[PATCH] contrib: Add update-http-moderated hook

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Vitaly _Vi Shukela <public_vi@xxxxxx>

If the user of http-backend is "mod", allow everything.
Else prevent editing history or deleting refs.
Can be used to set up "anarchic" repositories with anonymous push access,
but also with moderator account that can do "push --force" and "push --delete".

Signed-off-by: Vitaly _Vi Shukela <public_vi@xxxxxx>
---
 contrib/hooks/update-http-moderated |  121 +++++++++++++++++++++++++++++++++++
 1 files changed, 121 insertions(+), 0 deletions(-)
 create mode 100755 contrib/hooks/update-http-moderated

diff --git a/contrib/hooks/update-http-moderated b/contrib/hooks/update-http-moderated
new file mode 100755
index 0000000..cff4fd7
--- /dev/null
+++ b/contrib/hooks/update-http-moderated
@@ -0,0 +1,121 @@
+#!/bin/sh
+#
+# If the user of http-backend is "mod", allow everything. Else prevent editing history or deleting refs.
+# 
+# Apache configuration example:
+#
+#       SetEnv GIT_PROJECT_ROOT /var/www/git
+#       ScriptAlias /git/ /usr/local/libexec/git-core/git-http-backend/
+#       ScriptAlias /gitmod/ /usr/local/libexec/git-core/git-http-backend/
+#       
+#       
+#       <Location /gitmod/>
+#           AuthName "Git forced push access"
+#           AuthType Basic
+#           AuthUserFile /var/www/git/.htpasswd
+#           AuthGroupFile /dev/null
+#           Require User mod
+#       </Location>
+#
+# Can be used to set up "anarchic" repositories with anonymous push access,
+# but also with moderator account that has "push --force" and "push --delete" permissions.
+#
+# Based on update.sample.
+
+if [ "$REMOTE_USER" == "mod" ]; then exit 0; fi
+
+# --- Command line
+refname="$1"
+oldrev="$2"
+newrev="$3"
+
+# --- Safety check
+if [ -z "$GIT_DIR" ]; then
+	echo "Don't run this script from the command line." >&2
+	echo " (if you want, you could supply GIT_DIR then run" >&2
+	echo "  $0 <ref> <oldrev> <newrev>)" >&2
+	exit 1
+fi
+
+if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
+	echo "Usage: $0 <ref> <oldrev> <newrev>" >&2
+	exit 1
+fi
+
+# check for no description
+projectdesc=$(sed -e '1q' "$GIT_DIR/description")
+case "$projectdesc" in
+"Unnamed repository"* | "")
+	echo "*** Project description file hasn't been set" >&2
+	exit 1
+	;;
+esac
+
+# --- Check types
+# if $newrev is 0000...0000, it's a commit to delete a ref.
+zero="0000000000000000000000000000000000000000"
+if [ "$newrev" = "$zero" ]; then
+	newrev_type=delete
+else
+	newrev_type=$(git-cat-file -t $newrev)
+
+	m="`git merge-base $newrev $oldrev`"
+	if [ "$oldrev" != "$zero" -a "$m" != "$oldrev" ] ; then
+	    echo "Non-fast-forward!" >&2;
+	    exit 1;
+	fi;
+fi
+
+
+case "$refname","$newrev_type" in
+	refs/tags/*,commit)
+		# un-annotated tag
+		short_refname=${refname##refs/tags/}
+		    echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
+		    echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
+		    exit 1
+		;;
+	refs/tags/*,delete)
+		# delete tag
+		    echo "*** Deleting a tag is not allowed in this repository" >&2
+		    exit 1
+		;;
+	refs/tags/*,tag)
+		# annotated tag
+		if git rev-parse $refname > /dev/null 2>&1
+		then
+			echo "*** Tag '$refname' already exists." >&2
+			echo "*** Modifying a tag is not allowed in this repository." >&2
+			exit 1
+		fi
+		;;
+	refs/heads/*,commit)
+		# create branch
+		if [ "$oldrev" = "$zero" ]; then
+			#exit 1  # Uncomment it to disallow creating new branches
+			:;
+		fi
+		;;
+	refs/heads/*,delete)
+		# delete branch
+		echo "*** Deleting a branch is not allowed in this repository" >&2
+		exit 1
+		;;
+	refs/remotes/*,commit)
+		# tracking branch
+		exit 1;
+		;;
+	refs/remotes/*,delete)
+		# delete tracking branch
+		echo "*** Deleting a tracking branch is not allowed in this repository" >&2
+		exit 1
+		;;
+	*)
+		# Anything else (is there anything else?)
+		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
+		exit 1
+		;;
+esac
+
+# --- Finished
+exit 0
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]