This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository maintenancescripts. from c082a1a git/hooks: add update-script._check+allow-merges_ as symlink to update-script._check_. new 6672f44 git/hooks/update-script._check_: fix ...) case-switch forgotten last time. new 1f359e9 git/hooks/update-script._check_: use guard to be able to include file multiple times and executing it only once. new 1f82c2e git/hooks/update-script._acl_: use update-script._check_ to not duplicate code. new 23e7568 git/hooks/update-script._acl_: use more quoting, curly braces and replace ...)-style case-switches with (...)-style case-switches. Add FIXME's. The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: git/hooks/update-script._acl_ | 183 +++++++++++++-------------------------- git/hooks/update-script._check_ | 104 +++++++++++----------- 2 files changed, 114 insertions(+), 173 deletions(-) -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/maintenancescripts.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository maintenancescripts. commit 6672f4444ffe2fc0ff88f590bd917e084719aa94 Author: Mihai Moldovan <ionic@ionic.de> Date: Mon Feb 23 23:15:28 2015 +0100 git/hooks/update-script._check_: fix ...) case-switch forgotten last time. --- git/hooks/update-script._check_ | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/git/hooks/update-script._check_ b/git/hooks/update-script._check_ index e8e5898..e485c6a 100755 --- a/git/hooks/update-script._check_ +++ b/git/hooks/update-script._check_ @@ -33,8 +33,8 @@ case "$1" in # updating -- make sure it is a fast forward mb=$(git merge-base "$2" "$3") case "$mb,$2" in - "$2,$mb") info "Update is fast-forward" ;; - *) deny > /dev/null "ERROR: This is not a fast-forward update. History has been rewritten." ;; + ("$2,$mb") info "Update is fast-forward" ;; + (*) deny > /dev/null "ERROR: This is not a fast-forward update. History has been rewritten." ;; esac ;; (feature/*|bugfix/*) info "Not checking for non-fast-forwards or merges on ${BRANCH}." ;; -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/maintenancescripts.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository maintenancescripts. commit 1f359e93fefc9efe9f1be0f2096f72f99e07db1a Author: Mihai Moldovan <ionic@ionic.de> Date: Mon Feb 23 23:29:23 2015 +0100 git/hooks/update-script._check_: use guard to be able to include file multiple times and executing it only once. --- git/hooks/update-script._check_ | 104 +++++++++++++++++++++------------------ 1 file changed, 55 insertions(+), 49 deletions(-) diff --git a/git/hooks/update-script._check_ b/git/hooks/update-script._check_ index e485c6a..17ad7f8 100755 --- a/git/hooks/update-script._check_ +++ b/git/hooks/update-script._check_ @@ -2,57 +2,63 @@ . hooks/common.sh -MERGE="0" -[ "$(basename "${0}")" = "update-script_check+allow-merges_" ] && MERGE="1" +if [ -z "${UPDATE_DONE}" ]; then + UPDATE_DONE="1" -case "$1" in - (refs/tags/*) - [ -f "$GIT_DIR/$1" ] && deny >/dev/null "You can't overwrite an existing tag" - ;; - (refs/heads/*) - BRANCH="${1#refs/heads/}" + MERGE="0" + [ "$(basename "${0}")" = "update-script_check+allow-merges_" ] && MERGE="1" - # No rebasing or rewinding on release, build or master branches. - if expr "$2" : '0*$' >/dev/null; then - case "${BRANCH}" in - (release/*|build-*|master|feature/*|bugfix/*) info "The branch '$1' is new..." ;; - (*) deny >/dev/null "ERROR: Branch name does not meet the project policies. Please contact git-admin@x2go.org." ;; - esac - else - case "${BRANCH}" in - (release/*|build-*|master) - # updating -- check for merge commit and deny or warn - [ -n "$(git rev-list --merges $2..$3)" ] && { - if [ "${MERGE}" = "0" ]; then - deny > /dev/null "ERROR: update contains a merge." - else - echowarn "WARNING: update contains a merge. Allowing merges by special policies for this project." - fi - } + case "$1" in + (refs/tags/*) + [ -f "$GIT_DIR/$1" ] && deny >/dev/null "You can't overwrite an existing tag" + ;; + (refs/heads/*) + BRANCH="${1#refs/heads/}" - # updating -- make sure it is a fast forward - mb=$(git merge-base "$2" "$3") - case "$mb,$2" in - ("$2,$mb") info "Update is fast-forward" ;; - (*) deny > /dev/null "ERROR: This is not a fast-forward update. History has been rewritten." ;; - esac - ;; - (feature/*|bugfix/*) info "Not checking for non-fast-forwards or merges on ${BRANCH}." ;; - (*) deny >/dev/null "ERROR: Branch name does not meet the project policies. Please contact git-admin@x2go.org." ;; - esac - fi - for REVISION in $(git rev-list --reverse "$2..$3") ; do - # Make sure that the log message contains some text. - check_log_message + # No rebasing or rewinding on release, build or master branches. + if expr "$2" : '0*$' >/dev/null; then + case "${BRANCH}" in + (release/*|build-*|master|feature/*|bugfix/*) info "The branch '$1' is new..." ;; + (*) deny >/dev/null "ERROR: Branch name does not meet the project policies. Please contact git-admin@x2go.org." ;; + esac + else + case "${BRANCH}" in + (release/*|build-*|master) + # updating -- check for merge commit and deny or warn + [ -n "$(git rev-list --merges $2..$3)" ] && { + if [ "${MERGE}" = "0" ]; then + deny > /dev/null "ERROR: update contains a merge." + else + echowarn "WARNING: update contains a merge. Allowing merges by special policies for this project." + fi + } - # Enforce some style guidelines on commits: Trailing whitespace, tabs (outside - # of Makefiles) and DOS line endings are forbidden, all files must end in - # newlines. - check_trailing_whitespace "" - check_tabs "" - check_dos_linebreaks "" - check_ending_newline "" - done - ;; -esac + # updating -- make sure it is a fast forward + mb="$(git merge-base "$2" "$3")" + case "$mb,$2" in + ("$2,$mb") info "Update is fast-forward" ;; + (*) deny > /dev/null "ERROR: This is not a fast-forward update. History has been rewritten." ;; + esac + ;; + (feature/*|bugfix/*) info "Not checking for non-fast-forwards or merges on ${BRANCH}." ;; + (*) deny >/dev/null "ERROR: Branch name does not meet the project policies. Please contact git-admin@x2go.org." ;; + esac + fi + for REVISION in $(git rev-list --reverse "$2..$3") ; do + # Make sure that the log message contains some text. + check_log_message + # Enforce some style guidelines on commits: Trailing whitespace, tabs (outside + # of Makefiles) and DOS line endings are forbidden, all files must end in + # newlines. + check_trailing_whitespace "" + check_tabs "" + check_dos_linebreaks "" + check_ending_newline "" + done + ;; + (*) + deny >/dev/null "Branch is not under refs/heads or refs/tags. What are you trying to do?" + ;; + esac +fi -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/maintenancescripts.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository maintenancescripts. commit 1f82c2e1dea7a62d765d1e6e2de591c771be2d9a Author: Mihai Moldovan <ionic@ionic.de> Date: Mon Feb 23 23:31:21 2015 +0100 git/hooks/update-script._acl_: use update-script._check_ to not duplicate code. --- git/hooks/update-script._acl_ | 65 +---------------------------------------- 1 file changed, 1 insertion(+), 64 deletions(-) diff --git a/git/hooks/update-script._acl_ b/git/hooks/update-script._acl_ index 7beea26..3669e95 100755 --- a/git/hooks/update-script._acl_ +++ b/git/hooks/update-script._acl_ @@ -1,69 +1,6 @@ #!/bin/bash -umask 002 -x - -# If you are having trouble with this access control hook script -# you can try setting this to true. It will tell you exactly -# why a user is being allowed/denied access. - -verbose=true - -# Default shell globbing messes things up downstream -GLOBIGNORE=* - -function grant { - $verbose && echo >&2 "-Grant- $1" - echo grant - exit 0 -} - -function deny { - $verbose && echo >&2 "-Deny- $1" - echo deny - exit 1 -} - -function info { - $verbose && echo >&2 "-Info- $1" -} - -# Implement generic branch and tag policies. -# - Tags should not be updated once created. -# - Branches should only be fast-forwarded unless their pattern starts with '+' -case "$1" in - refs/tags/*) - git rev-parse --verify -q "$1" && - deny >/dev/null "You can't overwrite an existing tag" - ;; - refs/heads/*) - BRANCH="${1#refs/heads/}" - - # No rebasing or rewinding on release, build or master branches. - if expr "$2" : '0*$' >/dev/null; then - case "${BRANCH}" in - release/*|build-*|master|feature/*|bugfix/*) info "The branch '$1' is new..." ;; - *) deny >/dev/null "ERROR: Branch name does not meet the project policies. Please contact git-admin@x2go.org." ;; - esac - else - case "${BRANCH}" in - release/*|build-*|master) - # updating -- make sure it is a fast forward - mb=$(git-merge-base "$2" "$3") - case "$mb,$2" in - "$2,$mb") info "Update is fast-forward" ;; - *) noff=y; info "This is not a fast-forward update.";; - esac - ;; - feature/*|bugfix/*) info "Not checking for non-fast-forwards on ${BRANCH}." ;; - *) deny >/dev/null "ERROR: Branch name does not meet the project policies. Please contact git-admin@x2go.org." ;; - esac - fi - ;; - *) - deny >/dev/null \ - "Branch is not under refs/heads or refs/tags. What are you trying to do?" - ;; -esac +. hooks/update-script._check_ # Implement per-branch controls based on username allowed_users_file=$GIT_DIR/info/allowed-users -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/maintenancescripts.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository maintenancescripts. commit 23e75682cc785e621b2f1ec46d1b59e6fb2da4a5 Author: Mihai Moldovan <ionic@ionic.de> Date: Tue Feb 24 00:01:19 2015 +0100 git/hooks/update-script._acl_: use more quoting, curly braces and replace ...)-style case-switches with (...)-style case-switches. Add FIXME's. --- git/hooks/update-script._acl_ | 110 ++++++++++++++++++++--------------------- 1 file changed, 54 insertions(+), 56 deletions(-) diff --git a/git/hooks/update-script._acl_ b/git/hooks/update-script._acl_ index 3669e95..86ab4c6 100755 --- a/git/hooks/update-script._acl_ +++ b/git/hooks/update-script._acl_ @@ -3,86 +3,84 @@ . hooks/update-script._check_ # Implement per-branch controls based on username -allowed_users_file=$GIT_DIR/info/allowed-users -username=$(id -u -n) -info "The user is: '$username'" +allowed_users_file="${GIT_DIR}/info/allowed-users" +username="$(id -u -n)" +info "The user is: '${username}'" -if test -f "$allowed_users_file" -then - granted=1 - rc=$(cat $allowed_users_file | grep -v '^#' | grep -v '^$' | + +## FIXME ## This looks slightly weird. Rework this. +## FIXME ## noff was removed when replacing the duplicated check with calling update-script._check_. Need that back! +if [ -f "${allowed_users_file}" ]; then + granted="0" + rc="$(cat "${allowed_users_file}" | grep -v '^#' | grep -v '^$' | while read heads user_patterns do # does this rule apply to us? - head_pattern=${heads#+} - matchlen=$(expr "$1" : "${head_pattern#+}") - test "$matchlen" = ${#1} || continue + head_pattern="${heads#+}" + matchlen="$(expr "${1}" : "${head_pattern#+}")" + [ "${matchlen}" = ${#1} ] || continue - # if non-ff, $heads must be with the '+' prefix - test -n "$noff" && - test "$head_pattern" = "$heads" && continue + # if non-ff, ${heads} must be with the '+' prefix + [ -n "${noff}" ] && \ + [ "${head_pattern}" = "${heads}" ] && continue - info "Found matching head pattern: '$head_pattern'" - for user_pattern in $user_patterns; do - info "Checking user: '$username' against pattern: '$user_pattern'" - matchlen=$(expr "$username" : "$user_pattern") - if test "$matchlen" = "${#username}" - then - grant "Allowing user: '$username' with pattern: '$user_pattern'" - granted=0 + info "Found matching head pattern: '${head_pattern}'" + for user_pattern in ${user_patterns}; do + info "Checking user: '${username}' against pattern: '${user_pattern}'" + matchlen="$(expr "${username}" : "${user_pattern}")" + if [ "${matchlen}" = "${#username}" ]; then + grant "Allowing user: '${username}' with pattern: '${user_pattern}'" + granted="1" fi done done - test $granted || deny "The user is not in the access list for this branch" - ) - case "$rc" in - grant) grant >/dev/null "Granting access based on $allowed_users_file" ;; - deny) deny >/dev/null "Denying access based on $allowed_users_file" ;; - *) ;; + [ "${granted}" = "1" ] || deny "The user is not in the access list for this branch" + )" + case "${rc}" in + (grant) grant >/dev/null "Granting access based on ${allowed_users_file}" ;; + (deny) deny >/dev/null "Denying access based on ${allowed_users_file}" ;; + (*) ;; esac fi -allowed_groups_file=$GIT_DIR/info/allowed-groups -groups=$(id -G -n) +allowed_groups_file="${GIT_DIR}/info/allowed-groups" +groups="$(id -G -n)" info "The user belongs to the following groups:" -info "'$groups'" +info "'${groups}'" -if test -f "$allowed_groups_file" -then - granted=1 - rc=$(cat $allowed_groups_file | grep -v '^#' | grep -v '^$' | +if [ -f "${allowed_groups_file}" ]; then + granted="0" + rc="$(cat "${allowed_groups_file}" | grep -v '^#' | grep -v '^$' | while read heads group_patterns do # does this rule apply to us? - head_pattern=${heads#+} - matchlen=$(expr "$1" : "${head_pattern#+}") - test "$matchlen" = ${#1} || continue + head_pattern="${heads#+}" + matchlen="$(expr "${1}" : "${head_pattern#+}")" + [ "${matchlen}" = "${#1}" ] || continue - # if non-ff, $heads must be with the '+' prefix - test -n "$noff" && - test "$head_pattern" = "$heads" && continue + # if non-ff, ${heads} must be with the '+' prefix + [ -n "${noff}" ] && \ + [ "${head_pattern}" = "${heads}" ] && continue - info "Found matching head pattern: '$head_pattern'" - for group_pattern in $group_patterns; do - for groupname in $groups; do - info "Checking group: '$groupname' against pattern: '$group_pattern'" - matchlen=$(expr "$groupname" : "$group_pattern") - if test "$matchlen" = "${#groupname}" - then - grant "Allowing group: '$groupname' with pattern: '$group_pattern'" - granted=0 + info "Found matching head pattern: '${head_pattern}'" + for group_pattern in ${group_patterns}; do + for groupname in ${groups}; do + info "Checking group: '${groupname}' against pattern: '${group_pattern}'" + matchlen="$(expr "${groupname}" : "${group_pattern}")" + if [ "${matchlen}" = "${#groupname}" ]; then + grant "Allowing group: '${groupname}' with pattern: '${group_pattern}'" + granted="1" fi done done done - test $granted || deny "None of the user's groups are in the access list for this branch" - ) - case "$rc" in - grant) grant >/dev/null "Granting access based on $allowed_groups_file" ;; - deny) deny >/dev/null "Denying access based on $allowed_groups_file" ;; - *) ;; + [ "${granted}" = "1" ] || deny "None of the user's groups are in the access list for this branch" + )" + case "${rc}" in + (grant) grant >/dev/null "Granting access based on ${allowed_groups_file}" ;; + (deny) deny >/dev/null "Denying access based on ${allowed_groups_file}" ;; + (*) ;; esac fi deny >/dev/null "There are no more rules to check. Denying access" - -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/maintenancescripts.git
-
git-admin@x2go.org