From 60718ca35492a467c2bd4b29a6efcc76f0213fd9 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Sat, 17 Jul 2010 22:02:43 -0700 Subject: [PATCH] Add noroot hook script for Git repositories. Signed-off-by: Edward Z. Yang --- git-hooks/repo-noroot-update | 81 ++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100755 git-hooks/repo-noroot-update diff --git a/git-hooks/repo-noroot-update b/git-hooks/repo-noroot-update new file mode 100755 index 0000000..66b2efe --- /dev/null +++ b/git-hooks/repo-noroot-update @@ -0,0 +1,81 @@ +#!/bin/sh +# +# A hook script that blocks committer and author names that are +# root (or a configured blacklisted name). +# XXX: should allow only applying this to certain branches. +# +# Called by "git receive-pack" with arguments: refname sha1-old sha1-new +# +# Config +# ------ +# hooks.noroot.branches +# List of branches for which commits by root should be disallowed. +# hooks.noroot.match +# XXX: figure out format +# + +set -e + +# --- Command line +refname="$1" +oldrev="$2" +newrev="$3" + +# --- Safety check +if [ -z "$GIT_DIR" ]; then + echo "Don't run this script from the command line." >&2 + echo " (if you want, you could supply GIT_DIR then run" >&2 + echo " $0 )" >&2 + exit 1 +fi + +if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then + echo "Usage: $0 " >&2 + exit 1 +fi + +# --- Config +branches=$(git config --get hooks.noroot.branches || echo "") +# XXX: hooks.noroot.match + +# --- Check types +# if $newrev is 0000...0000, it's a commit to delete a ref. +zero="0000000000000000000000000000000000000000" +if [ "$newrev" = "$zero" ]; then + newrev_type=delete +else + newrev_type=$(git cat-file -t $newrev) +fi + +case "$refname","$newrev_type" in + refs/heads/*,commit) + git log --pretty="format:%h \"%an\" \"%cn\"%n" "$oldrev".."$newrev" | \ + while read hash an cn; do + if [ "$an" = "\"root\"" -o "$cn" = "\"root\"" ]; then + echo "*** Committing as root not allowed in this repository," >&2 + echo "*** Please fix your GIT_AUTHOR_NAME, GIT_AUTHOR_EMAIL," + echo "*** GIT_COMMITTER_NAME and GIT_COMMITTER_EMAIL." + echo "*** Offending commit was $hash." + exit 1 + fi + done + ;; + refs/remotes/*,commit) + # tracking branch + ;; + refs/tags/*,*) + # we could track tags, but we've decided they're not + # interesting + ;; + *,delete) + # not interesting + ;; + *) + # Anything else (is there anything else?) + echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2 + exit 1 + ;; +esac + +# --- Finished +exit 0 -- 2.45.0