Pass some git environment variables to the test-receive hook

Since git 2.11, git has stored the proposed push in a "quarantine
area" until it is accepted by the pre-receive hook, and passed
extra environment variables to the pre-receive hook so that it can
read objects from the quarantine area.

This fixes untrusted push on modern git versions.

Signed-off-by: Simon McVittie <smcv@debian.org>

diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
index d8a387ec1b3012b662b1dc285e7b4b465d5372d6..739ee317326c82c89d926430dfac315006d73a8a 100644 (file)
--- a/IkiWiki/Wrapper.pm
+++ b/IkiWiki/Wrapper.pm
@@ -52,6 +52,8 @@ sub gen_wrapper () {
                       HTTP_COOKIE REMOTE_USER HTTPS REDIRECT_STATUS
                       HTTP_HOST SERVER_PORT HTTPS HTTP_ACCEPT
                       REDIRECT_URL} if $config{cgi};
+       push @envsave, qw{GIT_OBJECT_DIRECTORY GIT_QUARANTINE_PATH
+                      GIT_ALTERNATE_OBJECT_DIRECTORIES} if $config{test_receive};
        my $envsave="";
        foreach my $var (@envsave) {
                $envsave.=<<"EOF";