[PATCH] Add support in sample hook script for denying annotated tags.

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] Add support in sample hook script for denying annotated tags.
@ 2010-10-31 19:57 Boyd Stephen Smith Jr.
  2010-10-31 20:24 ` Jonathan Nieder
  0 siblings, 1 reply; 3+ messages in thread
From: Boyd Stephen Smith Jr. @ 2010-10-31 19:57 UTC (permalink / raw)
  To: git

[-- Attachment #1: Type: Text/Plain, Size: 2278 bytes --]

Signed-off-by: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
---
 templates/hooks--update.sample |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

In one project I'm in we are using a centralized Git repository that many 
developers have access to.  As such, we want to prevent tags from being 
created by push operations and have them created by the administrators.

This is a modification to the sample update hook to allow this to simply be 
a configuration option.

receive.denyCreate actually seems to be what my project wants, but I can see 
more fine-grained support being nice-to-have.  For example, we might want 
to allow developers to create branches in a developer-specific namespace 
but still disallow pushing annotated tags.

diff --git a/templates/hooks--update.sample b/templates/hooks--update.sample
index fd63b2d..c783973 100755
--- a/templates/hooks--update.sample
+++ b/templates/hooks--update.sample
@@ -7,6 +7,9 @@
 #
 # Config
 # ------
+# hooks.allowannotated
+#   This boolean sets whether annotated tags will be allowed into the
+#   repository.  By default they won't be.
 # hooks.allowunannotated
 #   This boolean sets whether unannotated tags will be allowed into the
 #   repository.  By default they won't be.
@@ -43,6 +46,7 @@ if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
 fi
 
 # --- Config
+allowannotated=$(git config --bool hooks.allowannotated)
 allowunannotated=$(git config --bool hooks.allowunannotated)
 allowdeletebranch=$(git config --bool hooks.allowdeletebranch)
 denycreatebranch=$(git config --bool hooks.denycreatebranch)
@@ -86,6 +90,11 @@ case "$refname","$newrev_type" in
 		;;
 	refs/tags/*,tag)
 		# annotated tag
+		if [ "$oldrev" = "$zero" -a "$allowannotated" != "true" ]; then
+			echo "*** Creating a tag is not allowed in this repository" >&2
+			exit 1
+		fi
+
 		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
 		then
 			echo "*** Tag '$refname' already exists." >&2
-- 
1.7.1
-- 
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss@iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] Add support in sample hook script for denying annotated tags.
  2010-10-31 19:57 [PATCH] Add support in sample hook script for denying annotated tags Boyd Stephen Smith Jr.
@ 2010-10-31 20:24 ` Jonathan Nieder
  2010-11-01  7:29   ` Boyd Stephen Smith Jr.
  0 siblings, 1 reply; 3+ messages in thread
From: Jonathan Nieder @ 2010-10-31 20:24 UTC (permalink / raw)
  To: Boyd Stephen Smith Jr.; +Cc: git

Hi,

Boyd Stephen Smith Jr. wrote:

> Signed-off-by: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
> ---
>  templates/hooks--update.sample |    9 +++++++++
>  1 files changed, 9 insertions(+), 0 deletions(-)
> 
> In one project I'm in we are using a centralized Git repository that many 
> developers have access to.  As such, we want to prevent tags from being 
> created by push operations and have them created by the administrators.
> 
> This is a modification to the sample update hook to allow this to simply be 
> a configuration option.

This kind of justification belongs above the "---", I think.

No opinion on the functionality itself.  Just:

> --- a/templates/hooks--update.sample
> +++ b/templates/hooks--update.sample
> @@ -7,6 +7,9 @@
>  #
>  # Config
>  # ------
> +# hooks.allowannotated
> +#   This boolean sets whether annotated tags will be allowed into the
> +#   repository.  By default they won't be.

hooks.denyannotated (defaulting to false) would be more consistent
with hooks.denycreatebranch, no?

Or maybe hooks.denycreatetag --- a situation in which unannotated
tags should be allowed but annotated denied seems hard to imagine.

Hope that helps,
Jonathan

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] Add support in sample hook script for denying annotated tags.
  2010-10-31 20:24 ` Jonathan Nieder
@ 2010-11-01  7:29   ` Boyd Stephen Smith Jr.
  0 siblings, 0 replies; 3+ messages in thread
From: Boyd Stephen Smith Jr. @ 2010-11-01  7:29 UTC (permalink / raw)
  To: git; +Cc: Jonathan Nieder

[-- Attachment #1: Type: Text/Plain, Size: 2408 bytes --]

In <20101031202433.GB21240@burratino>, Jonathan Nieder wrote:
>Boyd Stephen Smith Jr. wrote:
>> Signed-off-by: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
>> ---
>> 
>>  templates/hooks--update.sample |    9 +++++++++
>>  1 files changed, 9 insertions(+), 0 deletions(-)
>> 
>> In one project I'm in we are using a centralized Git repository that many
>> developers have access to.  As such, we want to prevent tags from being
>> created by push operations and have them created by the administrators.
>> 
>> This is a modification to the sample update hook to allow this to simply
>> be a configuration option.
>
>This kind of justification belongs above the "---", I think.

Eh, poop.  I wasn't sure were it went since it's been so long since I sent a 
patch in.  I thought only the "commit message" went above the "---" and my 
explanation seemed a bit over-long for a commit message.

I'll STFW next time and get it correct; I'd like to make it easy to use git am 
or git apply on the mail so that it is easier to review.

>No opinion on the functionality itself.  Just:
>> --- a/templates/hooks--update.sample
>> +++ b/templates/hooks--update.sample
>> @@ -7,6 +7,9 @@
>> 
>>  #
>>  # Config
>>  # ------
>> 
>> +# hooks.allowannotated
>> +#   This boolean sets whether annotated tags will be allowed into the
>> +#   repository.  By default they won't be.
>
>hooks.denyannotated (defaulting to false) would be more consistent
>with hooks.denycreatebranch, no?

Most of the flags were allow* and that seems to be a better way to approach 
access restrictions like this.  denycreatebranch is the odd one out, and I was 
considering a patch that would change it to an allow* as well.

Still, I'm happy to change the new flag to a deny* if there's consensus that 
it is better implemented that way.

>Or maybe hooks.denycreatetag --- 

That's probably better if you think of this as being analogous to 
denycreatebranch.  When I wrote the patch I was thinking of this flag as being 
analogous to allowunannotated.

>a situation in which unannotated
>tags should be allowed but annotated denied seems hard to imagine.

Agreed.
-- 
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss@iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-11-01  7:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-31 19:57 [PATCH] Add support in sample hook script for denying annotated tags Boyd Stephen Smith Jr.
2010-10-31 20:24 ` Jonathan Nieder
2010-11-01  7:29   ` Boyd Stephen Smith Jr.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).