git pre-receive hooks.
March 26, 2014 Leave a comment
In my attempts to block users from committing code as root users which I mentioned in my previous blog post; I’ve identified an unusual behavior in git.
Git pre-receive hooks do not have any parameters passed in, but rather query stdin for parameters.
To demonstrate, create the following file on your git server
some_repository/.git/hooks/pre-receive set -x echo "$# parameters have been passed in"
Then try and push code
spencer@workstation:/tmp/hooktest3$ git push Counting objects: 11, done. Delta compression using up to 4 threads. Compressing objects: 100% (6/6), done. Writing objects: 100% (9/9), 731 bytes | 0 bytes/s, done remote: + echo '0 parameters have been passed in'
The correct way to evaluate the incoming commit is with
read
some_repository/.git/hooks/pre-receive while read oldsha newsha refname; do case $oldsha,$newsha in *,$NULL_SHA1) # it's a delete echo "delete request received";; $NULL_SHA1,*) # it's a create echo creating $newsha";; *,*) # it's an update echo "updating with $newsha";; esac done
So why is this important?
This is the only way to parse an incoming git commit. You can then evaluate the commit to see who the author is, what type of commit ect..
Thanks go to torek for pointing this out on my stack overflow question here: http://stackoverflow.com/questions/22546393/can-git-pre-receive-hooks-evaulate-the-incoming-commit/22547375?noredirect=1#comment34541940_22547375