1 <?xml version=
"1.0" encoding=
"UTF-8"?>
2 <!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.1//EN"
3 "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
4 <html xmlns=
"http://www.w3.org/1999/xhtml" xml:
lang=
"en">
6 <meta http-equiv=
"Content-Type" content=
"application/xhtml+xml; charset=UTF-8" />
7 <meta name=
"generator" content=
"AsciiDoc 10.2.0" />
8 <title>How to use the update hook
</title>
9 <style type=
"text/css">
10 /* Shared CSS for AsciiDoc xhtml11 and html5 backends */
14 font-family: Georgia,serif;
18 h1, h2, h3, h4, h5, h6,
19 div.title, caption.title,
20 thead, p.table.header,
22 #author, #revnumber, #revdate, #revremark,
24 font-family: Arial,Helvetica,sans-serif;
28 margin:
1em
5%
1em
5%;
33 text-decoration: underline;
49 h1, h2, h3, h4, h5, h6 {
57 border-bottom:
2px solid silver;
77 border:
1px solid silver;
88 ul
> li { color: #aaa; }
89 ul
> li
> * { color: black; }
91 .monospaced, code, pre {
92 font-family:
"Courier New", Courier, monospace;
99 white-space: pre-wrap;
109 #revnumber, #revdate, #revremark {
114 border-top:
2px solid silver;
120 padding-bottom:
0.5em;
124 padding-bottom:
0.5em;
129 margin-bottom:
1.5em;
131 div.imageblock, div.exampleblock, div.verseblock,
132 div.quoteblock, div.literalblock, div.listingblock, div.sidebarblock,
133 div.admonitionblock {
135 margin-bottom:
1.5em;
137 div.admonitionblock {
139 margin-bottom:
2.0em;
144 div.content { /* Block element content. */
148 /* Block element titles. */
149 div.title, caption.title {
154 margin-bottom:
0.5em;
160 td div.title:first-child {
163 div.content div.title:first-child {
166 div.content + div.title {
170 div.sidebarblock
> div.content {
172 border:
1px solid #dddddd;
173 border-left:
4px solid #f0f0f0;
177 div.listingblock
> div.content {
178 border:
1px solid #dddddd;
179 border-left:
5px solid #f0f0f0;
184 div.quoteblock, div.verseblock {
188 border-left:
5px solid #f0f0f0;
192 div.quoteblock
> div.attribution {
197 div.verseblock
> pre.content {
198 font-family: inherit;
201 div.verseblock
> div.attribution {
205 /* DEPRECATED: Pre version
8.2.7 verse style literal block. */
206 div.verseblock + div.attribution {
210 div.admonitionblock .icon {
214 text-decoration: underline;
216 padding-right:
0.5em;
218 div.admonitionblock td.content {
220 border-left:
3px solid #dddddd;
223 div.exampleblock
> div.content {
224 border-left:
3px solid #dddddd;
228 div.imageblock div.content { padding-left:
0; }
229 span.image img { border-style: none; vertical-align: text-bottom; }
230 a.image:visited { color: white; }
234 margin-bottom:
0.8em;
247 list-style-position: outside;
250 list-style-type: decimal;
253 list-style-type: lower-alpha;
256 list-style-type: upper-alpha;
259 list-style-type: lower-roman;
262 list-style-type: upper-roman;
265 div.compact ul, div.compact ol,
266 div.compact p, div.compact p,
267 div.compact div, div.compact div {
269 margin-bottom:
0.1em;
281 margin-bottom:
0.8em;
284 padding-bottom:
15px;
286 dt.hdlist1.strong, td.hdlist1.strong {
292 padding-right:
0.8em;
298 div.hdlist.compact tr {
307 .footnote, .footnoteref {
311 span.footnote, span.footnoteref {
312 vertical-align: super;
316 margin:
20px
0 20px
0;
320 #footnotes div.footnote {
326 border-top:
1px solid silver;
335 padding-right:
0.5em;
336 padding-bottom:
0.3em;
344 #footer-badges { display: none; }
348 margin-bottom:
2.5em;
356 margin-bottom:
0.1em;
359 div.toclevel0, div.toclevel1, div.toclevel2, div.toclevel3, div.toclevel4 {
376 span.aqua { color: aqua; }
377 span.black { color: black; }
