[PATCH 0/2] Revert defense-in-depth patches breaking Git LFS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


The recent defense-in-depth patches to restrict hooks while cloning
broke Git LFS because it installs necessary hooks when it is invoked by
Git's smudge filter.  This means that currently, anyone with Git LFS
installed who attempts to clone a repository with at least one LFS file
will see a message like the following (fictitious example):

$ git clone https://github.com/octocat/xyzzy.git
Cloning into 'pull-bug'...
remote: Enumerating objects: 1275, done.
remote: Counting objects: 100% (343/343), done.
remote: Compressing objects: 100% (136/136), done.
remote: Total 1275 (delta 221), reused 327 (delta 206), pack-reused 932
Receiving objects: 100% (1275/1275), 290.78 KiB | 2.88 MiB/s, done.
Resolving deltas: 100% (226/226), done.
Filtering content: 100% (504/504), 1.86 KiB | 0 bytes/s, done.
fatal: active `post-checkout` hook found during `git clone`:
For security reasons, this is disallowed by default.
If this is intentional and the hook should actually be run, please
run the command again with `GIT_CLONE_PROTECTION_ACTIVE=false`
warning: Clone succeeded, but checkout failed.
You can inspect what was checked out with 'git status'
and retry with 'git restore --source=HEAD :/'

This causes most CI systems to be broken in such a case, as well as a
confusing message for the user.

It's not really possible to avoid the need to install the hooks at this
location because the post-checkout hook must be ready during the
checkout that's part of the clone in order to properly adjust
permissions on files.  Thus, we'll need to revert the changes to
restrict hooks while cloning, which this series does.

brian m. carlson (2):
  Revert "clone: prevent hooks from running during a clone"
  Revert "core.hooksPath: add some protection while cloning"

 builtin/clone.c  |  5 -----
 config.c         | 13 +-----------
 hook.c           | 32 ------------------------------
 t/t1800-hook.sh  | 15 --------------
 t/t5601-clone.sh | 51 ------------------------------------------------
 5 files changed, 1 insertion(+), 115 deletions(-)

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux