Commit a0f3060f authored by Lukas Fleischer's avatar Lukas Fleischer
Browse files

git-update: Deny non-fast-forwards

To make sure we never lose any history, non-fast-forwards are forbidden.
Instead of relying on receive.denyNonFastForwards, add a simple check to
the update hook. This has the added benefit of more flexibility.

Signed-off-by: Lukas Fleischer's avatarLukas Fleischer <>
parent e254a315
......@@ -29,7 +29,6 @@ Setup on Arch Linux
# cd /srv/http/aurweb/aur.git/
# git init --bare
# ln -s ../../git-interface/ hooks/update
# git config --local receive.denyNonFastForwards true
# chown -R aur .
7) Install the git-auth wrapper script:
......@@ -178,6 +178,15 @@ if refname != "refs/heads/master":
die("pushing to a branch other than master is restricted")
repo = pygit2.Repository(repo_path)
# Detect and deny non-fast-forwards.
if sha1_old != "0000000000000000000000000000000000000000":
walker = repo.walk(sha1_old, pygit2.GIT_SORT_TOPOLOGICAL)
if next(walker, None) != None:
die("denying non-fast-forward (you should pull first)")
# Prepare the walker that validates new commits.
walker = repo.walk(sha1_new, pygit2.GIT_SORT_TOPOLOGICAL)
if sha1_old != "0000000000000000000000000000000000000000":
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment