+++ /dev/null
-git-multimail is developed as an independent project at the following
-website:
-
- https://github.com/git-multimail/git-multimail
-
-Please refer to that project page for information about how to report
-bugs or contribute to git-multimail.
+++ /dev/null
-#!/bin/sh
-#
-# Copyright (c) 2007 Andy Parkins
-#
-# An example hook script to mail out commit update information.
-#
-# NOTE: This script is no longer under active development. There
-# is another script, git-multimail, which is more capable and
-# configurable and is largely backwards-compatible with this script;
-# please see "contrib/hooks/multimail/". For instructions on how to
-# migrate from post-receive-email to git-multimail, please see
-# "README.migrate-from-post-receive-email" in that directory.
-#
-# This hook sends emails listing new revisions to the repository
-# introduced by the change being reported. The rule is that (for
-# branch updates) each commit will appear on one email and one email
-# only.
-#
-# This hook is stored in the contrib/hooks directory. Your distribution
-# will have put this somewhere standard. You should make this script
-# executable then link to it in the repository you would like to use it in.
-# For example, on debian the hook is stored in
-# /usr/share/git-core/contrib/hooks/post-receive-email:
-#
-# cd /path/to/your/repository.git
-# ln -sf /usr/share/git-core/contrib/hooks/post-receive-email hooks/post-receive
-#
-# This hook script assumes it is enabled on the central repository of a
-# project, with all users pushing only to it and not between each other. It
-# will still work if you don't operate in that style, but it would become
-# possible for the email to be from someone other than the person doing the
-# push.
-#
-# To help with debugging and use on pre-v1.5.1 git servers, this script will
-# also obey the interface of hooks/update, taking its arguments on the
-# command line. Unfortunately, hooks/update is called once for each ref.
-# To avoid firing one email per ref, this script just prints its output to
-# the screen when used in this mode. The output can then be redirected if
-# wanted.
-#
-# Config
-# ------
-# hooks.mailinglist
-# This is the list that all pushes will go to; leave it blank to not send
-# emails for every ref update.
-# hooks.announcelist
-# This is the list that all pushes of annotated tags will go to. Leave it
-# blank to default to the mailinglist field. The announce emails lists
-# the short log summary of the changes since the last annotated tag.
-# hooks.envelopesender
-# If set then the -f option is passed to sendmail to allow the envelope
-# sender address to be set
-# hooks.emailprefix
-# All emails have their subjects prefixed with this prefix, or "[SCM]"
-# if emailprefix is unset, to aid filtering
-# hooks.showrev
-# The shell command used to format each revision in the email, with
-# "%s" replaced with the commit id. Defaults to "git rev-list -1
-# --pretty %s", displaying the commit id, author, date and log
-# message. To list full patches separated by a blank line, you
-# could set this to "git show -C %s; echo".
-# To list a gitweb/cgit URL *and* a full patch for each change set, use this:
-# "t=%s; printf 'http://.../?id=%%s' \$t; echo;echo; git show -C \$t; echo"
-# Be careful if "..." contains things that will be expanded by shell "eval"
-# or printf.
-# hooks.emailmaxlines
-# The maximum number of lines that should be included in the generated
-# email body. If not specified, there is no limit.
-# Lines beyond the limit are suppressed and counted, and a final
-# line is added indicating the number of suppressed lines.
-# hooks.diffopts
-# Alternate options for the git diff-tree invocation that shows changes.
-# Default is "--stat --summary --find-copies-harder". Add -p to those
-# options to include a unified diff of changes in addition to the usual
-# summary output.
-#
-# Notes
-# -----
-# All emails include the headers "X-Git-Refname", "X-Git-Oldrev",
-# "X-Git-Newrev", and "X-Git-Reftype" to enable fine tuned filtering and
-# give information for debugging.
-#
-
-# ---------------------------- Functions
-
-#
-# Function to prepare for email generation. This decides what type
-# of update this is and whether an email should even be generated.
-#
-prep_for_email()
-{
- # --- Arguments
- oldrev=$(git rev-parse $1)
- newrev=$(git rev-parse $2)
- refname="$3"
-
- # --- Interpret
- # 0000->1234 (create)
- # 1234->2345 (update)
- # 2345->0000 (delete)
- if expr "$oldrev" : '0*$' >/dev/null
- then
- change_type="create"
- else
- if expr "$newrev" : '0*$' >/dev/null
- then
- change_type="delete"
- else
- change_type="update"
- fi
- fi
-
- # --- Get the revision types
- newrev_type=$(git cat-file -t $newrev 2> /dev/null)
- oldrev_type=$(git cat-file -t "$oldrev" 2> /dev/null)
- case "$change_type" in
- create|update)
- rev="$newrev"
- rev_type="$newrev_type"
- ;;
- delete)
- rev="$oldrev"
- rev_type="$oldrev_type"
- ;;
- esac
-
- # The revision type tells us what type the commit is, combined with
- # the location of the ref we can decide between
- # - working branch
- # - tracking branch
- # - unannoted tag
- # - annotated tag
- case "$refname","$rev_type" in
- refs/tags/*,commit)
- # un-annotated tag
- refname_type="tag"
- short_refname=${refname##refs/tags/}
- ;;
- refs/tags/*,tag)
- # annotated tag
- refname_type="annotated tag"
- short_refname=${refname##refs/tags/}
- # change recipients
- if [ -n "$announcerecipients" ]; then
- recipients="$announcerecipients"
- fi
- ;;
- refs/heads/*,commit)
- # branch
- refname_type="branch"
- short_refname=${refname##refs/heads/}
- ;;
- refs/remotes/*,commit)
- # tracking branch
- refname_type="tracking branch"
- short_refname=${refname##refs/remotes/}
- echo >&2 "*** Push-update of tracking branch, $refname"
- echo >&2 "*** - no email generated."
- return 1
- ;;
- *)
- # Anything else (is there anything else?)
- echo >&2 "*** Unknown type of update to $refname ($rev_type)"
- echo >&2 "*** - no email generated"
- return 1
- ;;
- esac
-
- # Check if we've got anyone to send to
- if [ -z "$recipients" ]; then
- case "$refname_type" in
- "annotated tag")
- config_name="hooks.announcelist"
- ;;
- *)
- config_name="hooks.mailinglist"
- ;;
- esac
- echo >&2 "*** $config_name is not set so no email will be sent"
- echo >&2 "*** for $refname update $oldrev->$newrev"
- return 1
- fi
-
- return 0
-}
-
-#
-# Top level email generation function. This calls the appropriate
-# body-generation routine after outputting the common header.
-#
-# Note this function doesn't actually generate any email output, that is
-# taken care of by the functions it calls:
-# - generate_email_header
-# - generate_create_XXXX_email
-# - generate_update_XXXX_email
-# - generate_delete_XXXX_email
-# - generate_email_footer
-#
-# Note also that this function cannot 'exit' from the script; when this
-# function is running (in hook script mode), the send_mail() function
-# is already executing in another process, connected via a pipe, and
-# if this function exits without, whatever has been generated to that
-# point will be sent as an email... even if nothing has been generated.
-#
-generate_email()
-{
- # Email parameters
- # The email subject will contain the best description of the ref
- # that we can build from the parameters
- describe=$(git describe $rev 2>/dev/null)
- if [ -z "$describe" ]; then
- describe=$rev
- fi
-
- generate_email_header
-
- # Call the correct body generation function
- fn_name=general
- case "$refname_type" in
- "tracking branch"|branch)
- fn_name=branch
- ;;
- "annotated tag")
- fn_name=atag
- ;;
- esac
-
- if [ -z "$maxlines" ]; then
- generate_${change_type}_${fn_name}_email
- else
- generate_${change_type}_${fn_name}_email | limit_lines $maxlines
- fi
-
- generate_email_footer
-}
-
-generate_email_header()
-{
- # --- Email (all stdout will be the email)
- # Generate header
- cat <<-EOF
- To: $recipients
- Subject: ${emailprefix}$projectdesc $refname_type $short_refname ${change_type}d. $describe
- MIME-Version: 1.0
- Content-Type: text/plain; charset=utf-8
- Content-Transfer-Encoding: 8bit
- X-Git-Refname: $refname
- X-Git-Reftype: $refname_type
- X-Git-Oldrev: $oldrev
- X-Git-Newrev: $newrev
- Auto-Submitted: auto-generated
-
- This is an automated email from the git hooks/post-receive script. It was
- generated because a ref change was pushed to the repository containing
- the project "$projectdesc".
-
- The $refname_type, $short_refname has been ${change_type}d
- EOF
-}
-
-generate_email_footer()
-{
- SPACE=" "
- cat <<-EOF
-
-
- hooks/post-receive
- --${SPACE}
- $projectdesc
- EOF
-}
-
-# --------------- Branches
-
-#
-# Called for the creation of a branch
-#
-generate_create_branch_email()
-{
- # This is a new branch and so oldrev is not valid
- echo " at $newrev ($newrev_type)"
- echo ""
-
- echo $LOGBEGIN
- show_new_revisions
- echo $LOGEND
-}
-
-#
-# Called for the change of a pre-existing branch
-#
-generate_update_branch_email()
-{
- # Consider this:
- # 1 --- 2 --- O --- X --- 3 --- 4 --- N
- #
- # O is $oldrev for $refname
- # N is $newrev for $refname
- # X is a revision pointed to by some other ref, for which we may
- # assume that an email has already been generated.
- # In this case we want to issue an email containing only revisions
- # 3, 4, and N. Given (almost) by
- #
- # git rev-list N ^O --not --all
- #
- # The reason for the "almost", is that the "--not --all" will take
- # precedence over the "N", and effectively will translate to
- #
- # git rev-list N ^O ^X ^N
- #
- # So, we need to build up the list more carefully. git rev-parse
- # will generate a list of revs that may be fed into git rev-list.
- # We can get it to make the "--not --all" part and then filter out
- # the "^N" with:
- #
- # git rev-parse --not --all | grep -v N
- #
- # Then, using the --stdin switch to git rev-list we have effectively
- # manufactured
- #
- # git rev-list N ^O ^X
- #
- # This leaves a problem when someone else updates the repository
- # while this script is running. Their new value of the ref we're
- # working on would be included in the "--not --all" output; and as
- # our $newrev would be an ancestor of that commit, it would exclude
- # all of our commits. What we really want is to exclude the current
- # value of $refname from the --not list, rather than N itself. So:
- #
- # git rev-parse --not --all | grep -v $(git rev-parse $refname)
- #
- # Gets us to something pretty safe (apart from the small time
- # between refname being read, and git rev-parse running - for that,
- # I give up)
- #
- #
- # Next problem, consider this:
- # * --- B --- * --- O ($oldrev)
- # \
- # * --- X --- * --- N ($newrev)
- #
- # That is to say, there is no guarantee that oldrev is a strict
- # subset of newrev (it would have required a --force, but that's
- # allowed). So, we can't simply say rev-list $oldrev..$newrev.
- # Instead we find the common base of the two revs and list from
- # there.
- #
- # As above, we need to take into account the presence of X; if
- # another branch is already in the repository and points at some of
- # the revisions that we are about to output - we don't want them.
- # The solution is as before: git rev-parse output filtered.
- #
- # Finally, tags: 1 --- 2 --- O --- T --- 3 --- 4 --- N
- #
- # Tags pushed into the repository generate nice shortlog emails that
- # summarise the commits between them and the previous tag. However,
- # those emails don't include the full commit messages that we output
- # for a branch update. Therefore we still want to output revisions
- # that have been output on a tag email.
- #
- # Luckily, git rev-parse includes just the tool. Instead of using
- # "--all" we use "--branches"; this has the added benefit that
- # "remotes/" will be ignored as well.
-
- # List all of the revisions that were removed by this update, in a
- # fast-forward update, this list will be empty, because rev-list O
- # ^N is empty. For a non-fast-forward, O ^N is the list of removed
- # revisions
- fast_forward=""
- rev=""
- for rev in $(git rev-list $newrev..$oldrev)
- do
- revtype=$(git cat-file -t "$rev")
- echo " discards $rev ($revtype)"
- done
- if [ -z "$rev" ]; then
- fast_forward=1
- fi
-
- # List all the revisions from baserev to newrev in a kind of
- # "table-of-contents"; note this list can include revisions that
- # have already had notification emails and is present to show the
- # full detail of the change from rolling back the old revision to
- # the base revision and then forward to the new revision
- for rev in $(git rev-list $oldrev..$newrev)
- do
- revtype=$(git cat-file -t "$rev")
- echo " via $rev ($revtype)"
- done
-
- if [ "$fast_forward" ]; then
- echo " from $oldrev ($oldrev_type)"
- else
- # 1. Existing revisions were removed. In this case newrev
- # is a subset of oldrev - this is the reverse of a
- # fast-forward, a rewind
- # 2. New revisions were added on top of an old revision,
- # this is a rewind and addition.
-
- # (1) certainly happened, (2) possibly. When (2) hasn't
- # happened, we set a flag to indicate that no log printout
- # is required.
-
- echo ""
-
- # Find the common ancestor of the old and new revisions and
- # compare it with newrev
- baserev=$(git merge-base $oldrev $newrev)
- rewind_only=""
- if [ "$baserev" = "$newrev" ]; then
- echo "This update discarded existing revisions and left the branch pointing at"
- echo "a previous point in the repository history."
- echo ""
- echo " * -- * -- N ($newrev)"
- echo " \\"
- echo " O -- O -- O ($oldrev)"
- echo ""
- echo "The removed revisions are not necessarily gone - if another reference"
- echo "still refers to them they will stay in the repository."
- rewind_only=1
- else
- echo "This update added new revisions after undoing existing revisions. That is"
- echo "to say, the old revision is not a strict subset of the new revision. This"
- echo "situation occurs when you --force push a change and generate a repository"
- echo "containing something like this:"
- echo ""
- echo " * -- * -- B -- O -- O -- O ($oldrev)"
- echo " \\"
- echo " N -- N -- N ($newrev)"
- echo ""
- echo "When this happens we assume that you've already had alert emails for all"
- echo "of the O revisions, and so we here report only the revisions in the N"
- echo "branch from the common base, B."
- fi
- fi
-
- echo ""
- if [ -z "$rewind_only" ]; then
- echo "Those revisions listed above that are new to this repository have"
- echo "not appeared on any other notification email; so we list those"
- echo "revisions in full, below."
-
- echo ""
- echo $LOGBEGIN
- show_new_revisions
-
- # XXX: Need a way of detecting whether git rev-list actually
- # outputted anything, so that we can issue a "no new
- # revisions added by this update" message
-
- echo $LOGEND
- else
- echo "No new revisions were added by this update."
- fi
-
- # The diffstat is shown from the old revision to the new revision.
- # This is to show the truth of what happened in this change.
- # There's no point showing the stat from the base to the new
- # revision because the base is effectively a random revision at this
- # point - the user will be interested in what this revision changed
- # - including the undoing of previous revisions in the case of
- # non-fast-forward updates.
- echo ""
- echo "Summary of changes:"
- git diff-tree $diffopts $oldrev..$newrev
-}
-
-#
-# Called for the deletion of a branch
-#
-generate_delete_branch_email()
-{
- echo " was $oldrev"
- echo ""
- echo $LOGBEGIN
- git diff-tree -s --always --encoding=UTF-8 --pretty=oneline $oldrev
- echo $LOGEND
-}
-
-# --------------- Annotated tags
-
-#
-# Called for the creation of an annotated tag
-#
-generate_create_atag_email()
-{
- echo " at $newrev ($newrev_type)"
-
- generate_atag_email
-}
-
-#
-# Called for the update of an annotated tag (this is probably a rare event
-# and may not even be allowed)
-#
-generate_update_atag_email()
-{
- echo " to $newrev ($newrev_type)"
- echo " from $oldrev (which is now obsolete)"
-
- generate_atag_email
-}
-
-#
-# Called when an annotated tag is created or changed
-#
-generate_atag_email()
-{
- # Use git for-each-ref to pull out the individual fields from the
- # tag
- eval $(git for-each-ref --shell --format='
- tagobject=%(*objectname)
- tagtype=%(*objecttype)
- tagger=%(taggername)
- tagged=%(taggerdate)' $refname
- )
-
- echo " tagging $tagobject ($tagtype)"
- case "$tagtype" in
- commit)
-
- # If the tagged object is a commit, then we assume this is a
- # release, and so we calculate which tag this tag is
- # replacing
- prevtag=$(git describe --abbrev=0 $newrev^ 2>/dev/null)
-
- if [ -n "$prevtag" ]; then
- echo " replaces $prevtag"
- fi
- ;;
- *)
- echo " length $(git cat-file -s $tagobject) bytes"
- ;;
- esac
- echo " tagged by $tagger"
- echo " on $tagged"
-
- echo ""
- echo $LOGBEGIN
-
- # Show the content of the tag message; this might contain a change
- # log or release notes so is worth displaying.
- git cat-file tag $newrev | sed -e '1,/^$/d'
-
- echo ""
- case "$tagtype" in
- commit)
- # Only commit tags make sense to have rev-list operations
- # performed on them
- if [ -n "$prevtag" ]; then
- # Show changes since the previous release
- git shortlog "$prevtag..$newrev"
- else
- # No previous tag, show all the changes since time
- # began
- git shortlog $newrev
- fi
- ;;
- *)
- # XXX: Is there anything useful we can do for non-commit
- # objects?
