From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: <git@vger.kernel.org>
Cc: Junio C Hamano <gitster@pobox.com>,
Johannes Schindelin <Johannes.Schindelin@gmx.de>
Subject: [PATCH 1/2] Revert "clone: prevent hooks from running during a clone"
Date: Tue, 14 May 2024 18:16:40 +0000 [thread overview]
Message-ID: <20240514181641.150112-2-sandals@crustytoothpaste.net> (raw)
In-Reply-To: <20240514181641.150112-1-sandals@crustytoothpaste.net>
From: "brian m. carlson" <bk2204@github.com>
This change breaks Git LFS, which relies on the pre-checkout hook to run
in a clone. This is to allow files which have the lockable attribute,
which are usually large binary assets which cannot be merged, to
be marked read-only when a user doesn't have a lock so as to prevent
conflicts.
Revert this change since it causes functional problems.
This reverts commit 8db1e8743c0f1ed241f6a1b8bf55b6fef07d6751.
Signed-off-by: brian m. carlson <bk2204@github.com>
---
builtin/clone.c | 5 -----
hook.c | 32 ------------------------------
t/t5601-clone.sh | 51 ------------------------------------------------
3 files changed, 88 deletions(-)
diff --git a/builtin/clone.c b/builtin/clone.c
index 0e7cf198f5..c66a32feb3 100644
--- a/builtin/clone.c
+++ b/builtin/clone.c
@@ -987,12 +987,7 @@ int cmd_clone(int argc, const char **argv, const char *prefix)
usage_msg_opt(_("You must specify a repository to clone."),
builtin_clone_usage, builtin_clone_options);
- xsetenv("GIT_CLONE_PROTECTION_ACTIVE", "true", 0 /* allow user override */);
template_dir = get_template_dir(option_template);
- if (*template_dir && !is_absolute_path(template_dir))
- template_dir = template_dir_dup =
- absolute_pathdup(template_dir);
- xsetenv("GIT_CLONE_TEMPLATE_DIR", template_dir, 1);
if (option_depth || option_since || option_not.nr)
deepen = 1;
diff --git a/hook.c b/hook.c
index eebc4d4473..f5f46e844e 100644
--- a/hook.c
+++ b/hook.c
@@ -11,30 +11,6 @@
#include "setup.h"
#include "copy.h"
-static int identical_to_template_hook(const char *name, const char *path)
-{
- const char *env = getenv("GIT_CLONE_TEMPLATE_DIR");
- const char *template_dir = get_template_dir(env && *env ? env : NULL);
- struct strbuf template_path = STRBUF_INIT;
- int found_template_hook, ret;
-
- strbuf_addf(&template_path, "%s/hooks/%s", template_dir, name);
- found_template_hook = access(template_path.buf, X_OK) >= 0;
-#ifdef STRIP_EXTENSION
- if (!found_template_hook) {
- strbuf_addstr(&template_path, STRIP_EXTENSION);
- found_template_hook = access(template_path.buf, X_OK) >= 0;
- }
-#endif
- if (!found_template_hook)
- return 0;
-
- ret = do_files_match(template_path.buf, path);
-
- strbuf_release(&template_path);
- return ret;
-}
-
const char *find_hook(const char *name)
{
static struct strbuf path = STRBUF_INIT;
@@ -70,14 +46,6 @@ const char *find_hook(const char *name)
}
return NULL;
}
- if (!git_hooks_path && git_env_bool("GIT_CLONE_PROTECTION_ACTIVE", 0) &&
- !identical_to_template_hook(name, path.buf))
- die(_("active `%s` hook found during `git clone`:\n\t%s\n"
- "For security reasons, this is disallowed by default.\n"
- "If this is intentional and the hook should actually "
- "be run, please\nrun the command again with "
- "`GIT_CLONE_PROTECTION_ACTIVE=false`"),
- name, path.buf);
return path.buf;
}
diff --git a/t/t5601-clone.sh b/t/t5601-clone.sh
index deb1c282c7..cc0b953f14 100755
--- a/t/t5601-clone.sh
+++ b/t/t5601-clone.sh
@@ -788,57 +788,6 @@ test_expect_success 'batch missing blob request does not inadvertently try to fe
git clone --filter=blob:limit=0 "file://$(pwd)/server" client
'
-test_expect_success 'clone with init.templatedir runs hooks' '
- git init tmpl/hooks &&
- write_script tmpl/hooks/post-checkout <<-EOF &&
- echo HOOK-RUN >&2
- echo I was here >hook.run
- EOF
- git -C tmpl/hooks add . &&
- test_tick &&
- git -C tmpl/hooks commit -m post-checkout &&
-
- test_when_finished "git config --global --unset init.templateDir || :" &&
- test_when_finished "git config --unset init.templateDir || :" &&
- (
- sane_unset GIT_TEMPLATE_DIR &&
- NO_SET_GIT_TEMPLATE_DIR=t &&
- export NO_SET_GIT_TEMPLATE_DIR &&
-
- git -c core.hooksPath="$(pwd)/tmpl/hooks" \
- clone tmpl/hooks hook-run-hookspath 2>err &&
- test_grep ! "active .* hook found" err &&
- test_path_is_file hook-run-hookspath/hook.run &&
-
- git -c init.templateDir="$(pwd)/tmpl" \
- clone tmpl/hooks hook-run-config 2>err &&
- test_grep ! "active .* hook found" err &&
- test_path_is_file hook-run-config/hook.run &&
-
- git clone --template=tmpl tmpl/hooks hook-run-option 2>err &&
- test_grep ! "active .* hook found" err &&
- test_path_is_file hook-run-option/hook.run &&
-
- git config --global init.templateDir "$(pwd)/tmpl" &&
- git clone tmpl/hooks hook-run-global-config 2>err &&
- git config --global --unset init.templateDir &&
- test_grep ! "active .* hook found" err &&
- test_path_is_file hook-run-global-config/hook.run &&
-
- # clone ignores local `init.templateDir`; need to create
- # a new repository because we deleted `.git/` in the
- # `setup` test case above
- git init local-clone &&
- cd local-clone &&
-
- git config init.templateDir "$(pwd)/../tmpl" &&
- git clone ../tmpl/hooks hook-run-local-config 2>err &&
- git config --unset init.templateDir &&
- test_grep ! "active .* hook found" err &&
- test_path_is_missing hook-run-local-config/hook.run
- )
-'
-
. "$TEST_DIRECTORY"/lib-httpd.sh
start_httpd
next prev parent reply other threads:[~2024-05-14 18:16 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-14 18:16 [PATCH 0/2] Revert defense-in-depth patches breaking Git LFS brian m. carlson
2024-05-14 18:16 ` brian m. carlson [this message]
2024-05-14 18:16 ` [PATCH 2/2] Revert "core.hooksPath: add some protection while cloning" brian m. carlson
2024-05-14 19:07 ` [PATCH 0/2] Revert defense-in-depth patches breaking Git LFS Johannes Schindelin
2024-05-14 19:41 ` brian m. carlson
2024-05-22 9:49 ` Joey Hess
2024-05-27 19:35 ` Johannes Schindelin
2024-05-28 2:13 ` Joey Hess
[not found] ` <ZlZSZ1-0F2DEp9yV@tapette.crustytoothpaste.net>
2024-05-28 23:46 ` Junio C Hamano
2024-05-29 8:54 ` Jeff King
2024-05-29 12:17 ` Johannes Schindelin
2024-05-29 16:17 ` Junio C Hamano
2024-05-30 8:17 ` Jeff King
2024-05-24 17:37 ` Joey Hess
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240514181641.150112-2-sandals@crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).