378 span.blue { color: blue; }
379 span.fuchsia { color: fuchsia; }
380 span.gray { color: gray; }
381 span.green { color: green; }
382 span.lime { color: lime; }
383 span.maroon { color: maroon; }
384 span.navy { color: navy; }
385 span.olive { color: olive; }
386 span.purple { color: purple; }
387 span.red { color: red; }
388 span.silver { color: silver; }
389 span.teal { color: teal; }
390 span.white { color: white; }
391 span.yellow { color: yellow; }
393 span.aqua-background { background: aqua; }
394 span.black-background { background: black; }
395 span.blue-background { background: blue; }
396 span.fuchsia-background { background: fuchsia; }
397 span.gray-background { background: gray; }
398 span.green-background { background: green; }
399 span.lime-background { background: lime; }
400 span.maroon-background { background: maroon; }
401 span.navy-background { background: navy; }
402 span.olive-background { background: olive; }
403 span.purple-background { background: purple; }
404 span.red-background { background: red; }
405 span.silver-background { background: silver; }
406 span.teal-background { background: teal; }
407 span.white-background { background: white; }
408 span.yellow-background { background: yellow; }
410 span.big { font-size:
2em; }
411 span.small { font-size:
0.6em; }
413 span.underline { text-decoration: underline; }
414 span.overline { text-decoration: overline; }
415 span.line-through { text-decoration: line-through; }
417 div.unbreakable { page-break-inside: avoid; }
427 margin-bottom:
1.5em;
429 div.tableblock
> table {
430 border:
3px solid #
527bbd;
432 thead, p.table.header {
439 /* Because the table frame attribute is overridden by CSS in most browsers. */
440 div.tableblock
> table[
frame=
"void"] {
443 div.tableblock
> table[
frame=
"hsides"] {
444 border-left-style: none;
445 border-right-style: none;
447 div.tableblock
> table[
frame=
"vsides"] {
448 border-top-style: none;
449 border-bottom-style: none;
460 margin-bottom:
1.5em;
462 thead, p.tableblock.header {
473 border-color: #
527bbd;
474 border-collapse: collapse;
476 th.tableblock, td.tableblock {
480 border-color: #
527bbd;
483 table.tableblock.frame-topbot {
484 border-left-style: hidden;
485 border-right-style: hidden;
487 table.tableblock.frame-sides {
488 border-top-style: hidden;
489 border-bottom-style: hidden;
491 table.tableblock.frame-none {
492 border-style: hidden;
495 th.tableblock.halign-left, td.tableblock.halign-left {
498 th.tableblock.halign-center, td.tableblock.halign-center {
501 th.tableblock.halign-right, td.tableblock.halign-right {
505 th.tableblock.valign-top, td.tableblock.valign-top {
508 th.tableblock.valign-middle, td.tableblock.valign-middle {
509 vertical-align: middle;
511 th.tableblock.valign-bottom, td.tableblock.valign-bottom {
512 vertical-align: bottom;
523 padding-bottom:
0.5em;
524 border-top:
2px solid silver;
525 border-bottom:
2px solid silver;
530 body.manpage div.sectionbody {
535 body.manpage div#toc { display: none; }
540 <script type=
"text/javascript">
542 var asciidoc = { // Namespace.
544 /////////////////////////////////////////////////////////////////////
545 // Table Of Contents generator
546 /////////////////////////////////////////////////////////////////////
548 /* Author: Mihai Bazon, September
2002
549 * http://students.infoiasi.ro/~mishoo
551 * Table Of Content generator
554 * Feel free to use this script under the terms of the GNU General Public
555 * License, as long as you do not remove or alter this notice.
