(security) a different fix in place of 5fd9328
SECURITY NOTE: if you deleted or renamed a pubkey file after5fd9328
went in (April 12th), please: - upgrade asap, then - go to your latest gitolite-admin clone and "git push -f" Otherwise this is not urgent.5fd9328
(and its minor successor813a2a9
) were about preventing the gitolite admin from sneaking in files to src/ and hooks/ into $GL_ADMINDIR. It seemed easy enough to do this by converting the path-less checkout to a with-paths checkout, but this has caused a worse problem -- deleting a keydir/foo.pub now no longer has an effect; the file still hangs around in the work tree. Ouch! (and thanks to teukka for noticing) We now do this check as a separate step, so the checkout can revert to being path-less.
This commit is contained in:
parent
850e583ac7
commit
1e06fea3b6
|
@ -1,9 +1,17 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
# ensure that the admin is not sneaking in src/ and hooks/ :)
|
||||||
|
GIT_WORK_TREE=$GL_ADMINDIR git ls-tree --name-only master |
|
||||||
|
perl -lne 'exit 1 if /^(src|hooks)$/' || {
|
||||||
|
echo "*** ERROR ***" >&2
|
||||||
|
echo "no files/dirs called 'src' or 'hooks' are allowed, sorry" >&2
|
||||||
|
echo "until those files are deleted, the post-update hook will not run" >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
# checkout the master branch to $GL_ADMINDIR
|
# checkout the master branch to $GL_ADMINDIR
|
||||||
# (the GL_ADMINDIR env var would have been set by gl-auth-command)
|
# (the GL_ADMINDIR env var would have been set by gl-auth-command)
|
||||||
GIT_WORK_TREE=$GL_ADMINDIR git checkout -f master -- \
|
GIT_WORK_TREE=$GL_ADMINDIR git checkout -f master
|
||||||
`git ls-tree --name-only master | perl -lne 'print unless /^(src|hooks)$/'`
|
|
||||||
|
|
||||||
od=$PWD
|
od=$PWD
|
||||||
cd $GL_ADMINDIR
|
cd $GL_ADMINDIR
|
||||||
|
|
Loading…
Reference in a new issue