- ;;
- esac
-
- echo $LOGEND
-}
-
-#
-# Called for the deletion of an annotated tag
-#
-generate_delete_atag_email()
-{
- echo " was $oldrev"
- echo ""
- echo $LOGBEGIN
- git diff-tree -s --always --encoding=UTF-8 --pretty=oneline $oldrev
- echo $LOGEND
-}
-
-# --------------- General references
-
-#
-# Called when any other type of reference is created (most likely a
-# non-annotated tag)
-#
-generate_create_general_email()
-{
- echo " at $newrev ($newrev_type)"
-
- generate_general_email
-}
-
-#
-# Called when any other type of reference is updated (most likely a
-# non-annotated tag)
-#
-generate_update_general_email()
-{
- echo " to $newrev ($newrev_type)"
- echo " from $oldrev"
-
- generate_general_email
-}
-
-#
-# Called for creation or update of any other type of reference
-#
-generate_general_email()
-{
- # Unannotated tags are more about marking a point than releasing a
- # version; therefore we don't do the shortlog summary that we do for
- # annotated tags above - we simply show that the point has been
- # marked, and print the log message for the marked point for
- # reference purposes
- #
- # Note this section also catches any other reference type (although
- # there aren't any) and deals with them in the same way.
-
- echo ""
- if [ "$newrev_type" = "commit" ]; then
- echo $LOGBEGIN
- git diff-tree -s --always --encoding=UTF-8 --pretty=medium $newrev
- echo $LOGEND
- else
- # What can we do here? The tag marks an object that is not
- # a commit, so there is no log for us to display. It's
- # probably not wise to output git cat-file as it could be a
- # binary blob. We'll just say how big it is
- echo "$newrev is a $newrev_type, and is $(git cat-file -s $newrev) bytes long."
- fi
-}
-
-#
-# Called for the deletion of any other type of reference
-#
-generate_delete_general_email()
-{
- echo " was $oldrev"
- echo ""
- echo $LOGBEGIN
- git diff-tree -s --always --encoding=UTF-8 --pretty=oneline $oldrev
- echo $LOGEND
-}
-
-
-# --------------- Miscellaneous utilities
-
-#
-# Show new revisions as the user would like to see them in the email.
-#
-show_new_revisions()
-{
- # This shows all log entries that are not already covered by
- # another ref - i.e. commits that are now accessible from this
- # ref that were previously not accessible
- # (see generate_update_branch_email for the explanation of this
- # command)
-
- # Revision range passed to rev-list differs for new vs. updated
- # branches.
- if [ "$change_type" = create ]
- then
- # Show all revisions exclusive to this (new) branch.
- revspec=$newrev
- else
- # Branch update; show revisions not part of $oldrev.
- revspec=$oldrev..$newrev
- fi
-
- other_branches=$(git for-each-ref --format='%(refname)' refs/heads/ |
- grep -F -v $refname)
- git rev-parse --not $other_branches |
- if [ -z "$custom_showrev" ]
- then
- git rev-list --pretty --stdin $revspec
- else
- git rev-list --stdin $revspec |
- while read onerev
- do
- eval $(printf "$custom_showrev" $onerev)
- done
- fi
-}
-
-
-limit_lines()
-{
- lines=0
- skipped=0
- while IFS="" read -r line; do
- lines=$((lines + 1))
- if [ $lines -gt $1 ]; then
- skipped=$((skipped + 1))
- else
- printf "%s\n" "$line"
- fi
- done
- if [ $skipped -ne 0 ]; then
- echo "... $skipped lines suppressed ..."
- fi
-}
-
-
-send_mail()
-{
- if [ -n "$envelopesender" ]; then
- /usr/sbin/sendmail -t -f "$envelopesender"
- else
- /usr/sbin/sendmail -t
- fi
-}
-
-# ---------------------------- main()
-
-# --- Constants
-LOGBEGIN="- Log -----------------------------------------------------------------"
-LOGEND="-----------------------------------------------------------------------"
-
-# --- Config
-# Set GIT_DIR either from the working directory, or from the environment
-# variable.
-GIT_DIR=$(git rev-parse --git-dir 2>/dev/null)
-if [ -z "$GIT_DIR" ]; then
- echo >&2 "fatal: post-receive: GIT_DIR not set"
- exit 1
-fi
-
-projectdesc=$(sed -ne '1p' "$GIT_DIR/description" 2>/dev/null)
-# Check if the description is unchanged from it's default, and shorten it to
-# a more manageable length if it is
-if expr "$projectdesc" : "Unnamed repository.*$" >/dev/null
-then
- projectdesc="UNNAMED PROJECT"
-fi
-
-recipients=$(git config hooks.mailinglist)
-announcerecipients=$(git config hooks.announcelist)
-envelopesender=$(git config hooks.envelopesender)
-emailprefix=$(git config hooks.emailprefix || echo '[SCM] ')
-custom_showrev=$(git config hooks.showrev)
-maxlines=$(git config hooks.emailmaxlines)
-diffopts=$(git config hooks.diffopts)
-: ${diffopts:="--stat --summary --find-copies-harder"}
-
-# --- Main loop
-# Allow dual mode: run from the command line just like the update hook, or
-# if no arguments are given then run as a hook script
-if [ -n "$1" -a -n "$2" -a -n "$3" ]; then
- # Output to the terminal in command line mode - if someone wanted to
- # resend an email; they could redirect the output to sendmail
- # themselves
- prep_for_email $2 $3 $1 && PAGER= generate_email
-else
- while read oldrev newrev refname
- do
- prep_for_email $oldrev $newrev $refname || continue
- generate_email $maxlines | send_mail
- done
-fi
+++ /dev/null
-#!/bin/sh
-#
-# An example hook script to verify if you are on battery, in case you
-# are running Linux or OS X. Called by git-gc --auto with no arguments.
-# The hook should exit with non-zero status after issuing an appropriate
-# message if it wants to stop the auto repacking.
-#
-# This hook is stored in the contrib/hooks directory. Your distribution
-# may have put this somewhere else. If you want to use this hook, you
-# should make this script executable then link to it in the repository
-# you would like to use it in.
