No activity since 2008, no tests, no documentation. Cc: Gerrit Pape <pape@xxxxxxxxxxx> Cc: Shawn O. Pearce <spearce@xxxxxxxxxxx> Cc: Andy Parkins <andyparkins@xxxxxxxxx> Signed-off-by: Felipe Contreras <felipe.contreras@xxxxxxxxx> --- contrib/hooks/post-receive-email | 759 -------------------------------------- contrib/hooks/pre-auto-gc-battery | 42 --- contrib/hooks/setgitperms.perl | 214 ----------- contrib/hooks/update-paranoid | 421 --------------------- 4 files changed, 1436 deletions(-) delete mode 100755 contrib/hooks/post-receive-email delete mode 100755 contrib/hooks/pre-auto-gc-battery delete mode 100755 contrib/hooks/setgitperms.perl delete mode 100755 contrib/hooks/update-paranoid diff --git a/contrib/hooks/post-receive-email b/contrib/hooks/post-receive-email deleted file mode 100755 index 8747b84..0000000 --- a/contrib/hooks/post-receive-email +++ /dev/null @@ -1,759 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2007 Andy Parkins -# -# An example hook script to mail out commit update information. -# -# NOTE: This script is no longer under active development. There -# is another script, git-multimail, which is more capable and -# configurable and is largely backwards-compatible with this script; -# please see "contrib/hooks/multimail/". For instructions on how to -# migrate from post-receive-email to git-multimail, please see -# "README.migrate-from-post-receive-email" in that directory. -# -# This hook sends emails listing new revisions to the repository -# introduced by the change being reported. The rule is that (for -# branch updates) each commit will appear on one email and one email -# only. -# -# This hook is stored in the contrib/hooks directory. Your distribution -# will have put this somewhere standard. You should make this script -# executable then link to it in the repository you would like to use it in. -# For example, on debian the hook is stored in -# /usr/share/git-core/contrib/hooks/post-receive-email: -# -# cd /path/to/your/repository.git -# ln -sf /usr/share/git-core/contrib/hooks/post-receive-email hooks/post-receive -# -# This hook script assumes it is enabled on the central repository of a -# project, with all users pushing only to it and not between each other. It -# will still work if you don't operate in that style, but it would become -# possible for the email to be from someone other than the person doing the -# push. -# -# To help with debugging and use on pre-v1.5.1 git servers, this script will -# also obey the interface of hooks/update, taking its arguments on the -# command line. Unfortunately, hooks/update is called once for each ref. -# To avoid firing one email per ref, this script just prints its output to -# the screen when used in this mode. The output can then be redirected if -# wanted. -# -# Config -# ------ -# hooks.mailinglist -# This is the list that all pushes will go to; leave it blank to not send -# emails for every ref update. -# hooks.announcelist -# This is the list that all pushes of annotated tags will go to. Leave it -# blank to default to the mailinglist field. The announce emails lists -# the short log summary of the changes since the last annotated tag. -# hooks.envelopesender -# If set then the -f option is passed to sendmail to allow the envelope -# sender address to be set -# hooks.emailprefix -# All emails have their subjects prefixed with this prefix, or "[SCM]" -# if emailprefix is unset, to aid filtering -# hooks.showrev -# The shell command used to format each revision in the email, with -# "%s" replaced with the commit id. Defaults to "git rev-list -1 -# --pretty %s", displaying the commit id, author, date and log -# message. To list full patches separated by a blank line, you -# could set this to "git show -C %s; echo". -# To list a gitweb/cgit URL *and* a full patch for each change set, use this: -# "t=%s; printf 'http://.../?id=%%s' \$t; echo;echo; git show -C \$t; echo" -# Be careful if "..." contains things that will be expanded by shell "eval" -# or printf. -# hooks.emailmaxlines -# The maximum number of lines that should be included in the generated -# email body. If not specified, there is no limit. -# Lines beyond the limit are suppressed and counted, and a final -# line is added indicating the number of suppressed lines. -# hooks.diffopts -# Alternate options for the git diff-tree invocation that shows changes. -# Default is "--stat --summary --find-copies-harder". Add -p to those -# options to include a unified diff of changes in addition to the usual -# summary output. -# -# Notes -# ----- -# All emails include the headers "X-Git-Refname", "X-Git-Oldrev", -# "X-Git-Newrev", and "X-Git-Reftype" to enable fine tuned filtering and -# give information for debugging. -# - -# ---------------------------- Functions - -# -# Function to prepare for email generation. This decides what type -# of update this is and whether an email should even be generated. -# -prep_for_email() -{ - # --- Arguments - oldrev=$(git rev-parse $1) - newrev=$(git rev-parse $2) - refname="$3" - - # --- Interpret - # 0000->1234 (create) - # 1234->2345 (update) - # 2345->0000 (delete) - if expr "$oldrev" : '0*$' >/dev/null - then - change_type="create" - else - if expr "$newrev" : '0*$' >/dev/null - then - change_type="delete" - else - change_type="update" - fi - fi - - # --- Get the revision types - newrev_type=$(git cat-file -t $newrev 2> /dev/null) - oldrev_type=$(git cat-file -t "$oldrev" 2> /dev/null) - case "$change_type" in - create|update) - rev="$newrev" - rev_type="$newrev_type" - ;; - delete) - rev="$oldrev" - rev_type="$oldrev_type" - ;; - esac - - # The revision type tells us what type the commit is, combined with - # the location of the ref we can decide between - # - working branch - # - tracking branch - # - unannoted tag - # - annotated tag - case "$refname","$rev_type" in - refs/tags/*,commit) - # un-annotated tag - refname_type="tag" - short_refname=${refname##refs/tags/} - ;; - refs/tags/*,tag) - # annotated tag - refname_type="annotated tag" - short_refname=${refname##refs/tags/} - # change recipients - if [ -n "$announcerecipients" ]; then - recipients="$announcerecipients" - fi - ;; - refs/heads/*,commit) - # branch - refname_type="branch" - short_refname=${refname##refs/heads/} - ;; - refs/remotes/*,commit) - # tracking branch - refname_type="tracking branch" - short_refname=${refname##refs/remotes/} - echo >&2 "*** Push-update of tracking branch, $refname" - echo >&2 "*** - no email generated." - return 1 - ;; - *) - # Anything else (is there anything else?) - echo >&2 "*** Unknown type of update to $refname ($rev_type)" - echo >&2 "*** - no email generated" - return 1 - ;; - esac - - # Check if we've got anyone to send to - if [ -z "$recipients" ]; then - case "$refname_type" in - "annotated tag") - config_name="hooks.announcelist" - ;; - *) - config_name="hooks.mailinglist" - ;; - esac - echo >&2 "*** $config_name is not set so no email will be sent" - echo >&2 "*** for $refname update $oldrev->$newrev" - return 1 - fi - - return 0 -} - -# -# Top level email generation function. This calls the appropriate -# body-generation routine after outputting the common header. -# -# Note this function doesn't actually generate any email output, that is -# taken care of by the functions it calls: -# - generate_email_header -# - generate_create_XXXX_email -# - generate_update_XXXX_email -# - generate_delete_XXXX_email -# - generate_email_footer -# -# Note also that this function cannot 'exit' from the script; when this -# function is running (in hook script mode), the send_mail() function -# is already executing in another process, connected via a pipe, and -# if this function exits without, whatever has been generated to that -# point will be sent as an email... even if nothing has been generated. -# -generate_email() -{ - # Email parameters - # The email subject will contain the best description of the ref - # that we can build from the parameters - describe=$(git describe $rev 2>/dev/null) - if [ -z "$describe" ]; then - describe=$rev - fi - - generate_email_header - - # Call the correct body generation function - fn_name=general - case "$refname_type" in - "tracking branch"|branch) - fn_name=branch - ;; - "annotated tag") - fn_name=atag - ;; - esac - - if [ -z "$maxlines" ]; then - generate_${change_type}_${fn_name}_email - else - generate_${change_type}_${fn_name}_email | limit_lines $maxlines - fi - - generate_email_footer -} - -generate_email_header() -{ - # --- Email (all stdout will be the email) - # Generate header - cat <<-EOF - To: $recipients - Subject: ${emailprefix}$projectdesc $refname_type $short_refname ${change_type}d. $describe - MIME-Version: 1.0 - Content-Type: text/plain; charset=utf-8 - Content-Transfer-Encoding: 8bit - X-Git-Refname: $refname - X-Git-Reftype: $refname_type - X-Git-Oldrev: $oldrev - X-Git-Newrev: $newrev - Auto-Submitted: auto-generated - - This is an automated email from the git hooks/post-receive script. It was - generated because a ref change was pushed to the repository containing - the project "$projectdesc". - - The $refname_type, $short_refname has been ${change_type}d - EOF -} - -generate_email_footer() -{ - SPACE=" " - cat <<-EOF - - - hooks/post-receive - --${SPACE} - $projectdesc - EOF -} - -# --------------- Branches - -# -# Called for the creation of a branch -# -generate_create_branch_email() -{ - # This is a new branch and so oldrev is not valid - echo " at $newrev ($newrev_type)" - echo "" - - echo $LOGBEGIN - show_new_revisions - echo $LOGEND -} - -# -# Called for the change of a pre-existing branch -# -generate_update_branch_email() -{ - # Consider this: - # 1 --- 2 --- O --- X --- 3 --- 4 --- N - # - # O is $oldrev for $refname - # N is $newrev for $refname - # X is a revision pointed to by some other ref, for which we may - # assume that an email has already been generated. - # In this case we want to issue an email containing only revisions - # 3, 4, and N. Given (almost) by - # - # git rev-list N ^O --not --all - # - # The reason for the "almost", is that the "--not --all" will take - # precedence over the "N", and effectively will translate to - # - # git rev-list N ^O ^X ^N - # - # So, we need to build up the list more carefully. git rev-parse - # will generate a list of revs that may be fed into git rev-list. - # We can get it to make the "--not --all" part and then filter out - # the "^N" with: - # - # git rev-parse --not --all | grep -v N - # - # Then, using the --stdin switch to git rev-list we have effectively - # manufactured - # - # git rev-list N ^O ^X - # - # This leaves a problem when someone else updates the repository - # while this script is running. Their new value of the ref we're - # working on would be included in the "--not --all" output; and as - # our $newrev would be an ancestor of that commit, it would exclude - # all of our commits. What we really want is to exclude the current - # value of $refname from the --not list, rather than N itself. So: - # - # git rev-parse --not --all | grep -v $(git rev-parse $refname) - # - # Get's us to something pretty safe (apart from the small time - # between refname being read, and git rev-parse running - for that, - # I give up) - # - # - # Next problem, consider this: - # * --- B --- * --- O ($oldrev) - # \ - # * --- X --- * --- N ($newrev) - # - # That is to say, there is no guarantee that oldrev is a strict - # subset of newrev (it would have required a --force, but that's - # allowed). So, we can't simply say rev-list $oldrev..$newrev. - # Instead we find the common base of the two revs and list from - # there. - # - # As above, we need to take into account the presence of X; if - # another branch is already in the repository and points at some of - # the revisions that we are about to output - we don't want them. - # The solution is as before: git rev-parse output filtered. - # - # Finally, tags: 1 --- 2 --- O --- T --- 3 --- 4 --- N - # - # Tags pushed into the repository generate nice shortlog emails that - # summarise the commits between them and the previous tag. However, - # those emails don't include the full commit messages that we output - # for a branch update. Therefore we still want to output revisions - # that have been output on a tag email. - # - # Luckily, git rev-parse includes just the tool. Instead of using - # "--all" we use "--branches"; this has the added benefit that - # "remotes/" will be ignored as well. - - # List all of the revisions that were removed by this update, in a - # fast-forward update, this list will be empty, because rev-list O - # ^N is empty. For a non-fast-forward, O ^N is the list of removed - # revisions - fast_forward="" - rev="" - for rev in $(git rev-list $newrev..$oldrev) - do - revtype=$(git cat-file -t "$rev") - echo " discards $rev ($revtype)" - done - if [ -z "$rev" ]; then - fast_forward=1 - fi - - # List all the revisions from baserev to newrev in a kind of - # "table-of-contents"; note this list can include revisions that - # have already had notification emails and is present to show the - # full detail of the change from rolling back the old revision to - # the base revision and then forward to the new revision - for rev in $(git rev-list $oldrev..$newrev) - do - revtype=$(git cat-file -t "$rev") - echo " via $rev ($revtype)" - done - - if [ "$fast_forward" ]; then - echo " from $oldrev ($oldrev_type)" - else - # 1. Existing revisions were removed. In this case newrev - # is a subset of oldrev - this is the reverse of a - # fast-forward, a rewind - # 2. New revisions were added on top of an old revision, - # this is a rewind and addition. - - # (1) certainly happened, (2) possibly. When (2) hasn't - # happened, we set a flag to indicate that no log printout - # is required. - - echo "" - - # Find the common ancestor of the old and new revisions and - # compare it with newrev - baserev=$(git merge-base $oldrev $newrev) - rewind_only="" - if [ "$baserev" = "$newrev" ]; then - echo "This update discarded existing revisions and left the branch pointing at" - echo "a previous point in the repository history." - echo "" - echo " * -- * -- N ($newrev)" - echo " \\" - echo " O -- O -- O ($oldrev)" - echo "" - echo "The removed revisions are not necessarily gone - if another reference" - echo "still refers to them they will stay in the repository." - rewind_only=1 - else - echo "This update added new revisions after undoing existing revisions. That is" - echo "to say, the old revision is not a strict subset of the new revision. This" - echo "situation occurs when you --force push a change and generate a repository" - echo "containing something like this:" - echo "" - echo " * -- * -- B -- O -- O -- O ($oldrev)" - echo " \\" - echo " N -- N -- N ($newrev)" - echo "" - echo "When this happens we assume that you've already had alert emails for all" - echo "of the O revisions, and so we here report only the revisions in the N" - echo "branch from the common base, B." - fi - fi - - echo "" - if [ -z "$rewind_only" ]; then - echo "Those revisions listed above that are new to this repository have" - echo "not appeared on any other notification email; so we list those" - echo "revisions in full, below." - - echo "" - echo $LOGBEGIN - show_new_revisions - - # XXX: Need a way of detecting whether git rev-list actually - # outputted anything, so that we can issue a "no new - # revisions added by this update" message - - echo $LOGEND - else - echo "No new revisions were added by this update." - fi - - # The diffstat is shown from the old revision to the new revision. - # This is to show the truth of what happened in this change. - # There's no point showing the stat from the base to the new - # revision because the base is effectively a random revision at this - # point - the user will be interested in what this revision changed - # - including the undoing of previous revisions in the case of - # non-fast-forward updates. - echo "" - echo "Summary of changes:" - git diff-tree $diffopts $oldrev..