summaryrefslogtreecommitdiffstats
path: root/git-interface/git-update.py
diff options
context:
space:
mode:
authorLukas Fleischer <lfleischer@archlinux.org>2015-06-11 17:48:48 +0200
committerLukas Fleischer <lfleischer@archlinux.org>2015-06-11 17:56:26 +0200
commita0f3060f234418993aaeee0962cfdbd25f37b940 (patch)
tree9ec240c441cb1b108be5966282480d87179f832d /git-interface/git-update.py
parente254a3154463b5705367c925c4edb5a094506e45 (diff)
downloadaurweb-a0f3060f234418993aaeee0962cfdbd25f37b940.tar.xz
git-update: Deny non-fast-forwards
To make sure we never lose any history, non-fast-forwards are forbidden. Instead of relying on receive.denyNonFastForwards, add a simple check to the update hook. This has the added benefit of more flexibility. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Diffstat (limited to 'git-interface/git-update.py')
-rwxr-xr-xgit-interface/git-update.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/git-interface/git-update.py b/git-interface/git-update.py
index 7898f39..3f6cfc1 100755
--- a/git-interface/git-update.py
+++ b/git-interface/git-update.py
@@ -178,6 +178,15 @@ if refname != "refs/heads/master":
die("pushing to a branch other than master is restricted")
repo = pygit2.Repository(repo_path)
+
+# Detect and deny non-fast-forwards.
+if sha1_old != "0000000000000000000000000000000000000000":
+ walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL)
+ walker.hide(sha1_new)
+ if next(walker, None) != None:
+ die("denying non-fast-forward (you should pull first)")
+
+# Prepare the walker that validates new commits.
walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL)
if sha1_old != "0000000000000000000000000000000000000000":
walker.hide(sha1_old)