558 /* modified by Troy D. Hanson, September
2006. License: GPL */
559 /* modified by Stuart Rackham,
2006,
2009. License: GPL */
562 toc: function (toclevels) {
564 function getText(el) {
566 for (var i = el.firstChild; i != null; i = i.nextSibling) {
567 if (i.nodeType ==
3 /* Node.TEXT_NODE */) // IE doesn't speak constants.
569 else if (i.firstChild != null)
575 function TocEntry(el, text, toclevel) {
578 this.toclevel = toclevel;
581 function tocEntries(el, toclevels) {
582 var result = new Array;
583 var re = new RegExp('[hH]([
1-'+(toclevels+
1)+'])');
584 // Function that scans the DOM tree for header elements (the DOM2
585 // nodeIterator API would be a better technique but not supported by all
587 var iterate = function (el) {
588 for (var i = el.firstChild; i != null; i = i.nextSibling) {
589 if (i.nodeType ==
1 /* Node.ELEMENT_NODE */) {
590 var mo = re.exec(i.tagName);
591 if (mo && (i.getAttribute(
"class") || i.getAttribute(
"className")) !=
"float") {
592 result[result.length] = new TocEntry(i, getText(i), mo[
1]-
1);
602 var toc = document.getElementById(
"toc");
607 // Delete existing TOC entries in case we're reloading the TOC.
608 var tocEntriesToRemove = [];
610 for (i =
0; i < toc.childNodes.length; i++) {
611 var entry = toc.childNodes[i];
612 if (entry.nodeName.toLowerCase() == 'div'
613 && entry.getAttribute(
"class")
614 && entry.getAttribute(
"class").match(/^toclevel/))
615 tocEntriesToRemove.push(entry);
617 for (i =
0; i < tocEntriesToRemove.length; i++) {
618 toc.removeChild(tocEntriesToRemove[i]);
621 // Rebuild TOC entries.
622 var entries = tocEntries(document.getElementById(
"content"), toclevels);
623 for (var i =
0; i < entries.length; ++i) {
624 var entry = entries[i];
625 if (entry.element.id ==
"")
626 entry.element.id =
"_toc_" + i;
627 var a = document.createElement(
"a");
628 a.href =
"#" + entry.element.id;
629 a.appendChild(document.createTextNode(entry.text));
630 var div = document.createElement(
"div");
632 div.className =
"toclevel" + entry.toclevel;
633 toc.appendChild(div);
635 if (entries.length ==
0)
636 toc.parentNode.removeChild(toc);
640 /////////////////////////////////////////////////////////////////////
641 // Footnotes generator
642 /////////////////////////////////////////////////////////////////////
644 /* Based on footnote generation code from:
645 * http://www.brandspankingnew.net/archive/
2005/
07/format_footnote.html
648 footnotes: function () {
649 // Delete existing footnote entries in case we're reloading the footnodes.
651 var noteholder = document.getElementById(
"footnotes");
655 var entriesToRemove = [];
656 for (i =
0; i < noteholder.childNodes.length; i++) {
657 var entry = noteholder.childNodes[i];
658 if (entry.nodeName.toLowerCase() == 'div' && entry.getAttribute(
"class") ==
"footnote")
659 entriesToRemove.push(entry);
661 for (i =
0; i < entriesToRemove.length; i++) {
662 noteholder.removeChild(entriesToRemove[i]);
665 // Rebuild footnote entries.
666 var cont = document.getElementById(
"content");
667 var spans = cont.getElementsByTagName(
"span");
670 for (i=
0; i
<spans.length; i++) {
671 if (spans[i].className ==
"footnote") {
673 var note = spans[i].getAttribute(
"data-note");
675 // Use [\s\S] in place of . so multi-line matches work.
676 // Because JavaScript has no s (dotall) regex flag.
