +refname="${1}" +sha1_old="${2}" +sha1_new="${3}" + + +$GIT_DIR/hooks/update-chained.d/update-gitolite "$refname" "$sha1_old" "$sha1_new" || exit 1 +$GIT_DIR/hooks/update-chained.d/update-block-push-origin "$refname" "$sha1_old" "$sha1_new" || exit 1 + +exit 0 diff --git a/roles/git/hooks/tasks/main.yml b/roles/git/hooks/tasks/main.yml index af15eff6b..9d6c34aed 100644 --- a/roles/git/hooks/tasks/main.yml +++ b/roles/git/hooks/tasks/main.yml @@ -13,6 +13,8 @@ with_items: - post-receive-fedmsg - post-receive-chained + - update-block-push-origin + - update-chained - name: install the git mail hooks copy: src={{item}} dest=/usr/share/git-core/mail-hooks mode=0755 |