-#
-# For example, if the hook is stored in
-# /usr/share/git-core/contrib/hooks/pre-auto-gc-battery:
-#
-# cd /path/to/your/repository.git
-# ln -sf /usr/share/git-core/contrib/hooks/pre-auto-gc-battery \
-# hooks/pre-auto-gc
-
-if test -x /sbin/on_ac_power && (/sbin/on_ac_power;test $? -ne 1)
-then
- exit 0
-elif test "$(cat /sys/class/power_supply/AC/online 2>/dev/null)" = 1
-then
- exit 0
-elif grep -q 'on-line' /proc/acpi/ac_adapter/AC/state 2>/dev/null
-then
- exit 0
-elif grep -q '0x01$' /proc/apm 2>/dev/null
-then
- exit 0
-elif grep -q "AC Power \+: 1" /proc/pmu/info 2>/dev/null
-then
- exit 0
-elif test -x /usr/bin/pmset && /usr/bin/pmset -g batt |
- grep -q "drawing from 'AC Power'"
-then
- exit 0
-fi
-
-echo "Auto packing deferred; not on AC"
-exit 1
+++ /dev/null
-#!/usr/bin/perl
-#
-# Copyright (c) 2006 Josh England
-#
-# This script can be used to save/restore full permissions and ownership data
-# within a git working tree.
-#
-# To save permissions/ownership data, place this script in your .git/hooks
-# directory and enable a `pre-commit` hook with the following lines:
-# #!/bin/sh
-# SUBDIRECTORY_OK=1 . git-sh-setup
-# $GIT_DIR/hooks/setgitperms.perl -r
-#
-# To restore permissions/ownership data, place this script in your .git/hooks
-# directory and enable a `post-merge` and `post-checkout` hook with the
-# following lines:
-# #!/bin/sh
-# SUBDIRECTORY_OK=1 . git-sh-setup
-# $GIT_DIR/hooks/setgitperms.perl -w
-#
-use strict;
-use Getopt::Long;
-use File::Find;
-use File::Basename;
-
-my $usage =
-"usage: setgitperms.perl [OPTION]... <--read|--write>
-This program uses a file `.gitmeta` to store/restore permissions and uid/gid
-info for all files/dirs tracked by git in the repository.
-
----------------------------------Read Mode-------------------------------------
--r, --read Reads perms/etc from working dir into a .gitmeta file
--s, --stdout Output to stdout instead of .gitmeta
--d, --diff Show unified diff of perms file (XOR with --stdout)
-
----------------------------------Write Mode------------------------------------
--w, --write Modify perms/etc in working dir to match the .gitmeta file
--v, --verbose Be verbose
-
-\n";
-
-my ($stdout, $showdiff, $verbose, $read_mode, $write_mode);
-
-if ((@ARGV < 0) || !GetOptions(
- "stdout", \$stdout,
- "diff", \$showdiff,
- "read", \$read_mode,
- "write", \$write_mode,
- "verbose", \$verbose,
- )) { die $usage; }
-die $usage unless ($read_mode xor $write_mode);
-
-my $topdir = `git rev-parse --show-cdup` or die "\n"; chomp $topdir;
-my $gitdir = $topdir . '.git';
-my $gitmeta = $topdir . '.gitmeta';
-
-if ($write_mode) {
- # Update the working dir permissions/ownership based on data from .gitmeta
- open (IN, "<$gitmeta") or die "Could not open $gitmeta for reading: $!\n";
- while (defined ($_ = <IN>)) {
- chomp;
- if (/^(.*) mode=(\S+)\s+uid=(\d+)\s+gid=(\d+)/) {
- # Compare recorded perms to actual perms in the working dir
- my ($path, $mode, $uid, $gid) = ($1, $2, $3, $4);
- my $fullpath = $topdir . $path;
- my (undef,undef,$wmode,undef,$wuid,$wgid) = lstat($fullpath);
- $wmode = sprintf "%04o", $wmode & 07777;
- if ($mode ne $wmode) {
- $verbose && print "Updating permissions on $path: old=$wmode, new=$mode\n";
- chmod oct($mode), $fullpath;
- }
- if ($uid != $wuid || $gid != $wgid) {
- if ($verbose) {
- # Print out user/group names instead of uid/gid
- my $pwname = getpwuid($uid);
- my $grpname = getgrgid($gid);
- my $wpwname = getpwuid($wuid);
- my $wgrpname = getgrgid($wgid);
- $pwname = $uid if !defined $pwname;
- $grpname = $gid if !defined $grpname;
- $wpwname = $wuid if !defined $wpwname;
- $wgrpname = $wgid if !defined $wgrpname;
-
- print "Updating uid/gid on $path: old=$wpwname/$wgrpname, new=$pwname/$grpname\n";
- }
- chown $uid, $gid, $fullpath;
- }
- }
- else {
- warn "Invalid input format in $gitmeta:\n\t$_\n";
- }
- }
- close IN;
-}
-elsif ($read_mode) {
- # Handle merge conflicts in the .gitperms file
- if (-e "$gitdir/MERGE_MSG") {
- if (`grep ====== $gitmeta`) {
- # Conflict not resolved -- abort the commit
- print "PERMISSIONS/OWNERSHIP CONFLICT\n";
- print " Resolve the conflict in the $gitmeta file and then run\n";
- print " `.git/hooks/setgitperms.perl --write` to reconcile.\n";
- exit 1;
- }
- elsif (`grep $gitmeta $gitdir/MERGE_MSG`) {
- # A conflict in .gitmeta has been manually resolved. Verify that
- # the working dir perms matches the current .gitmeta perms for
- # each file/dir that conflicted.
- # This is here because a `setgitperms.perl --write` was not
- # performed due to a merge conflict, so permissions/ownership
- # may not be consistent with the manually merged .gitmeta file.
