From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: <git@vger.kernel.org>
Cc: Junio C Hamano <gitster@pobox.com>,
Johannes Schindelin <Johannes.Schindelin@gmx.de>
Subject: [PATCH 2/2] Revert "core.hooksPath: add some protection while cloning"
Date: Tue, 14 May 2024 18:16:41 +0000 [thread overview]
Message-ID: <20240514181641.150112-3-sandals@crustytoothpaste.net> (raw)
In-Reply-To: <20240514181641.150112-1-sandals@crustytoothpaste.net>
From: "brian m. carlson" <bk2204@github.com>
The original commit breaks Git LFS, which installs hooks when it is
invoked during the smudge process as part of checkout. This is required
to install a post-checkout hook that causes files which are set as
lockable (which are typically large binary assets that cannot be merged)
to be read-only unless they've been locked. In addition, Git LFS
requires the pre-push hook to be installed so that LFS objects can be
pushed as part of the invocation of git push.
Without the ability to install these hooks, the locking functionality
would not work until the user invoked Git LFS again and did a completely
new checkout with all files changed, since Git LFS optimizes for only
changed files. In addition, an invocation of git push might not push
anything LFS files all to the remote, potentially causing data loss.
Note that this affects all clone operations with a repository with Git
LFS files in it, even if they are configured not to smudge data by
default, so it breaks all automated clones (which will see "die" called)
without the relevant environment variable specified.
Revert this change to restore functionality.
This reverts commit 20f3588efc6cbcae5bbaabf65ee12df87b51a9ea.
Signed-off-by: brian m. carlson <bk2204@github.com>
---
config.c | 13 +------------
t/t1800-hook.sh | 15 ---------------
2 files changed, 1 insertion(+), 27 deletions(-)
diff --git a/config.c b/config.c
index 77a0fd2d80..ae3652b08f 100644
--- a/config.c
+++ b/config.c
@@ -1416,19 +1416,8 @@ static int git_default_core_config(const char *var, const char *value,
if (!strcmp(var, "core.attributesfile"))
return git_config_pathname(&git_attributes_file, var, value);
- if (!strcmp(var, "core.hookspath")) {
- if (ctx->kvi && ctx->kvi->scope == CONFIG_SCOPE_LOCAL &&
- git_env_bool("GIT_CLONE_PROTECTION_ACTIVE", 0))
- die(_("active `core.hooksPath` found in the local "
- "repository config:\n\t%s\nFor security "
- "reasons, this is disallowed by default.\nIf "
- "this is intentional and the hook should "
- "actually be run, please\nrun the command "
- "again with "
- "`GIT_CLONE_PROTECTION_ACTIVE=false`"),
- value);
+ if (!strcmp(var, "core.hookspath"))
return git_config_pathname(&git_hooks_path, var, value);
- }
if (!strcmp(var, "core.bare")) {
is_bare_repository_cfg = git_config_bool(var, value);
diff --git a/t/t1800-hook.sh b/t/t1800-hook.sh
index 1894ebeb0e..8b0234cf2d 100755
--- a/t/t1800-hook.sh
+++ b/t/t1800-hook.sh
@@ -185,19 +185,4 @@ test_expect_success 'stdin to hooks' '
test_cmp expect actual
'
-test_expect_success 'clone protections' '
- test_config core.hooksPath "$(pwd)/my-hooks" &&
- mkdir -p my-hooks &&
- write_script my-hooks/test-hook <<-\EOF &&
- echo Hook ran $1
- EOF
-
- git hook run test-hook 2>err &&
- test_grep "Hook ran" err &&
- test_must_fail env GIT_CLONE_PROTECTION_ACTIVE=true \
- git hook run test-hook 2>err &&
- test_grep "active .core.hooksPath" err &&
- test_grep ! "Hook ran" err
-'
-
test_done
next prev parent reply other threads:[~2024-05-14 18:16 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-14 18:16 [PATCH 0/2] Revert defense-in-depth patches breaking Git LFS brian m. carlson
2024-05-14 18:16 ` [PATCH 1/2] Revert "clone: prevent hooks from running during a clone" brian m. carlson
2024-05-14 18:16 ` brian m. carlson [this message]
2024-05-14 19:07 ` [PATCH 0/2] Revert defense-in-depth patches breaking Git LFS Johannes Schindelin
2024-05-14 19:41 ` brian m. carlson
2024-05-22 9:49 ` Joey Hess
2024-05-27 19:35 ` Johannes Schindelin
2024-05-28 2:13 ` Joey Hess
[not found] ` <ZlZSZ1-0F2DEp9yV@tapette.crustytoothpaste.net>
2024-05-28 23:46 ` Junio C Hamano
2024-05-29 8:54 ` Jeff King
2024-05-29 12:17 ` Johannes Schindelin
2024-05-29 16:17 ` Junio C Hamano
2024-05-30 8:17 ` Jeff King
2024-05-24 17:37 ` Joey Hess
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240514181641.150112-3-sandals@crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).