$newrev -} - -# -# Called for the deletion of a branch -# -generate_delete_branch_email() -{ - echo " was $oldrev" - echo "" - echo $LOGBEGIN - git diff-tree -s --always --encoding=UTF-8 --pretty=oneline $oldrev - echo $LOGEND -} - -# --------------- Annotated tags - -# -# Called for the creation of an annotated tag -# -generate_create_atag_email() -{ - echo " at $newrev ($newrev_type)" - - generate_atag_email -} - -# -# Called for the update of an annotated tag (this is probably a rare event -# and may not even be allowed) -# -generate_update_atag_email() -{ - echo " to $newrev ($newrev_type)" - echo " from $oldrev (which is now obsolete)" - - generate_atag_email -} - -# -# Called when an annotated tag is created or changed -# -generate_atag_email() -{ - # Use git for-each-ref to pull out the individual fields from the - # tag - eval $(git for-each-ref --shell --format=' - tagobject=%(*objectname) - tagtype=%(*objecttype) - tagger=%(taggername) - tagged=%(taggerdate)' $refname - ) - - echo " tagging $tagobject ($tagtype)" - case "$tagtype" in - commit) - - # If the tagged object is a commit, then we assume this is a - # release, and so we calculate which tag this tag is - # replacing - prevtag=$(git describe --abbrev=0 $newrev^ 2>/dev/null) - - if [ -n "$prevtag" ]; then - echo " replaces $prevtag" - fi - ;; - *) - echo " length $(git cat-file -s $tagobject) bytes" - ;; - esac - echo " tagged by $tagger" - echo " on $tagged" - - echo "" - echo $LOGBEGIN - - # Show the content of the tag message; this might contain a change - # log or release notes so is worth displaying. - git cat-file tag $newrev | sed -e '1,/^$/d' - - echo "" - case "$tagtype" in - commit) - # Only commit tags make sense to have rev-list operations - # performed on them - if [ -n "$prevtag" ]; then - # Show changes since the previous release - git shortlog "$prevtag..$newrev" - else - # No previous tag, show all the changes since time - # began - git shortlog $newrev - fi - ;; - *) - # XXX: Is there anything useful we can do for non-commit - # objects? - ;; - esac - - echo $LOGEND -} - -# -# Called for the deletion of an annotated tag -# -generate_delete_atag_email() -{ - echo " was $oldrev" - echo "" - echo $LOGBEGIN - git diff-tree -s --always --encoding=UTF-8 --pretty=oneline $oldrev - echo $LOGEND -} - -# --------------- General references - -# -# Called when any other type of reference is created (most likely a -# non-annotated tag) -# -generate_create_general_email() -{ - echo " at $newrev ($newrev_type)" - - generate_general_email -} - -# -# Called when any other type of reference is updated (most likely a -# non-annotated tag) -# -generate_update_general_email() -{ - echo " to $newrev ($newrev_type)" - echo " from $oldrev" - - generate_general_email -} - -# -# Called for creation or update of any other type of reference -# -generate_general_email() -{ - # Unannotated tags are more about marking a point than releasing a - # version; therefore we don't do the shortlog summary that we do for - # annotated tags above - we simply show that the point has been - # marked, and print the log message for the marked point for - # reference purposes - # - # Note this section also catches any other reference type (although - # there aren't any) and deals with them in the same way. - - echo "" - if [ "$newrev_type" = "commit" ]; then - echo $LOGBEGIN - git diff-tree -s --always --encoding=UTF-8 --pretty=medium $newrev - echo $LOGEND - else - # What can we do here? The tag marks an object that is not - # a commit, so there is no log for us to display. It's - # probably not wise to output git cat-file as it could be a - # binary blob. We'll just say how big it is - echo "$newrev is a $newrev_type, and is $(git cat-file -s $newrev) bytes long." - fi -} - -# -# Called for the deletion of any other type of reference -# -generate_delete_general_email() -{ - echo " was $oldrev" - echo "" - echo $LOGBEGIN - git diff-tree -s --always --encoding=UTF-8 --pretty=oneline $oldrev - echo $LOGEND -} - - -# --------------- Miscellaneous utilities - -# -# Show new revisions as the user would like to see them in the email. -# -show_new_revisions() -{ - # This shows all log entries that are not already covered by - # another ref - i.e. commits that are now accessible from this - # ref that were previously not accessible - # (see generate_update_branch_email for the explanation of this - # command) - - # Revision range passed to rev-list differs for new vs. updated - # branches. - if [ "$change_type" = create ] - then - # Show all revisions exclusive to this (new) branch. - revspec=$newrev - else - # Branch update; show revisions not part of $oldrev. - revspec=$oldrev..$newrev - fi - - other_branches=$(git for-each-ref --format='%(refname)' refs/heads/ | - grep -F -v $refname) - git rev-parse --not $other_branches | - if [ -z "$custom_showrev" ] - then - git rev-list --pretty --stdin $revspec - else - git rev-list --stdin $revspec | - while read onerev - do - eval $(printf "$custom_showrev" $onerev) - done - fi -} - - -limit_lines() -{ - lines=0 - skipped=0 - while IFS="" read -r line; do - lines=$((lines + 1)) - if [ $lines -gt $1 ]; then - skipped=$((skipped + 1)) - else - printf "%s\n" "$line" - fi - done - if [ $skipped -ne 0 ]; then - echo "... $skipped lines suppressed ..." - fi -} - - -send_mail() -{ - if [ -n "$envelopesender" ]; then - /usr/sbin/sendmail -t -f "$envelopesender" - else - /usr/sbin/sendmail -t - fi -} - -# ---------------------------- main() - -# --- Constants -LOGBEGIN="- Log -----------------------------------------------------------------" -LOGEND="-----------------------------------------------------------------------" - -# --- Config -# Set GIT_DIR either from the working directory, or from the environment -# variable. -GIT_DIR=$(git rev-parse --git-dir 2>/dev/null) -if [ -z "$GIT_DIR" ]; then - echo >&2 "fatal: post-receive: GIT_DIR not set" - exit 1 -fi - -projectdesc=$(sed -ne '1p' "$GIT_DIR/description" 2>/dev/null) -# Check if the description is unchanged from it's default, and shorten it to -# a more manageable length if it is -if expr "$projectdesc" : "Unnamed repository.