On Wed, Feb 07 2018, Leo Gaspard jotted: > Hello, > > tl;dr: Is there currently a way to have fetch hooks, and if not do you > think it could be a nice feature? > > I was in the process of implementing hooks for git that ensure the > repository is always cleanly signed by someone allowed to by the > repository itself. I think I've completed the signature-checking part > [1] and the push hook [2] (even though it isn't really configurable at > the moment). > > However, I was starting to think about handling the fetch step, and > couldn't find any fetch hook. Is there one? > > If not, would you think it is would be a good idea to add one, that > would eg. be passed the commit-before, commit-after and could block the > changing of the reference if it failed? > > The only other solution I could think of is using a separate script for > fetching, but that would be fragile, as the user could always not think > about it well and run a git fetch, breaking the objective that after the > first clone all commits were correctly signature-checked. > > Thanks for reading me! > Leo > > PS1: I am not subscribed to the ML. > > PS2: I've tried asking freenode#git, without success so far. > > > [1] > https://github.com/Ekleog/signed-git/blob/master/git-hooks/check-range-signed.sh > > [2] https://github.com/Ekleog/signed-git/blob/master/git-hooks/pre-push There is no fetch hook, however you may find that the post-{checkout,merge} hooks are suitable for what you want to do. Setting those to some custom comand is a common pattern for e.g. compiling some assets on "git pull", so you could similarly check the commits from HEAD, of course those are post-* hooks, so they won't stop the checkout.