- my @conflict_diff = `git show \$(cat $gitdir/MERGE_HEAD)`;
- my @conflict_files;
- my $metadiff = 0;
-
- # Build a list of files that conflicted from the .gitmeta diff
- foreach my $line (@conflict_diff) {
- if ($line =~ m|^diff --git a/$gitmeta b/$gitmeta|) {
- $metadiff = 1;
- }
- elsif ($line =~ /^diff --git/) {
- $metadiff = 0;
- }
- elsif ($metadiff && $line =~ /^\+(.*) mode=/) {
- push @conflict_files, $1;
- }
- }
-
- # Verify that each conflict file now has permissions consistent
- # with the .gitmeta file
- foreach my $file (@conflict_files) {
- my $absfile = $topdir . $file;
- my $gm_entry = `grep "^$file mode=" $gitmeta`;
- if ($gm_entry =~ /mode=(\d+) uid=(\d+) gid=(\d+)/) {
- my ($gm_mode, $gm_uid, $gm_gid) = ($1, $2, $3);
- my (undef,undef,$mode,undef,$uid,$gid) = lstat("$absfile");
- $mode = sprintf("%04o", $mode & 07777);
- if (($gm_mode ne $mode) || ($gm_uid != $uid)
- || ($gm_gid != $gid)) {
- print "PERMISSIONS/OWNERSHIP CONFLICT\n";
- print " Mismatch found for file: $file\n";
- print " Run `.git/hooks/setgitperms.perl --write` to reconcile.\n";
- exit 1;
- }
- }
- else {
- print "Warning! Permissions/ownership no longer being tracked for file: $file\n";
- }
- }
- }
- }
-
- # No merge conflicts -- write out perms/ownership data to .gitmeta file
- unless ($stdout) {
- open (OUT, ">$gitmeta.tmp") or die "Could not open $gitmeta.tmp for writing: $!\n";
- }
-
- my @files = `git ls-files`;
- my %dirs;
-
- foreach my $path (@files) {
- chomp $path;
- # We have to manually add stats for parent directories
- my $parent = dirname($path);
- while (!exists $dirs{$parent}) {
- $dirs{$parent} = 1;
- next if $parent eq '.';
- printstats($parent);
- $parent = dirname($parent);
- }
- # Now the git-tracked file
- printstats($path);
- }
-
- # diff the temporary metadata file to see if anything has changed
- # If no metadata has changed, don't overwrite the real file
- # This is just so `git commit -a` doesn't try to commit a bogus update
- unless ($stdout) {
- if (! -e $gitmeta) {
- rename "$gitmeta.tmp", $gitmeta;
- }
- else {
- my $diff = `diff -U 0 $gitmeta $gitmeta.tmp`;
- if ($diff ne '') {
- rename "$gitmeta.tmp", $gitmeta;
- }
- else {
- unlink "$gitmeta.tmp";
- }
- if ($showdiff) {
- print $diff;
- }
- }
- close OUT;
- }
- # Make sure the .gitmeta file is tracked
- system("git add $gitmeta");
-}
-
-
-sub printstats {
- my $path = $_[0];
- $path =~ s/@/\@/g;
- my (undef,undef,$mode,undef,$uid,$gid) = lstat($path);
- $path =~ s/%/\%/g;
- if ($stdout) {
- print $path;
- printf " mode=%04o uid=$uid gid=$gid\n", $mode & 07777;
- }
- else {
- print OUT $path;
- printf OUT " mode=%04o uid=$uid gid=$gid\n", $mode & 07777;
- }
-}
+++ /dev/null
-#!/usr/bin/perl
-
-use strict;
-use File::Spec;
-
-$ENV{PATH} = '/opt/git/bin';
-my $acl_git = '/vcs/acls.git';
-my $acl_branch = 'refs/heads/master';
-my $debug = 0;
-
-=doc
-Invoked as: update refname old-sha1 new-sha1
-
-This script is run by git-receive-pack once for each ref that the
-client is trying to modify. If we exit with a non-zero exit value
-then the update for that particular ref is denied, but updates for
-other refs in the same run of receive-pack may still be allowed.
-
-We are run after the objects have been uploaded, but before the
-ref is actually modified. We take advantage of that fact when we
-look for "new" commits and tags (the new objects won't show up in
-`rev-list --all`).
-
-This script loads and parses the content of the config file
-"users/$this_user.acl" from the $acl_branch commit of $acl_git ODB.
-The acl file is a git-config style file, but uses a slightly more
-restricted syntax as the Perl parser contained within this script
-is not nearly as permissive as git-config.
-
-Example:
-
- [user]
- committer = John Doe <john.doe@example.com>
- committer = John R. Doe <john.doe@example.com>
-
- [repository "acls"]
- allow = heads/master
- allow = CDUR for heads/jd/
- allow = C for ^tags/v\\d+$
-
-For all new commit or tag objects the committer (or tagger) line
-within the object must exactly match one of the user.committer
-values listed in the acl file ("HEAD:users/$this_user.acl").
-
-For a branch to be modified an allow line within the matching
-repository section must be matched for both the refname and the
-opcode.
-
-Repository sections are matched on the basename of the repository
-(after removing the .git suffix).
-
-The opcode abbreviations are:
-
- C: create new ref
- D: delete existing ref
- U: fast-forward existing ref (no commit loss)
- R: rewind/rebase existing ref (commit loss)
-
-if no opcodes are listed before the "for" keyword then "U" (for
-fast-forward update only) is assumed as this is the most common
-usage.
-
-Refnames are matched by always assuming a prefix of "refs/".
-This hook forbids pushing or deleting anything not under "refs/".
-
-Refnames that start with ^ are Perl regular expressions, and the ^
-is kept as part of the regexp. \\ is needed to get just one \, so
-\\d expands to \d in Perl. The 3rd allow line above is an example.
-
-Refnames that don't start with ^ but that end with / are prefix
-matches (2nd allow line above); all other refnames are strict
-equality matches (1st allow line).
-
-Anything pushed to "heads/" (ok, really "refs/heads/") must be
-a commit. Tags are not permitted here.
-
-Anything pushed to "tags/" (err, really "refs/tags/") must be an
-annotated tag. Commits, blobs, trees, etc. are not permitted here.
-Annotated tag signatures aren't checked, nor are they required.