*$" >/dev/null -then - projectdesc="UNNAMED PROJECT" -fi - -recipients=$(git config hooks.mailinglist) -announcerecipients=$(git config hooks.announcelist) -envelopesender=$(git config hooks.envelopesender) -emailprefix=$(git config hooks.emailprefix || echo '[SCM] ') -custom_showrev=$(git config hooks.showrev) -maxlines=$(git config hooks.emailmaxlines) -diffopts=$(git config hooks.diffopts) -: ${diffopts:="--stat --summary --find-copies-harder"} - -# --- Main loop -# Allow dual mode: run from the command line just like the update hook, or -# if no arguments are given then run as a hook script -if [ -n "$1" -a -n "$2" -a -n "$3" ]; then - # Output to the terminal in command line mode - if someone wanted to - # resend an email; they could redirect the output to sendmail - # themselves - prep_for_email $2 $3 $1 && PAGER= generate_email -else - while read oldrev newrev refname - do - prep_for_email $oldrev $newrev $refname || continue - generate_email $maxlines | send_mail - done -fi diff --git a/contrib/hooks/pre-auto-gc-battery b/contrib/hooks/pre-auto-gc-battery deleted file mode 100755 index 9d0c2d1..0000000 --- a/contrib/hooks/pre-auto-gc-battery +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -# -# An example hook script to verify if you are on battery, in case you -# are running Linux or OS X. Called by git-gc --auto with no arguments. -# The hook should exit with non-zero status after issuing an appropriate -# message if it wants to stop the auto repacking. -# -# This hook is stored in the contrib/hooks directory. Your distribution -# may have put this somewhere else. If you want to use this hook, you -# should make this script executable then link to it in the repository -# you would like to use it in. -# -# For example, if the hook is stored in -# /usr/share/git-core/contrib/hooks/pre-auto-gc-battery: -# -# cd /path/to/your/repository.git -# ln -sf /usr/share/git-core/contrib/hooks/pre-auto-gc-battery \ -# hooks/pre-auto-gc - -if test -x /sbin/on_ac_power && /sbin/on_ac_power -then - exit 0 -elif test "$(cat /sys/class/power_supply/AC/online 2>/dev/null)" = 1 -then - exit 0 -elif grep -q 'on-line' /proc/acpi/ac_adapter/AC/state 2>/dev/null -then - exit 0 -elif grep -q '0x01$' /proc/apm 2>/dev/null -then - exit 0 -elif grep -q "AC Power \+: 1" /proc/pmu/info 2>/dev/null -then - exit 0 -elif test -x /usr/bin/pmset && /usr/bin/pmset -g batt | - grep -q "Currently drawing from 'AC Power'" -then - exit 0 -fi - -echo "Auto packing deferred; not on AC" -exit 1 diff --git a/contrib/hooks/setgitperms.perl b/contrib/hooks/setgitperms.perl deleted file mode 100755 index 2770a1b..0000000 --- a/contrib/hooks/setgitperms.perl +++ /dev/null @@ -1,214 +0,0 @@ -#!/usr/bin/perl -# -# Copyright (c) 2006 Josh England -# -# This script can be used to save/restore full permissions and ownership data -# within a git working tree. -# -# To save permissions/ownership data, place this script in your .git/hooks -# directory and enable a `pre-commit` hook with the following lines: -# #!/bin/sh -# SUBDIRECTORY_OK=1 . git-sh-setup -# $GIT_DIR/hooks/setgitperms.perl -r -# -# To restore permissions/ownership data, place this script in your .git/hooks -# directory and enable a `post-merge` and `post-checkout` hook with the -# following lines: -# #!/bin/sh -# SUBDIRECTORY_OK=1 . git-sh-setup -# $GIT_DIR/hooks/setgitperms.perl -w -# -use strict; -use Getopt::Long; -use File::Find; -use File::Basename; - -my $usage = -"usage: setgitperms.perl [OPTION]... <--read|--write> -This program uses a file `.gitmeta` to store/restore permissions and uid/gid -info for all files/dirs tracked by git in the repository. - ----------------------------------Read Mode------------------------------------- --r, --read Reads perms/etc from working dir into a .gitmeta file --s, --stdout Output to stdout instead of .gitmeta --d, --diff Show unified diff of perms file (XOR with --stdout) - ----------------------------------Write Mode------------------------------------ --w, --write Modify perms/etc in working dir to match the .gitmeta file --v, --verbose Be verbose - -\n"; - -my ($stdout, $showdiff, $verbose, $read_mode, $write_mode); - -if ((@ARGV < 0) || !GetOptions( - "stdout", \$stdout, - "diff", \$showdiff, - "read", \$read_mode, - "write", \$write_mode, - "verbose", \$verbose, - )) { die $usage; } -die $usage unless ($read_mode xor $write_mode); - -my $topdir = `git rev-parse --show-cdup` or die "\n"; chomp $topdir; -my $gitdir = $topdir . '.git'; -my $gitmeta = $topdir . '.gitmeta'; - -if ($write_mode) { - # Update the working dir permissions/ownership based on data from .gitmeta - open (IN, "<$gitmeta") or die "Could not open $gitmeta for reading: $!\n"; - while (defined ($_ = <IN>)) { - chomp; - if (/^(.