From a0f3060f234418993aaeee0962cfdbd25f37b940 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <lfleischer@archlinux.org>
Date: Thu, 11 Jun 2015 17:48:48 +0200
Subject: git-update: Deny non-fast-forwards

To make sure we never lose any history, non-fast-forwards are forbidden.
Instead of relying on receive.denyNonFastForwards, add a simple check to
the update hook. This has the added benefit of more flexibility.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 git-interface/git-update.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'git-interface')

diff --git a/git-interface/git-update.py b/git-interface/git-update.py
index 7898f39..3f6cfc1 100755
--- a/git-interface/git-update.py
+++ b/git-interface/git-update.py
@@ -178,6 +178,15 @@ if refname != "refs/heads/master":
     die("pushing to a branch other than master is restricted")
 
 repo = pygit2.Repository(repo_path)
+
+# Detect and deny non-fast-forwards.
+if sha1_old != "0000000000000000000000000000000000000000":
+    walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL)
+    walker.hide(sha1_new)
+    if next(walker, None) != None:
+        die("denying non-fast-forward (you should pull first)")
+
+# Prepare the walker that validates new commits.
 walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL)
 if sha1_old != "0000000000000000000000000000000000000000":
     walker.hide(sha1_old)
-- 
cgit v1.2.3-54-g00ecf