677 note = spans[i].innerHTML.match(/\s*\[([\s\S]*)]\s*/)[
1];
679 "[<a id='_footnoteref_" + n +
"' href='#_footnote_" + n +
680 "' title='View footnote' class='footnote'>" + n +
"</a>]";
681 spans[i].setAttribute(
"data-note", note);
683 noteholder.innerHTML +=
684 "<div class='footnote' id='_footnote_" + n +
"'>" +
685 "<a href='#_footnoteref_" + n +
"' title='Return to text'>" +
686 n +
"</a>. " + note +
"</div>";
687 var id =spans[i].getAttribute(
"id");
688 if (id != null) refs[
"#"+id] = n;
692 noteholder.parentNode.removeChild(noteholder);
694 // Process footnoterefs.
695 for (i=
0; i
<spans.length; i++) {
696 if (spans[i].className ==
"footnoteref") {
697 var href = spans[i].getElementsByTagName(
"a")[
0].getAttribute(
"href");
698 href = href.match(/#.*/)[
0]; // Because IE return full URL.
701 "[<a href='#_footnote_" + n +
702 "' title='View footnote' class='footnote'>" + n +
"</a>]";
708 install: function(toclevels) {
711 function reinstall() {
712 asciidoc.footnotes();
714 asciidoc.toc(toclevels);
718 function reinstallAndRemoveTimer() {
719 clearInterval(timerId);
723 timerId = setInterval(reinstall,
500);
724 if (document.addEventListener)
725 document.addEventListener(
"DOMContentLoaded", reinstallAndRemoveTimer, false);
727 window.onload = reinstallAndRemoveTimer;
735 <body class=
"article">
737 <h1>How to use the update hook
</h1>
741 <div class=
"sectionbody">
742 <div class=
"paragraph"><p>When your developer runs git-push into the repository,
743 git-receive-pack is run (either locally or over ssh) as that
744 developer, so is hooks/update script. Quoting from the relevant
745 section of the documentation:
</p></div>
746 <div class=
"literalblock">
747 <div class=
"content">
748 <pre><code>Before each ref is updated, if $GIT_DIR/hooks/update file exists
749 and executable, it is called with three parameters:
</code></pre>
751 <div class=
"literalblock">
752 <div class=
"content">
753 <pre><code>$GIT_DIR/hooks/update refname sha1-old sha1-new
</code></pre>
755 <div class=
"literalblock">
756 <div class=
"content">
757 <pre><code>The refname parameter is relative to $GIT_DIR; e.g. for the
758 master head this is
"refs/heads/master". Two sha1 are the
759 object names for the refname before and after the update. Note
760 that the hook is called before the refname is updated, so either
761 sha1-old is
0{
40} (meaning there is no such ref yet), or it
762 should match what is recorded in refname.
</code></pre>
764 <div class=
"paragraph"><p>So if your policy is (
1) always require fast-forward push
765 (i.e. never allow
"git-push repo +branch:branch"), (
2) you
766 have a list of users allowed to update each branch, and (
3) you
767 do not let tags to be overwritten, then you can use something
768 like this as your hooks/update script.
</p></div>
769 <div class=
"paragraph"><p>[jc: editorial note. This is a much improved version by Carl
770 since I posted the original outline]
</p></div>
771 <div class=
"listingblock">
772 <div class=
"content">
773 <pre><code>#!/bin/bash
777 # If you are having trouble with this access control hook script
778 # you can try setting this to true. It will tell you exactly
779 # why a user is being allowed/denied access.
783 # Default shell globbing messes things up downstream
787 $verbose
&& echo
>&2 "-Grant- $1"
793 $verbose
&& echo
>&2 "-Deny- $1"
799 $verbose
&& echo
>&2 "-Info- $1"
802 # Implement generic branch and tag policies.
803 # - Tags should not be updated once created.
804 # - Branches should only be fast-forwarded unless their pattern starts with '+'
807 git rev-parse --verify -q
"$1" &&
808 deny
>/dev/null
"You can't overwrite an existing tag"
811 # No rebasing or rewinding
812 if expr
"$2" : '
0*$'
>/dev/null; then
813 info
"The branch '$1' is new..."
