git pre-receive hooks.

In my attempts to block users from committing code as root users which I mentioned in my previous blog post; I’ve identified an unusual behavior in git.

 

Git pre-receive hooks do not have any parameters passed in, but rather query stdin for parameters.

To demonstrate, create the following file on your git server

some_repository/.git/hooks/pre-receive

set -x

echo "$# parameters have been passed in"

 

Then try and push code

 

spencer@workstation:/tmp/hooktest3$ git push
Counting objects: 11, done.

Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (9/9), 731 bytes | 0 bytes/s, done

remote: + echo '0 parameters have been passed in'

The correct way to evaluate the incoming commit is with

read

some_repository/.git/hooks/pre-receive

while read oldsha newsha refname; do
    case $oldsha,$newsha in
    *,$NULL_SHA1) # it's a delete
        echo "delete request received";;
    $NULL_SHA1,*) # it's a create
       echo creating $newsha";;
    *,*) # it's an update
        echo "updating with $newsha";;
    esac
done

So why is this important?
This is the only way to parse an incoming git commit. You can then evaluate the commit to see who the author is, what type of commit ect..

Thanks go to torek for pointing this out on my stack overflow question here: http://stackoverflow.com/questions/22546393/can-git-pre-receive-hooks-evaulate-the-incoming-commit/22547375?noredirect=1#comment34541940_22547375