-
-The special subrepository of 'info/new-commit-check' can
-be created and used to allow users to push new commits and
-tags from another local repository to this one, even if they
-aren't the committer/tagger of those objects. In a nut shell
-the info/new-commit-check directory is a Git repository whose
-objects/info/alternates file lists this repository and all other
-possible sources, and whose refs subdirectory contains symlinks
-to this repository's refs subdirectory, and to all other possible
-sources refs subdirectories. Yes, this means that you cannot
-use packed-refs in those repositories as they won't be resolved
-correctly.
-
-=cut
-
-my $git_dir = $ENV{GIT_DIR};
-my $new_commit_check = "$git_dir/info/new-commit-check";
-my $ref = $ARGV[0];
-my $old = $ARGV[1];
-my $new = $ARGV[2];
-my $new_type;
-my ($this_user) = getpwuid $<; # REAL_USER_ID
-my $repository_name;
-my %user_committer;
-my @allow_rules;
-my @path_rules;
-my %diff_cache;
-
-sub deny ($) {
- print STDERR "-Deny- $_[0]\n" if $debug;
- print STDERR "\ndenied: $_[0]\n\n";
- exit 1;
-}
-
-sub grant ($) {
- print STDERR "-Grant- $_[0]\n" if $debug;
- exit 0;
-}
-
-sub info ($) {
- print STDERR "-Info- $_[0]\n" if $debug;
-}
-
-sub git_value (@) {
- open(T,'-|','git',@_); local $_ = <T>; chop; close T; $_;
-}
-
-sub match_string ($$) {
- my ($acl_n, $ref) = @_;
- ($acl_n eq $ref)
- || ($acl_n =~ m,/$, && substr($ref,0,length $acl_n) eq $acl_n)
- || ($acl_n =~ m,^\^, && $ref =~ m:$acl_n:);
-}
-
-sub parse_config ($$$$) {
- my $data = shift;
- local $ENV{GIT_DIR} = shift;
- my $br = shift;
- my $fn = shift;
- return unless git_value('rev-list','--max-count=1',$br,'--',$fn);
- info "Loading $br:$fn";
- open(I,'-|','git','cat-file','blob',"$br:$fn");
- my $section = '';
- while (<I>) {
- chomp;
- if (/^\s*$/ || /^\s*#/) {
- } elsif (/^\[([a-z]+)\]$/i) {
- $section = lc $1;
- } elsif (/^\[([a-z]+)\s+"(.*)"\]$/i) {
- $section = join('.',lc $1,$2);
- } elsif (/^\s*([a-z][a-z0-9]+)\s*=\s*(.*?)\s*$/i) {
- push @{$data->{join('.',$section,lc $1)}}, $2;
- } else {
- deny "bad config file line $. in $br:$fn";
- }
- }
- close I;
-}
-
-sub all_new_committers () {
- local $ENV{GIT_DIR} = $git_dir;
- $ENV{GIT_DIR} = $new_commit_check if -d $new_commit_check;
-
- info "Getting committers of new commits.";
- my %used;
- open(T,'-|','git','rev-list','--pretty=raw',$new,'--not','--all');
- while (<T>) {
- next unless s/^committer //;
- chop;
- s/>.*$/>/;
- info "Found $_." unless $used{$_}++;
- }
- close T;
- info "No new commits." unless %used;
- keys %used;
-}
-
-sub all_new_taggers () {
- my %exists;
- open(T,'-|','git','for-each-ref','--format=%(objectname)','refs/tags');
- while (<T>) {
- chop;
- $exists{$_} = 1;
- }
- close T;
-
- info "Getting taggers of new tags.";
- my %used;
- my $obj = $new;
- my $obj_type = $new_type;
- while ($obj_type eq 'tag') {
- last if $exists{$obj};
- $obj_type = '';
- open(T,'-|','git','cat-file','tag',$obj);
- while (<T>) {
- chop;
- if (/^object ([a-z0-9]{40})$/) {
- $obj = $1;
- } elsif (/^type (.+)$/) {
- $obj_type = $1;
- } elsif (s/^tagger //) {
- s/>.*$/>/;
- info "Found $_." unless $used{$_}++;
- last;
- }
- }
- close T;
- }
- info "No new tags." unless %used;
- keys %used;
-}
-
-sub check_committers (@) {
- my @bad;
- foreach (@_) { push @bad, $_ unless $user_committer{$_}; }
- if (@bad) {
- print STDERR "\n";
- print STDERR "You are not $_.\n" foreach (sort @bad);
- deny "You cannot push changes not committed by you.";
- }
-}
-
-sub load_diff ($) {
- my $base = shift;
- my $d = $diff_cache{$base};
- unless ($d) {
- local $/ = "\0";
- my %this_diff;
- if ($base =~ /^0{40}$/) {
- # Don't load the diff at all; we are making the
- # branch and have no base to compare to in this
- # case. A file level ACL makes no sense in this
- # context. Having an empty diff will allow the
- # branch creation.
- #
- } else {
- open(T,'-|','git','diff-tree',
- '-r','--name-status','-z',
- $base,$new) or return undef;
- while (<T>) {
- my $op = $_;
- chop $op;
-
- my $path = <T>;
- chop $path;
-
- $this_diff{$path} = $op;
- }
- close T or return undef;
- }
- $d = \%this_diff;
- $diff_cache{$base} = $d;
- }
- return $d;
-}
-
-deny "No GIT_DIR inherited from caller" unless $git_dir;
-deny "Need a ref name" unless $ref;
-deny "Refusing funny ref $ref" unless $ref =~ s,^refs/,,;
-deny "Bad old value $old" unless $old =~ /^[a-z0-9]{40}$/;
-deny "Bad new value $new" unless $new =~ /^[a-z0-9]{40}$/;
-deny "Cannot determine who you are." unless $this_user;
-grant "No change requested." if $old eq $new;
-
-$repository_name = File::Spec->rel2abs($git_dir);
-$repository_name =~ m,/([^/]+)(?:\.git|/\.git)$,;
-$repository_name = $1;
-info "Updating in '$repository_name'.";
-
-my $op;
-if ($old =~ /^0{40}$/) { $op = 'C'; }
-elsif ($new =~ /^0{40}$/) { $op = 'D'; }
-else { $op = 'R'; }
-
-# This is really an update (fast-forward) if the
-# merge base of $old and $new is $old.
