From: Chen Bojun <bojun.cbj@xxxxxxxxxxxxxxx>
When pushing to "receive-pack", commands may have already been marked
with error_string or skip_update before being fed to the "pre-receive"
hook. E.g.:
* inconsistent push-options for signed push.
* not permited shallow updates.
* encounter connectivity issues.
* push to hidden references.
Take pushing to hidden references as an example.
In order to reduce the size of reference advertisement for git-push from
a client which does not support protocol v2 and push negotiation, the
administrator may set certain config variables to hide some references
like:
$ git config --system --add receive.hideRefs refs/merge-requests
Then, if a user made a push like this:
$ git push origin HEAD:refs/merge-requests/123/head
"receive-pack" would reject the request with an error message like this:
! [remote rejected] HEAD -> refs/merge-requests/123/head
(deny updating a hidden ref)
The remote side ("git-receive-pack") will not create the hidden ref as
expected, but the pack file sent by "git-send-pack" is left inside the
remote repository. I.e. the quarantine directory is not purged as it
should be.
Add a checkpoint before calling "tmp_objdir_migrate()" and after calling
the "pre-receive" hook to purge that temporary data in the quarantine
area when there is no command ready to run.
The reason we do not add the checkpoint before the "pre-receive" hook,
but after it, is that the "pre-receive" hook is called with a switch-off
"skip_broken" flag, and all commands, even broken ones, should be fed
by calling "feed_receive_hook()".
Add a new test case in t5516 as well.
Helped-by: Jiang Xin <zhiyou.jx@xxxxxxxxxxxxxxx>
Helped-by: Teng Long <dyroneteng@xxxxxxxxx>
Signed-off-by: Chen Bojun <bojun.cbj@xxxxxxxxxxxxxxx>
---
builtin/receive-pack.c | 9 +++++++++
t/t5516-fetch-push.sh | 8 ++++++++
2 files changed, 17 insertions(+)
diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
index 9f4a0b816c..a0b193ab3f 100644
--- a/builtin/receive-pack.c
+++ b/builtin/receive-pack.c
@@ -1971,6 +1971,15 @@ static void execute_commands(struct command *commands,
return;
}
+ /*
+ * If there is no command ready to run, should return directly to destroy
+ * temporary data in the quarantine area.
+ */
+ for (cmd = commands; cmd && cmd->error_string; cmd = cmd->next)
+ ; /* nothing */
+ if (!cmd)
+ return;
+
/*
* Now we'll start writing out refs, which means the objects need
* to be in their final positions so that other processes can see them.
diff --git a/t/t5516-fetch-push.sh b/t/t5516-fetch-push.sh
index 2f04cf9a1c..da70c45857 100755
--- a/t/t5516-fetch-push.sh
+++ b/t/t5516-fetch-push.sh
@@ -1809,4 +1809,12 @@ test_expect_success 'refuse fetch to current branch of bare repository worktree'
git -C bare.git fetch -u .. HEAD:wt
'
+test_expect_success 'refuse to push a hidden ref, and make sure do not pollute the repository' '
+ mk_empty testrepo &&
+ git -C testrepo config receive.hiderefs refs/hidden &&
+ git -C testrepo config receive.unpackLimit 1 &&
+ test_must_fail git push testrepo HEAD:refs/hidden/foo &&
+ test_dir_is_empty testrepo/.git/objects/pack
+'
+
test_done
--
2.32.0 (Apple Git-132)
