Re: HowTo distribute a hook with the reposity.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Dec 27, 2016 at 09:32:22PM -0800, Jacob Keller wrote:

> On Tue, Dec 27, 2016 at 5:34 PM, John P. Hartmann <jphartmann@xxxxxxxxx> wrote:
> > I would like a hook in .got/hooks to be made available to all who clone or
> > pull a particular project.  I'd also like the hook to be under git control
> > (changes committed &c).  I added a hook, but git status does not show it.
> > Presumably git excludes its files in .git/ from version control lest there
> > be a chiken-and-egg situation.
> >
> > Is there a way to achieve this?  Or a better way to do it?
> >
> > Thanks,  j.
> 
> Best way I found, was add a script with an "installme" shell script or
> similar that you tell all users of the repository that they are
> expected to run this to install the scripts. You can' make it happen
> automatically.

I agree that is the best way to do it.

I didn't dig up previous discussions, but the gist is usually:

  1. Cloning a repository should not run arbitrary code from the remote
     without the user on the cloning side taking some further affirmative
     action.

     This is for security reasons. Obviously the next step is quite often
     to run "make" which does run arbitrary code, but that counts as an
     action.

  2. We could write a feature in git that manages hooks (or config, etc).
     But ultimately you would still be running "git clone
     --trust-remote-hooks" or something to satisfy point (1).

  3. There's not much point in doing point (2), because you can just
     spell it as "git clone && cd clone && ./install-hooks" and then git
     does not have to care at all about your scripts.

  4. A hook (or config) management system could do fancy things like
     merging your custom local config, picking up changes from the
     remote, etc. But all of that can happen outside of Git totally (and
     quite often you want to manage things in contributors setups
     _besides_ Git data anyway).

     An example system is:

       https://github.com/Autodesk/enterprise-config-for-git

     (with the disclaimer that I've never used it myself, so I have no
     idea how good it is).

I think you probably know all that, Jake, but I am laying it out for the
benefit of the OP and the list. :)

-Peff
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]