From a0f3060f234418993aaeee0962cfdbd25f37b940 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Thu, 11 Jun 2015 17:48:48 +0200 Subject: git-update: Deny non-fast-forwards To make sure we never lose any history, non-fast-forwards are forbidden. Instead of relying on receive.denyNonFastForwards, add a simple check to the update hook. This has the added benefit of more flexibility. Signed-off-by: Lukas Fleischer --- git-interface/git-update.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'git-interface') diff --git a/git-interface/git-update.py b/git-interface/git-update.py index 7898f39..3f6cfc1 100755 --- a/git-interface/git-update.py +++ b/git-interface/git-update.py @@ -178,6 +178,15 @@ if refname != "refs/heads/master": die("pushing to a branch other than master is restricted") repo = pygit2.Repository(repo_path) + +# Detect and deny non-fast-forwards. +if sha1_old != "0000000000000000000000000000000000000000": + walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL) + walker.hide(sha1_new) + if next(walker, None) != None: + die("denying non-fast-forward (you should pull first)") + +# Prepare the walker that validates new commits. walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL) if sha1_old != "0000000000000000000000000000000000000000": walker.hide(sha1_old) -- cgit v1.2.3-70-g09d2