Shawn O. Pearce wrote:
If you read the documentation carefully you will note that the pre-receive hook receives input on stdin; 1 line of data per ref that is being pushed with the old/new SHA-1 values and the ref name. The hook exits 0 to allow all changes to take place and can exit > 0 to abort and disallow all updates.
Sure, but I cannot pass any sort of authentication to the script other than rely on environment variables or system calls, as git will not provide anything else.
To do proper authentication on a file or directory basis, I have to mix two things then:
A user/group base authentication/login based likely on unix permissions and ssh AND a pre-receive hook script that finds the user/group name and then checks whether the user can change that particular file/directory.
I hope the ref name is the (relative) path name to the file and not just the file's basename.
If so, I can see that most of what I want to do is possible. It is just pretty far from being elegant or easy to set up.
To distinguish a bad commit due to tabs for example from an actual permission trouble. I'm assuming that the stderr/stdout of git hooks is redirected back to the client?
Even with all of that, it seems it is still not possible to limit pulls to a certain directory only, right?
Anyway, I think I more or less have the answer I (sadly) expected. Git's authorization mechanism is pretty much a roll your own type thing. I'll check out the python authorization script that Linus mentioned to see if that alleviates setup troubles a bit.
-- Gonzalo Garramuño ggarra@xxxxxxxxxxxxxxxxx AMD4400 - ASUS48N-E GeForce7300GT Xubuntu Gutsy - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