-#
-$op = 'U' if ($op eq 'R'
- && $ref =~ m,^heads/,
- && $old eq git_value('merge-base',$old,$new));
-
-# Load the user's ACL file. Expand groups (user.memberof) one level.
-{
- my %data = ('user.committer' => []);
- parse_config(\%data,$acl_git,$acl_branch,"external/$repository_name.acl");
-
- %data = (
- 'user.committer' => $data{'user.committer'},
- 'user.memberof' => [],
- );
- parse_config(\%data,$acl_git,$acl_branch,"users/$this_user.acl");
-
- %user_committer = map {$_ => $_} @{$data{'user.committer'}};
- my $rule_key = "repository.$repository_name.allow";
- my $rules = $data{$rule_key} || [];
-
- foreach my $group (@{$data{'user.memberof'}}) {
- my %g;
- parse_config(\%g,$acl_git,$acl_branch,"groups/$group.acl");
- my $group_rules = $g{$rule_key};
- push @$rules, @$group_rules if $group_rules;
- }
-
-RULE:
- foreach (@$rules) {
- while (/\${user\.([a-z][a-zA-Z0-9]+)}/) {
- my $k = lc $1;
- my $v = $data{"user.$k"};
- next RULE unless defined $v;
- next RULE if @$v != 1;
- next RULE unless defined $v->[0];
- s/\${user\.$k}/$v->[0]/g;
- }
-
- if (/^([AMD ]+)\s+of\s+([^\s]+)\s+for\s+([^\s]+)\s+diff\s+([^\s]+)$/) {
- my ($ops, $pth, $ref, $bst) = ($1, $2, $3, $4);
- $ops =~ s/ //g;
- $pth =~ s/\\\\/\\/g;
- $ref =~ s/\\\\/\\/g;
- push @path_rules, [$ops, $pth, $ref, $bst];
- } elsif (/^([AMD ]+)\s+of\s+([^\s]+)\s+for\s+([^\s]+)$/) {
- my ($ops, $pth, $ref) = ($1, $2, $3);
- $ops =~ s/ //g;
- $pth =~ s/\\\\/\\/g;
- $ref =~ s/\\\\/\\/g;
- push @path_rules, [$ops, $pth, $ref, $old];
- } elsif (/^([CDRU ]+)\s+for\s+([^\s]+)$/) {
- my $ops = $1;
- my $ref = $2;
- $ops =~ s/ //g;
- $ref =~ s/\\\\/\\/g;
- push @allow_rules, [$ops, $ref];
- } elsif (/^for\s+([^\s]+)$/) {
- # Mentioned, but nothing granted?
- } elsif (/^[^\s]+$/) {
- s/\\\\/\\/g;
- push @allow_rules, ['U', $_];
- }
- }
-}
-
-if ($op ne 'D') {
- $new_type = git_value('cat-file','-t',$new);
-
- if ($ref =~ m,^heads/,) {
- deny "$ref must be a commit." unless $new_type eq 'commit';
- } elsif ($ref =~ m,^tags/,) {
- deny "$ref must be an annotated tag." unless $new_type eq 'tag';
- }
-
- check_committers (all_new_committers);
- check_committers (all_new_taggers) if $new_type eq 'tag';
-}
-
-info "$this_user wants $op for $ref";
-foreach my $acl_entry (@allow_rules) {
- my ($acl_ops, $acl_n) = @$acl_entry;
- next unless $acl_ops =~ /^[CDRU]+$/; # Uhh.... shouldn't happen.
- next unless $acl_n;
- next unless $op =~ /^[$acl_ops]$/;
- next unless match_string $acl_n, $ref;
-
- # Don't test path rules on branch deletes.
- #
- grant "Allowed by: $acl_ops for $acl_n" if $op eq 'D';
-
- # Aggregate matching path rules; allow if there aren't
- # any matching this ref.
- #
- my %pr;
- foreach my $p_entry (@path_rules) {
- my ($p_ops, $p_n, $p_ref, $p_bst) = @$p_entry;
- next unless $p_ref;
- push @{$pr{$p_bst}}, $p_entry if match_string $p_ref, $ref;
- }
- grant "Allowed by: $acl_ops for $acl_n" unless %pr;
-
- # Allow only if all changes against a single base are
- # allowed by file path rules.
- #
- my @bad;
- foreach my $p_bst (keys %pr) {
- my $diff_ref = load_diff $p_bst;
- deny "Cannot difference trees." unless ref $diff_ref;
-
- my %fd = %$diff_ref;
- foreach my $p_entry (@{$pr{$p_bst}}) {
- my ($p_ops, $p_n, $p_ref, $p_bst) = @$p_entry;
- next unless $p_ops =~ /^[AMD]+$/;
- next unless $p_n;
-
- foreach my $f_n (keys %fd) {
- my $f_op = $fd{$f_n};
- next unless $f_op;
- next unless $f_op =~ /^[$p_ops]$/;
- delete $fd{$f_n} if match_string $p_n, $f_n;
- }
- last unless %fd;
- }
-
- if (%fd) {
- push @bad, [$p_bst, \%fd];
- } else {
- # All changes relative to $p_bst were allowed.
- #
- grant "Allowed by: $acl_ops for $acl_n diff $p_bst";
- }
- }
-
- foreach my $bad_ref (@bad) {
- my ($p_bst, $fd) = @$bad_ref;
- print STDERR "\n";
- print STDERR "Not allowed to make the following changes:\n";
- print STDERR "(base: $p_bst)\n";
- foreach my $f_n (sort keys %$fd) {
- print STDERR " $fd->{$f_n} $f_n\n";
- }
- }
- deny "You are not permitted to $op $ref";
-}
-close A;
-deny "You are not permitted to $op $ref";
projects / thirdparty / git.git / commitdiff