*) mode=(\S+)\s+uid=(\d+)\s+gid=(\d+)/) { - # Compare recorded perms to actual perms in the working dir - my ($path, $mode, $uid, $gid) = ($1, $2, $3, $4); - my $fullpath = $topdir . $path; - my (undef,undef,$wmode,undef,$wuid,$wgid) = lstat($fullpath); - $wmode = sprintf "%04o", $wmode & 07777; - if ($mode ne $wmode) { - $verbose && print "Updating permissions on $path: old=$wmode, new=$mode\n"; - chmod oct($mode), $fullpath; - } - if ($uid != $wuid || $gid != $wgid) { - if ($verbose) { - # Print out user/group names instead of uid/gid - my $pwname = getpwuid($uid); - my $grpname = getgrgid($gid); - my $wpwname = getpwuid($wuid); - my $wgrpname = getgrgid($wgid); - $pwname = $uid if !defined $pwname; - $grpname = $gid if !defined $grpname; - $wpwname = $wuid if !defined $wpwname; - $wgrpname = $wgid if !defined $wgrpname; - - print "Updating uid/gid on $path: old=$wpwname/$wgrpname, new=$pwname/$grpname\n"; - } - chown $uid, $gid, $fullpath; - } - } - else { - warn "Invalid input format in $gitmeta:\n\t$_\n"; - } - } - close IN; -} -elsif ($read_mode) { - # Handle merge conflicts in the .gitperms file - if (-e "$gitdir/MERGE_MSG") { - if (`grep ====== $gitmeta`) { - # Conflict not resolved -- abort the commit - print "PERMISSIONS/OWNERSHIP CONFLICT\n"; - print " Resolve the conflict in the $gitmeta file and then run\n"; - print " `.git/hooks/setgitperms.perl --write` to reconcile.\n"; - exit 1; - } - elsif (`grep $gitmeta $gitdir/MERGE_MSG`) { - # A conflict in .gitmeta has been manually resolved. Verify that - # the working dir perms matches the current .gitmeta perms for - # each file/dir that conflicted. - # This is here because a `setgitperms.perl --write` was not - # performed due to a merge conflict, so permissions/ownership - # may not be consistent with the manually merged .gitmeta file. - my @conflict_diff = `git show \$(cat $gitdir/MERGE_HEAD)`; - my @conflict_files; - my $metadiff = 0; - - # Build a list of files that conflicted from the .gitmeta diff - foreach my $line (@conflict_diff) { - if ($line =~ m|^diff --git a/$gitmeta b/$gitmeta|) { - $metadiff = 1; - } - elsif ($line =~ /^diff --git/) { - $metadiff = 0; - } - elsif ($metadiff && $line =~ /^\+(.*) mode=/) { - push @conflict_files, $1; - } - } - - # Verify that each conflict file now has permissions consistent - # with the .gitmeta file - foreach my $file (@conflict_files) { - my $absfile = $topdir . $file; - my $gm_entry = `grep "^$file mode=" $gitmeta`; - if ($gm_entry =~ /mode=(\d+) uid=(\d+) gid=(\d+)/) { - my ($gm_mode, $gm_uid, $gm_gid) = ($1, $2, $3); - my (undef,undef,$mode,undef,$uid,$gid) = lstat("$absfile"); - $mode = sprintf("%04o", $mode & 07777); - if (($gm_mode ne $mode) || ($gm_uid != $uid) - || ($gm_gid != $gid)) { - print "PERMISSIONS/OWNERSHIP CONFLICT\n"; - print " Mismatch found for file: $file\n"; - print " Run `.git/hooks/setgitperms.perl --write` to reconcile.\n"; - exit 1; - } - } - else { - print "Warning! Permissions/ownership no longer being tracked for file: $file\n"; - } - } - } - } - - # No merge conflicts -- write out perms/ownership data to .gitmeta file - unless ($stdout) { - open (OUT, ">$gitmeta.tmp") or die "Could not open $gitmeta.tmp for writing: $!\n"; - } - - my @files = `git ls-files`; - my %dirs; - - foreach my $path (@files) { - chomp $path; - # We have to manually add stats for parent directories - my $parent = dirname($path); - while (!exists $dirs{$parent}) { - $dirs{$parent} = 1; - next if $parent eq '.'; - printstats($parent); - $parent = dirname($parent); - } - # Now the git-tracked file - printstats($path); - } - - # diff the temporary metadata file to see if anything has changed - # If no metadata has changed, don't overwrite the real file - # This is just so `git commit -a` doesn't try to commit a bogus update - unless ($stdout) { - if (! -e $gitmeta) { - rename "$gitmeta.tmp", $gitmeta; - } - else { - my $diff = `diff -U 0 $gitmeta $gitmeta.tmp`; - if ($diff ne '') { - rename "$gitmeta.tmp", $gitmeta; - } - else { - unlink "$gitmeta.tmp"; - } - if ($showdiff) { - print $diff; - } - } - close OUT; - } - # Make sure the .gitmeta file is tracked - system("git add $gitmeta"); -} - - -sub printstats { - my $path = $_[0]; - $path =~ s/@/\@/g; - my (undef,undef,$mode,undef,$uid,$gid) = lstat($path); - $path =~ s/%/\%/g; - if ($stdout) { - print $path; - printf " mode=%04o uid=$uid gid=$gid\n", $mode & 07777; - } - else { - print OUT $path; - printf OUT " mode=%04o uid=$uid gid=$gid\n", $mode & 07777; - } -} diff --git a/contrib/hooks/update-paranoid b/contrib/hooks/update-paranoid deleted file mode 100755 index d18b317..0000000 --- a/contrib/hooks/update-paranoid +++ /dev/null @@ -1,421 +0,0 @@ -#!/usr/bin/perl - -use strict; -use File::Spec; - -$ENV{PATH} = '/opt/git/bin'; -my $acl_git = '/vcs/acls.git'; -my $acl_branch = 'refs/heads/master'; -my $debug = 0; - -=doc -Invoked as: update refname old-sha1 new-sha1 - -This script is run by git-receive-pack once for each ref that the -client is trying to modify. If we exit with a non-zero exit value -then the update for that particular ref is denied, but updates for -other refs in the same run of receive-pack may still be allowed. - -We are run after the objects have been uploaded, but before the -ref is actually modified. We take advantage of that fact when we -look for "new" commits and tags (the new objects won't show up in -`rev-list --all`). - -This script loads and parses the content of the config file -"users/$this_user.acl" from the $acl_branch commit of $acl_git ODB. -The acl file is a git-config style file, but uses a slightly more -restricted syntax as the Perl parser contained within this script -is not nearly as permissive as git-config. - -Example: - - [user] - committer = John Doe <john.doe@xxxxxxxxxxx> - committer = John R. Doe <john.doe@xxxxxxxxxxx> - - [repository "acls"] - allow = heads/master - allow = CDUR for heads/jd/ - allow = C for ^tags/v\\d+$ - -For all new commit or tag objects the committer (or tagger) line -within the object must exactly match one of the user.committer -values listed in the acl file ("HEAD:users/$this_user.acl"). - -For a branch to be modified an allow line within the matching -repository section must be matched for both the refname and the -opcode. - -Repository sections are matched on the basename of the repository -(after removing the .git suffix). - -The opcode abbrevations are: - - C: create new ref - D: delete existing ref - U: fast-forward existing ref (no commit loss) - R: rewind/rebase existing ref (commit loss) - -if no opcodes are listed before the "for" keyword then "U" (for -fast-forward update only) is assumed as this is the most common -usage. - -Refnames are matched by always assuming a prefix of "refs/". -This hook forbids pushing or deleting anything not under "refs/". - -Refnames that start with ^ are Perl regular expressions, and the ^ -is kept as part of the regexp. \\ is needed to get just one \, so -\\d expands to \d in Perl. The 3rd allow line above is an example. - -Refnames that don't start with ^ but that end with / are prefix -matches (2nd allow line above); all other refnames are strict -equality matches (1st allow line). - -Anything pushed to "heads/" (ok, really "refs/heads/") must be -a commit. Tags are not permitted here. - -Anything pushed to "tags/" (err, really "refs/tags/") must be an -annotated tag. Commits, blobs, trees, etc. are not permitted here. -Annotated tag signatures aren't checked, nor are they required. - -The special subrepository of 'info/new-commit-check' can -be created and used to allow users to push new commits and -tags from another local repository to this one, even if they -aren't the committer/tagger of those objects. In a nut shell -the info/new-commit-check directory is a Git repository whose -objects/info/alternates file lists this repository and all other -possible sources, and whose refs subdirectory contains symlinks -to this repository's refs subdirectory, and to all other possible -sources refs subdirectories. Yes, this means that you cannot -use packed-refs in those repositories as they won't be resolved -correctly. - -=cut - -my $git_dir = $ENV{GIT_DIR}; -my $new_commit_check = "$git_dir/info/new-commit-check"; -my $ref = $ARGV[0]; -my $old = $ARGV[1]; -my $new = $ARGV[2]; -my $new_type; -my ($this_user) = getpwuid $<; # REAL_USER_ID -my $repository_name; -my %user_committer; -my @allow_rules; -my @path_rules; -my %diff_cache; - -sub deny ($) { - print STDERR "-Deny- $_[0]\n" if $debug; - print STDERR "\ndenied: $_[0]\n\n"; - exit 1; -} - -sub grant ($) { - print STDERR "-Grant- $_[0]\n" if $debug; - exit 0; -} - -sub info ($) { - print STDERR "-Info- $_[0]\n" if $debug; -} - -sub git_value (@) { - open(T,'-|','git',@_); local $_ = <T>; chop; close T; $_; -} - -sub match_string ($$) { - my ($acl_n, $ref) = @_; - ($acl_n eq $ref) - || ($acl_n =~ m,/$, && substr($ref,0,length $acl_n) eq $acl_n) - || ($acl_n =~ m,^\^, && $ref =~ m:$acl_n:); -} - -sub parse_config ($$$$) { - my $data = shift; - local $ENV{GIT_DIR} = shift; - my $br = shift; - my $fn = shift; - return unless git_value('rev-list','--max-count=1',$br,'--',$fn); - info "Loading $br:$fn"; - open(I,'-|','git','cat-file','blob',"$br:$fn"); - my $section = ''; - while (<I>) { - chomp; - if (/^\s*$/ || /^\s*#/) { - } elsif (/^\[([a-z]+)\]$/i) { - $section = lc $1; - } elsif (/^\[([a-z]+)\s+"(.*)"\]$/i) { - $section = join('.',lc $1,$2); - } elsif (/^\s*([a-z][a-z0-9]+)\s*=\s*(.*?)\s*$/i) { - push @{$data->{join('.',$section,lc $1)}}, $2; - } else { - deny "bad config file line $. in $br:$fn"; - } - } - close I; -} - -sub all_new_committers () { - local $ENV{GIT_DIR} = $git_dir; - $ENV{GIT_DIR} = $new_commit_check if -d $new_commit_check; - - info "Getting committers of new commits."; - my %used; - open(T,'-|','git','rev-list','--pretty=raw',$new,'--not','--all'); - while (<T>) { - next unless s/^committer //; - chop; - s/>.*$/>/; - info "Found $_." unless $used{$_}++; - } - close T; - info "No new commits." unless %used; - keys %used; -} - -sub all_new_taggers () { - my %exists; - open(T,'-|','git','for-each-ref','--format=%(objectname)','refs/tags'); - while (<T>) { - chop; - $exists{$_} = 1; - } - close T; - - info "Getting taggers of new tags."; - my %used; - my $obj = $new; - my $obj_type = $new_type; - while ($obj_type eq 'tag') { - last if $exists{$obj}; - $obj_type = ''; - open(T,'-|','git','cat-file','tag',$obj); - while (<T>) { - chop; - if (/^object ([a-z0-9]{40})$/) { - $obj = $1; - } elsif (/^type (.+)$/) { - $obj_type = $1; - } elsif (s/^tagger //) { - s/>.*$/>/; - info "Found $_." unless $used{$_}++; - last; - } - } - close T; - } - info "No new tags." unless %used; - keys %used; -} - -sub check_committers (@) { - my @bad; - foreach (@_) { push @bad, $_ unless $user_committer{$_}; } - if (@bad) { - print STDERR "\n"; - print STDERR "You are not $_.