my $sha1_pattern = qr/[0-9a-fA-F]{40}/; # pattern to validate Git sha1sums
my $dummy_commit_msg = 'dummy commit'; # message to skip in recent changes
+my $no_chdir=0;
sub import { #{{{
hook(type => "checkconfig", id => "git", call => \&checkconfig);
hook(type => "rcs", id => "rcs_recentchanges", call => \&rcs_recentchanges);
hook(type => "rcs", id => "rcs_diff", call => \&rcs_diff);
hook(type => "rcs", id => "rcs_getctime", call => \&rcs_getctime);
- hook(type => "rcs", id => "rcs_test_receive", call => \&rcs_test_receive);
+ hook(type => "rcs", id => "rcs_receive", call => \&rcs_receive);
} #}}}
sub checkconfig () { #{{{
push @{$config{wrappers}}, {
test_receive => 1,
wrapper => $config{git_test_receive_wrapper},
- wrappermode => "0755",
+ wrappermode => (defined $config{git_wrappermode} ? $config{git_wrappermode} : "06755"),
};
}
} #}}}
safe => 0, # file
rebuild => 0,
},
- git_untrusted_committers => {
+ untrusted_committers => {
type => "string",
example => [],
description => "unix users whose commits should be checked by the pre-receive hook",
diffurl => {
type => "string",
example => "http://git.example.com/gitweb.cgi?p=wiki.git;a=blobdiff;h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_parent]];f=[[file]]",
- description => "gitweb url to show a diff ([[sha1_to]], [[sha1_from]], [[sha1_parent]], and [[file]] substituted)",
+ description => "gitweb url to show a diff ([[sha1_to]], [[sha1_from]], [[sha1_parent]], [[sha1_commit]] and [[file]] substituted)",
safe => 1,
rebuild => 1,
},
if (!$pid) {
# In child.
# Git commands want to be in wc.
- chdir $config{srcdir}
- or error("Cannot chdir to $config{srcdir}: $!");
+ if (! $no_chdir) {
+ chdir $config{srcdir}
+ or error("Cannot chdir to $config{srcdir}: $!");
+ }
exec @cmdline or error("Cannot exec '@cmdline': $!");
}
# In parent.
# starting from the given sha1sum.
my ($sha1, $num) = @_;
- my @raw_lines = run_or_die('git', 'log',
- (defined $num ? "--max-count=$num" : ""),
+ my @opts;
+ push @opts, "--max-count=$num" if defined $num;
+
+ my @raw_lines = run_or_die('git', 'log', @opts,
'--pretty=raw', '--raw', '--abbrev=40', '--always', '-c',
'-r', $sha1, '--', '.');
my ($prefix) = run_or_die('git', 'rev-parse', '--show-prefix');
$diffurl =~ s/\[\[sha1_parent\]\]/$ci->{'parent'}/go;
$diffurl =~ s/\[\[sha1_from\]\]/$detail->{'sha1_from'}/go;
$diffurl =~ s/\[\[sha1_to\]\]/$detail->{'sha1_to'}/go;
+ $diffurl =~ s/\[\[sha1_commit\]\]/$sha1/go;
push @pages, {
page => pagename($file),
return $ctime;
} #}}}
-sub rcs_test_receive () { #{{{
- # quick success if the user is trusted
- my $committer=(getpwuid($<))[0];
- if (! defined $committer) {
- error("cannot determine username for $<");
- }
- exit 0 if ! ref $config{git_untrusted_committers} ||
- ! grep { $_ eq $committer } @{$config{git_untrusted_committers}};
-
+sub rcs_receive () { #{{{
# The wiki may not be the only thing in the git repo.
# Determine if it is in a subdirectory by examining the srcdir,
# and its parents, looking for the .git directory.
}
}
- my @errors;
+ my @rets;
while (<>) {
chomp;
my ($oldrev, $newrev, $refname) = split(' ', $_, 3);
-
+
# only allow changes to gitmaster_branch
if ($refname !~ /^refs\/heads\/\Q$config{gitmaster_branch}\E$/) {
- push @errors, sprintf(gettext("you are not allowed to change %s"), $refname);
+ error sprintf(gettext("you are not allowed to change %s"), $refname);
}
-
- foreach my $ci (git_commit_info($oldrev."..".$newrev)) {
+
+ # Avoid chdir when running git here, because the changes
+ # are in the master git repo, not the srcdir repo.
+ # The pre-recieve hook already puts us in the right place.
+ $no_chdir=1;
+ my @changes=git_commit_info($oldrev."..".$newrev);
+ $no_chdir=0;
+
+ foreach my $ci (@changes) {
foreach my $detail (@{ $ci->{'details'} }) {
my $file = $detail->{'file'};
- # check that all changed files are in the subdir
+ # check that all changed files are in the
+ # subdir
if (length $subdir &&
! ($file =~ s/^\Q$subdir\E//)) {
- push @errors, sprintf(gettext("you are not allowed to change %s"), $file);
- next;
+ error sprintf(gettext("you are not allowed to change %s"), $file);
}
- if ($detail->{'mode_from'} ne $detail->{'mode_to'}) {
- push @errors, gettext("you are not allowed to change file modes");
+ my ($action, $mode, $path);
+ if ($detail->{'status'} =~ /^[M]+\d*$/) {
+ $action="change";
+ $mode=$detail->{'mode_to'};
}
-
- if ($detail->{'status'} =~ /^D+\d*/) {
- # TODO check_canremove
+ elsif ($detail->{'status'} =~ /^[AM]+\d*$/) {
+ $action="add";
+ $mode=$detail->{'mode_to'};
}
- elsif ($detail->{'status'} !~ /^[MA]+\d*$/) {
- push @errors, "unknown status ".$detail->{'status'};
+ elsif ($detail->{'status'} =~ /^[DAM]+\d*/) {
+ $action="remove";
+ $mode=$detail->{'mode_from'};
}
else {
- # TODO check_canedit
- # TODO check_canattach
+ error "unknown status ".$detail->{'status'};
+ }
+
+ # test that the file mode is ok
+ if ($mode !~ /^100[64][64][64]$/) {
+ error sprintf(gettext("you cannot act on a file with mode %s"), $mode);
+ }
+ if ($action eq "change") {
+ if ($detail->{'mode_from'} ne $detail->{'mode_to'}) {
+ error gettext("you are not allowed to change file modes");
+ }
}
+
+ # extract attachment to temp file
+ if (($action eq 'add' || $action eq 'change') &&
+ ! pagetype($file)) {
+ eval q{use File::Temp};
+ die $@ if $@;
+ my $fh;
+ ($fh, $path)=File::Temp::tempfile("XXXXXXXXXX", UNLINK => 1);
+ if (system("git show ".$detail->{sha1_to}." > '$path'") != 0) {
+ error("failed writing temp file");
+ }
+ }
+
+ push @rets, {
+ file => $file,
+ action => $action,
+ path => $path,
+ };
}
}
}
- if (@errors) {
- # TODO clean up objects from failed push
-
- print STDERR "$_\n" foreach @errors;
- exit 1;
- }
- else {
- exit 0;
- }
+ return reverse @rets;
} #}}}
1