From aed97c677cdfd1b9bbc9b33b5418ad4a29109082 Mon Sep 17 00:00:00 2001 From: Pierre Habouzit Date: Thu, 16 Apr 2009 22:00:44 +0200 Subject: hook/update: example of how to prevent branch creation Since git doesn't provide a receive.denyBranchCreation or similar, here is an example of how to be sure users cannot create branches remotely by pushing a new reference. This setup has been proven useful to prevent creation of spurious branches because of users having their remote.origin.push set to HEAD, when they use `git push` while being on a local topic branch of theirs instead of the proper one. Signed-off-by: Pierre Habouzit Signed-off-by: Junio C Hamano --- templates/hooks--update.sample | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'templates') diff --git a/templates/hooks--update.sample b/templates/hooks--update.sample index a3f68ae3b4..f8bf490cff 100755 --- a/templates/hooks--update.sample +++ b/templates/hooks--update.sample @@ -16,6 +16,9 @@ # hooks.allowdeletebranch # This boolean sets whether deleting branches will be allowed in the # repository. By default they won't be. +# hooks.denycreatebranch +# This boolean sets whether remotely creating branches will be denied +# in the repository. By default this is allowed. # # --- Command line @@ -39,6 +42,7 @@ fi # --- Config allowunannotated=$(git config --bool hooks.allowunannotated) allowdeletebranch=$(git config --bool hooks.allowdeletebranch) +denycreatebranch=$(git config --bool hooks.denycreatebranch) allowdeletetag=$(git config --bool hooks.allowdeletetag) # check for no description @@ -52,7 +56,8 @@ esac # --- Check types # if $newrev is 0000...0000, it's a commit to delete a ref. -if [ "$newrev" = "0000000000000000000000000000000000000000" ]; then +zero="0000000000000000000000000000000000000000" +if [ "$newrev" = "$zero" ]; then newrev_type=delete else newrev_type=$(git-cat-file -t $newrev) @@ -80,6 +85,10 @@ case "$refname","$newrev_type" in ;; refs/heads/*,commit) # branch + if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then + echo "*** Creating a branch is not allowed in this repository" >&2 + exit 1 + fi ;; refs/heads/*,delete) # delete branch -- cgit v1.2.3