From b2dc968e60c94189805228f5d99786bd50189583 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Fri, 7 Nov 2008 17:20:33 -0500 Subject: t5516: refactor oddball tests t5516 sets up some utility functions for starting each test with a clean slate. However, there were a few tests added that do not use these functions, but instead make their own repositories. Let's bring these in line with the rest of the tests. Not only do we reduce the number of lines, but these tests will benefit from any further enhancements to the utility scripts. The conversion is pretty straightforward. Most of the tests created a parent/child clone relationship, for which we now use 'testrepo' as the parent. One test looked in testrepo, but relied on previous tests to have set it up; it now sets up testrepo explicitly, which makes it a bit more robust to changes in the script, as well. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/t5516-fetch-push.sh | 50 +++++++++++++++++++++----------------------------- 1 file changed, 21 insertions(+), 29 deletions(-) diff --git a/t/t5516-fetch-push.sh b/t/t5516-fetch-push.sh index 598664ce7f..3411107651 100755 --- a/t/t5516-fetch-push.sh +++ b/t/t5516-fetch-push.sh @@ -39,6 +39,11 @@ mk_test () { ) } +mk_child() { + rm -rf "$1" && + git clone testrepo "$1" +} + check_push_result () { ( cd testrepo && @@ -425,13 +430,10 @@ test_expect_success 'push with dry-run' ' test_expect_success 'push updates local refs' ' - rm -rf parent child && - mkdir parent && - (cd parent && git init && - echo one >foo && git add foo && git commit -m one) && - git clone parent child && + mk_test heads/master && + mk_child child && (cd child && - echo two >foo && git commit -a -m two && + git pull .. master && git push && test $(git rev-parse master) = $(git rev-parse remotes/origin/master)) @@ -439,15 +441,10 @@ test_expect_success 'push updates local refs' ' test_expect_success 'push updates up-to-date local refs' ' - rm -rf parent child && - mkdir parent && - (cd parent && git init && - echo one >foo && git add foo && git commit -m one) && - git clone parent child1 && - git clone parent child2 && - (cd child1 && - echo two >foo && git commit -a -m two && - git push) && + mk_test heads/master && + mk_child child1 && + mk_child child2 && + (cd child1 && git pull .. master && git push) && (cd child2 && git pull ../child1 master && git push && @@ -457,11 +454,8 @@ test_expect_success 'push updates up-to-date local refs' ' test_expect_success 'push preserves up-to-date packed refs' ' - rm -rf parent child && - mkdir parent && - (cd parent && git init && - echo one >foo && git add foo && git commit -m one) && - git clone parent child && + mk_test heads/master && + mk_child child && (cd child && git push && ! test -f .git/refs/remotes/origin/master) @@ -470,15 +464,13 @@ test_expect_success 'push preserves up-to-date packed refs' ' test_expect_success 'push does not update local refs on failure' ' - rm -rf parent child && - mkdir parent && - (cd parent && git init && - echo one >foo && git add foo && git commit -m one && - echo exit 1 >.git/hooks/pre-receive && - chmod +x .git/hooks/pre-receive) && - git clone parent child && + mk_test heads/master && + mk_child child && + mkdir testrepo/.git/hooks && + echo exit 1 >testrepo/.git/hooks/pre-receive && + chmod +x testrepo/.git/hooks/pre-receive && (cd child && - echo two >foo && git commit -a -m two && + git pull .. master test_must_fail git push && test $(git rev-parse master) != \ $(git rev-parse remotes/origin/master)) @@ -487,7 +479,7 @@ test_expect_success 'push does not update local refs on failure' ' test_expect_success 'allow deleting an invalid remote ref' ' - pwd && + mk_test heads/master && rm -f testrepo/.git/objects/??/* && git push testrepo :refs/heads/master && (cd testrepo && test_must_fail git rev-parse --verify refs/heads/master) -- cgit v1.2.1 From 986e82396ab23b9e5f4eab7183bbf76e7bc756d0 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Sat, 8 Nov 2008 20:49:27 -0500 Subject: receive-pack: detect push to current branch of non-bare repo Pushing into the currently checked out branch of a non-bare repository can be dangerous; the HEAD then loses sync with the index and working tree, and it looks in the receiving repo as if the pushed changes have been reverted in the index (since they were never there in the first place). This patch adds a safety valve that checks for this condition and either generates a warning or denies the update. We trigger the check only on a non-bare repository, since a bare repo does not have a working tree (and in fact, pushing to the HEAD branch is a common workflow for publishing repositories). The behavior is configurable via receive.denyCurrentBranch, defaulting to "warn" so as not to break existing setups (though it may, after a deprecation period, switch to "refuse" by default). For users who know what they are doing and want to silence the warning (e.g., because they have a post-receive hook that reconciles the HEAD and working tree), they can turn off the warning by setting it to false or "ignore". Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- Documentation/config.txt | 9 ++++++++ builtin-receive-pack.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++ t/t5516-fetch-push.sh | 37 ++++++++++++++++++++++++++++++ 3 files changed, 105 insertions(+) diff --git a/Documentation/config.txt b/Documentation/config.txt index 965ed746da..32dcd643d2 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1198,6 +1198,15 @@ receive.denyNonFastForwards:: even if that push is forced. This configuration variable is set when initializing a shared repository. +receive.denyCurrentBranch:: + If set to true or "refuse", receive-pack will deny a ref update + to the currently checked out branch of a non-bare repository. + Such a push is potentially dangerous because it brings the HEAD + out of sync with the index and working tree. If set to "warn", + print a warning of such a push to stderr, but allow the push to + proceed. If set to false or "ignore", allow such pushes with no + message. Defaults to "warn". + transfer.unpackLimit:: When `fetch.unpackLimit` or `receive.unpackLimit` are not set, the value of this variable is used instead. diff --git a/builtin-receive-pack.c b/builtin-receive-pack.c index 7f9f134806..db67c3162c 100644 --- a/builtin-receive-pack.c +++ b/builtin-receive-pack.c @@ -11,8 +11,15 @@ static const char receive_pack_usage[] = "git-receive-pack "; +enum deny_action { + DENY_IGNORE, + DENY_WARN, + DENY_REFUSE, +}; + static int deny_deletes = 0; static int deny_non_fast_forwards = 0; +static enum deny_action deny_current_branch = DENY_WARN; static int receive_fsck_objects; static int receive_unpack_limit = -1; static int transfer_unpack_limit = -1; @@ -22,6 +29,21 @@ static int report_status; static char capabilities[] = " report-status delete-refs "; static int capabilities_sent; +static enum deny_action parse_deny_action(const char *var, const char *value) +{ + if (value) { + if (!strcasecmp(value, "ignore")) + return DENY_IGNORE; + if (!strcasecmp(value, "warn")) + return DENY_WARN; + if (!strcasecmp(value, "refuse")) + return DENY_REFUSE; + } + if (git_config_bool(var, value)) + return DENY_REFUSE; + return DENY_IGNORE; +} + static int receive_pack_config(const char *var, const char *value, void *cb) { if (strcmp(var, "receive.denydeletes") == 0) { @@ -49,6 +71,11 @@ static int receive_pack_config(const char *var, const char *value, void *cb) return 0; } + if (!strcmp(var, "receive.denycurrentbranch")) { + deny_current_branch = parse_deny_action(var, value); + return 0; + } + return git_default_config(var, value, cb); } @@ -173,6 +200,20 @@ static int run_update_hook(struct command *cmd) return hook_status(run_command(&proc), update_hook); } +static int is_ref_checked_out(const char *ref) +{ + unsigned char sha1[20]; + const char *head; + + if (is_bare_repository()) + return 0; + + head = resolve_ref("HEAD", sha1, 0, NULL); + if (!head) + return 0; + return !strcmp(head, ref); +} + static const char *update(struct command *cmd) { const char *name = cmd->ref_name; @@ -186,6 +227,24 @@ static const char *update(struct command *cmd) return "funny refname"; } + switch (deny_current_branch) { + case DENY_IGNORE: + break; + case DENY_WARN: + if (!is_ref_checked_out(name)) + break; + warning("updating the currently checked out branch; this may" + " cause confusion,\n" + "as the index and working tree do not reflect changes" + " that are now in HEAD."); + break; + case DENY_REFUSE: + if (!is_ref_checked_out(name)) + break; + error("refusing to update checked out branch: %s", name); + return "branch is currently checked out"; + } + if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) { error("unpack should have generated %s, " "but I can't find it!", sha1_to_hex(new_sha1)); diff --git a/t/t5516-fetch-push.sh b/t/t5516-fetch-push.sh index 3411107651..a6532cb29e 100755 --- a/t/t5516-fetch-push.sh +++ b/t/t5516-fetch-push.sh @@ -486,4 +486,41 @@ test_expect_success 'allow deleting an invalid remote ref' ' ' +test_expect_success 'warn on push to HEAD of non-bare repository' ' + mk_test heads/master + (cd testrepo && + git checkout master && + git config receive.denyCurrentBranch warn) && + git push testrepo master 2>stderr && + grep "warning.*this may cause confusion" stderr +' + +test_expect_success 'deny push to HEAD of non-bare repository' ' + mk_test heads/master + (cd testrepo && + git checkout master && + git config receive.denyCurrentBranch true) && + test_must_fail git push testrepo master +' + +test_expect_success 'allow push to HEAD of bare repository (bare)' ' + mk_test heads/master + (cd testrepo && + git checkout master && + git config receive.denyCurrentBranch true && + git config core.bare true) && + git push testrepo master 2>stderr && + ! grep "warning.*this may cause confusion" stderr +' + +test_expect_success 'allow push to HEAD of non-bare repository (config)' ' + mk_test heads/master + (cd testrepo && + git checkout master && + git config receive.denyCurrentBranch false + ) && + git push testrepo master 2>stderr && + ! grep "warning.*this may cause confusion" stderr +' + test_done -- cgit v1.2.1