diff options
author | Jeff King <peff@peff.net> | 2017-04-10 18:14:12 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2017-04-16 18:19:18 -0700 |
commit | d8f4481c4f03132174b514f428cd67d2cc0dc997 (patch) | |
tree | 70b6f8f9291109936af14988d23ebed5ced643bd /t/t5547-push-quarantine.sh | |
parent | eaeed077a69ad1e26b0c329ac0f6cbd397f5be9e (diff) | |
download | git-d8f4481c4f03132174b514f428cd67d2cc0dc997.tar.gz |
refs: reject ref updates while GIT_QUARANTINE_PATH is setjk/quarantine-received-objects
As documented in git-receive-pack(1), updating a ref from
within the pre-receive hook is dangerous and can corrupt
your repo. This patch forbids ref updates entirely during
the hook to make it harder for adventurous hook writers to
shoot themselves in the foot.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t5547-push-quarantine.sh')
-rwxr-xr-x | t/t5547-push-quarantine.sh | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/t/t5547-push-quarantine.sh b/t/t5547-push-quarantine.sh index 1e5d32d068..462bfc9cba 100755 --- a/t/t5547-push-quarantine.sh +++ b/t/t5547-push-quarantine.sh @@ -33,4 +33,15 @@ test_expect_success 'rejected objects are removed' ' test_cmp expect actual ' +test_expect_success 'updating a ref from quarantine is forbidden' ' + git init --bare update.git && + write_script update.git/hooks/pre-receive <<-\EOF && + read old new refname + git update-ref refs/heads/unrelated $new + exit 1 + EOF + test_must_fail git push update.git HEAD && + git -C update.git fsck +' + test_done |