\n" foreach (sort @bad); - deny "You cannot push changes not committed by you."; - } -} - -sub load_diff ($) { - my $base = shift; - my $d = $diff_cache{$base}; - unless ($d) { - local $/ = "\0"; - my %this_diff; - if ($base =~ /^0{40}$/) { - # Don't load the diff at all; we are making the - # branch and have no base to compare to in this - # case. A file level ACL makes no sense in this - # context. Having an empty diff will allow the - # branch creation. - # - } else { - open(T,'-|','git','diff-tree', - '-r','--name-status','-z', - $base,$new) or return undef; - while (<T>) { - my $op = $_; - chop $op; - - my $path = <T>; - chop $path; - - $this_diff{$path} = $op; - } - close T or return undef; - } - $d = \%this_diff; - $diff_cache{$base} = $d; - } - return $d; -} - -deny "No GIT_DIR inherited from caller" unless $git_dir; -deny "Need a ref name" unless $ref; -deny "Refusing funny ref $ref" unless $ref =~ s,^refs/,,; -deny "Bad old value $old" unless $old =~ /^[a-z0-9]{40}$/; -deny "Bad new value $new" unless $new =~ /^[a-z0-9]{40}$/; -deny "Cannot determine who you are." unless $this_user; -grant "No change requested." if $old eq $new; - -$repository_name = File::Spec->rel2abs($git_dir); -$repository_name =~ m,/([^/]+)(?:\.git|/\.git)$,; -$repository_name = $1; -info "Updating in '$repository_name'."; - -my $op; -if ($old =~ /^0{40}$/) { $op = 'C'; } -elsif ($new =~ /^0{40}$/) { $op = 'D'; } -else { $op = 'R'; } - -# This is really an update (fast-forward) if the -# merge base of $old and $new is $old. -# -$op = 'U' if ($op eq 'R' - && $ref =~ m,^heads/, - && $old eq git_value('merge-base',$old,$new)); - -# Load the user's ACL file. Expand groups (user.memberof) one level. -{ - my %data = ('user.committer' => []); - parse_config(\%data,$acl_git,$acl_branch,"external/$repository_name.acl"); - - %data = ( - 'user.committer' => $data{'user.committer'}, - 'user.memberof' => [], - ); - parse_config(\%data,$acl_git,$acl_branch,"users/$this_user.acl"); - - %user_committer = map {$_ => $_} @{$data{'user.committer'}}; - my $rule_key = "repository.$repository_name.allow"; - my $rules = $data{$rule_key} || []; - - foreach my $group (@{$data{'user.memberof'}}) { - my %g; - parse_config(\%g,$acl_git,$acl_branch,"groups/$group.acl"); - my $group_rules = $g{$rule_key}; - push @$rules, @$group_rules if $group_rules; - } - -RULE: - foreach (@$rules) { - while (/\${user\.([a-z][a-zA-Z0-9]+)}/) { - my $k = lc $1; - my $v = $data{"user.$k"}; - next RULE unless defined $v; - next RULE if @$v != 1; - next RULE unless defined $v->[0]; - s/\${user\.$k}/$v->[0]/g; - } - - if (/^([AMD ]+)\s+of\s+([^\s]+)\s+for\s+([^\s]+)\s+diff\s+([^\s]+)$/) { - my ($ops, $pth, $ref, $bst) = ($1, $2, $3, $4); - $ops =~ s/ //g; - $pth =~ s/\\\\/\\/g; - $ref =~ s/\\\\/\\/g; - push @path_rules, [$ops, $pth, $ref, $bst]; - } elsif (/^([AMD ]+)\s+of\s+([^\s]+)\s+for\s+([^\s]+)$/) { - my ($ops, $pth, $ref) = ($1, $2, $3); - $ops =~ s/ //g; - $pth =~ s/\\\\/\\/g; - $ref =~ s/\\\\/\\/g; - push @path_rules, [$ops, $pth, $ref, $old]; - } elsif (/^([CDRU ]+)\s+for\s+([^\s]+)$/) { - my $ops = $1; - my $ref = $2; - $ops =~ s/ //g; - $ref =~ s/\\\\/\\/g; - push @allow_rules, [$ops, $ref]; - } elsif (/^for\s+([^\s]+)$/) { - # Mentioned, but nothing granted? - } elsif (/^[^\s]+$/) { - s/\\\\/\\/g; - push @allow_rules, ['U', $_]; - } - } -} - -if ($op ne 'D') { - $new_type = git_value('cat-file','-t',$new); - - if ($ref =~ m,^heads/,) { - deny "$ref must be a commit." unless $new_type eq 'commit'; - } elsif ($ref =~ m,^tags/,) { - deny "$ref must be an annotated tag." unless $new_type eq 'tag'; - } - - check_committers (all_new_committers); - check_committers (all_new_taggers) if $new_type eq 'tag'; -} - -info "$this_user wants $op for $ref"; -foreach my $acl_entry (@allow_rules) { - my ($acl_ops, $acl_n) = @$acl_entry; - next unless $acl_ops =~ /^[CDRU]+$/; # Uhh.... shouldn't happen. - next unless $acl_n; - next unless $op =~ /^[$acl_ops]$/; - next unless match_string $acl_n, $ref; - - # Don't test path rules on branch deletes. - # - grant "Allowed by: $acl_ops for $acl_n" if $op eq 'D'; - - # Aggregate matching path rules; allow if there aren't - # any matching this ref. - # - my %pr; - foreach my $p_entry (@path_rules) { - my ($p_ops, $p_n, $p_ref, $p_bst) = @$p_entry; - next unless $p_ref; - push @{$pr{$p_bst}}, $p_entry if match_string $p_ref, $ref; - } - grant "Allowed by: $acl_ops for $acl_n" unless %pr; - - # Allow only if all changes against a single base are - # allowed by file path rules. - # - my @bad; - foreach my $p_bst (keys %pr) { - my $diff_ref = load_diff $p_bst; - deny "Cannot difference trees." unless ref $diff_ref; - - my %fd = %$diff_ref; - foreach my $p_entry (@{$pr{$p_bst}}) { - my ($p_ops, $p_n, $p_ref, $p_bst) = @$p_entry; - next unless $p_ops =~ /^[AMD]+$/; - next unless $p_n; - - foreach my $f_n (keys %fd) { - my $f_op = $fd{$f_n}; - next unless $f_op; - next unless $f_op =~ /^[$p_ops]$/; - delete $fd{$f_n} if match_string $p_n, $f_n; - } - last unless %fd; - } - - if (%fd) { - push @bad, [$p_bst, \%fd]; - } else { - # All changes relative to $p_bst were allowed. - # - grant "Allowed by: $acl_ops for $acl_n diff $p_bst"; - } - } - - foreach my $bad_ref (@bad) { - my ($p_bst, $fd) = @$bad_ref; - print STDERR "\n"; - print STDERR "Not allowed to make the following changes:\n"; - print STDERR "(base: $p_bst)\n"; - foreach my $f_n (sort keys %$fd) { - print STDERR " $fd->{$f_n} $f_n\n"; - } - } - deny "You are not permitted to $op $ref"; -} -close A; -deny "You are not permitted to $op $ref"; -- 1.9.2+fc1.27.gbce2056 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html