815 # updating -- make sure it is a fast-forward
816 mb=$(git merge-base
"$2" "$3")
818 "$2,$mb") info
"Update is fast-forward" ;;
819 *) noff=y; info
"This is not a fast-forward update.";;
825 "Branch is not under refs/heads or refs/tags. What are you trying to do?"
829 # Implement per-branch controls based on username
830 allowed_users_file=$GIT_DIR/info/allowed-users
832 info
"The user is: '$username'"
834 if test -f
"$allowed_users_file"
836 rc=$(cat $allowed_users_file | grep -v '^#' | grep -v '^$' |
837 while read heads user_patterns
839 # does this rule apply to us?
840 head_pattern=${heads#+}
841 matchlen=$(expr
"$1" :
"${head_pattern#+}")
842 test
"$matchlen" = ${#
1} || continue
844 # if non-ff, $heads must be with the '+' prefix
845 test -n
"$noff" &&
846 test
"$head_pattern" =
"$heads" && continue
848 info
"Found matching head pattern: '$head_pattern'"
849 for user_pattern in $user_patterns; do
850 info
"Checking user: '$username' against pattern: '$user_pattern'"
851 matchlen=$(expr
"$username" :
"$user_pattern")
852 if test
"$matchlen" =
"${#username}"
854 grant
"Allowing user: '$username' with pattern: '$user_pattern'"
857 deny
"The user is not in the access list for this branch"
861 grant) grant
>/dev/null
"Granting access based on $allowed_users_file" ;;
862 deny) deny
>/dev/null
"Denying access based on $allowed_users_file" ;;
867 allowed_groups_file=$GIT_DIR/info/allowed-groups
869 info
"The user belongs to the following groups:"
872 if test -f
"$allowed_groups_file"
874 rc=$(cat $allowed_groups_file | grep -v '^#' | grep -v '^$' |
875 while read heads group_patterns
877 # does this rule apply to us?
878 head_pattern=${heads#+}
879 matchlen=$(expr
"$1" :
"${head_pattern#+}")
880 test
"$matchlen" = ${#
1} || continue
882 # if non-ff, $heads must be with the '+' prefix
883 test -n
"$noff" &&
884 test
"$head_pattern" =
"$heads" && continue
886 info
"Found matching head pattern: '$head_pattern'"
887 for group_pattern in $group_patterns; do
888 for groupname in $groups; do
889 info
"Checking group: '$groupname' against pattern: '$group_pattern'"
890 matchlen=$(expr
"$groupname" :
"$group_pattern")
891 if test
"$matchlen" =
"${#groupname}"
893 grant
"Allowing group: '$groupname' with pattern: '$group_pattern'"
897 deny
"None of the user's groups are in the access list for this branch"
901 grant) grant
>/dev/null
"Granting access based on $allowed_groups_file" ;;
902 deny) deny
>/dev/null
"Denying access based on $allowed_groups_file" ;;
907 deny
>/dev/null
"There are no more rules to check. Denying access"</code></pre>
909 <div class=
"paragraph"><p>This uses two files, $GIT_DIR/info/allowed-users and
910 allowed-groups, to describe which heads can be pushed into by
911 whom. The format of each file would look like this:
</p></div>
912 <div class=
"literalblock">
913 <div class=
"content">
914 <pre><code>refs/heads/master junio
915 +refs/heads/seen junio
916 refs/heads/cogito$ pasky
917 refs/heads/bw/.* linus
919 refs/tags/v[
0-
9].* junio
</code></pre>
921 <div class=
"paragraph"><p>With this, Linus can push or create
"bw/penguin" or
"bw/zebra"
922 or
"bw/panda" branches, Pasky can do only
"cogito", and JC can
923 do master and
"seen" branches and make versioned tags. And anybody
924 can do tmp/blah branches. The
<em>+
</em> sign at the
"seen" record means
925 that JC can make non-fast-forward pushes on it.
</p></div>
929 <div id=
"footnotes"><hr /></div>
931 <div id=
"footer-text">
933 2023-
03-
01 08:
44:
18 PST