Since git doesn't provide a receive.denyBranchCreation or similar, here is an example of how to be sure users cannot create branches remotely by pushing a new reference. This setup has been proven useful to prevent creation of spurious branches because of users having their remote.origin.push set to HEAD, when they use `git push` while being on a local topic branch of theirs instead of the proper one. Signed-off-by: Pierre Habouzit <madcoder@xxxxxxxxxx> --- templates/hooks--update.sample | 11 ++++++++++- 1 files changed, 10 insertions(+), 1 deletions(-) diff --git a/templates/hooks--update.sample b/templates/hooks--update.sample index a3f68ae..62b9cfe 100755 --- a/templates/hooks--update.sample +++ b/templates/hooks--update.sample @@ -16,6 +16,9 @@ # hooks.allowdeletebranch # This boolean sets whether deleting branches will be allowed in the # repository. By default they won't be. +# hooks.denycreatebranch +# This boolean sets wether remotely creating branches will be denied +# in the repository. By default this is allowed. # # --- Command line @@ -39,6 +42,7 @@ fi # --- Config allowunannotated=$(git config --bool hooks.allowunannotated) allowdeletebranch=$(git config --bool hooks.allowdeletebranch) +denycreatebranch=$(git config --bool hooks.denycreatebranch) allowdeletetag=$(git config --bool hooks.allowdeletetag) # check for no description @@ -52,7 +56,8 @@ esac # --- Check types # if $newrev is 0000...0000, it's a commit to delete a ref. -if [ "$newrev" = "0000000000000000000000000000000000000000" ]; then +zero="0000000000000000000000000000000000000000" +if [ "$newrev" = "$zero" ]; then newrev_type=delete else newrev_type=$(git-cat-file -t $newrev) @@ -80,6 +85,10 @@ case "$refname","$newrev_type" in ;; refs/heads/*,commit) # branch + if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then + echo "*** Creating a branch is not allowed in this repository" >&2 + exit 1 + fi ;; refs/heads/*,delete) # delete branch -- 1.6.3.rc0.201.gadb14 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html