[DRE-commits] [gitlab-shell] 01/02: support git 2.11
Praveen Arimbrathodiyil
praveen at moszumanska.debian.org
Wed Jan 18 07:49:05 UTC 2017
This is an automated email from the git hooks/post-receive script.
praveen pushed a commit to branch master
in repository gitlab-shell.
commit 995f7eb790575b88dd04b30d83c2026b7afcb2db
Author: Praveen Arimbrathodiyil <praveen at debian.org>
Date: Wed Jan 18 13:03:52 2017 +0530
support git 2.11
---
debian/patches/git-env.patch | 69 ++++++++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 70 insertions(+)
diff --git a/debian/patches/git-env.patch b/debian/patches/git-env.patch
new file mode 100644
index 0000000..ed124fb
--- /dev/null
+++ b/debian/patches/git-env.patch
@@ -0,0 +1,69 @@
+From fc2016484aacb82980c1c9082e195110f0eacb34 Mon Sep 17 00:00:00 2001
+From: Timothy Andrew <mail at timothyandrew.net>
+Date: Wed, 7 Dec 2016 13:09:47 +0530
+Subject: [PATCH 1/2] Pass relevant git environment variables while calling
+ `/allowed`
+
+1. Starting version 2.11, git changed the way the pre-receive flow works.
+
+ - Previously, the new potential objects would be added to the main repo. If the
+ pre-receive passes, the new objects stay in the repo but are linked up. If
+ the pre-receive fails, the new objects stay orphaned in the repo, and are
+ cleaned up during the next `git gc`.
+
+ - In 2.11, the new potential objects are added to a temporary "alternate object
+ directory", that git creates for this purpose. If the pre-receive passes, the
+ objects from the alternate object directory are migrated to the main repo. If
+ the pre-receive fails the alternate object directory is simply deleted.
+
+2. In our workflow, the pre-recieve script calls the `/allowed` endpoint on the
+ rails server. This `/allowed` endpoint calls out directly to git to perform
+ various checks. These direct calls to git do _not_ have the necessary
+ environment variables set which allow access to the "alternate object
+ directory" (explained above). Therefore these calls to git are not able to
+ access any of the new potential objects to be added during this push.
+
+3. We fix this by passing the relevant environment variables
+ (GIT_ALTERNATE_OBJECT_DIRECTORIES, GIT_OBJECT_DIRECTORY, and
+ GIT_QUARANTINE_PATH) to the `/allowed` endpoint, which will then include
+ these environment variables while calling out to git.
+---
+ lib/gitlab_access.rb | 7 ++++++-
+ lib/gitlab_net.rb | 5 +++--
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+--- a/lib/gitlab_access.rb
++++ b/lib/gitlab_access.rb
+@@ -21,7 +21,11 @@
+ end
+
+ def exec
+- status = api.check_access('git-receive-pack', @repo_name, @actor, @changes, @protocol)
++ env = {
++ "GIT_ALTERNATE_OBJECT_DIRECTORIES" => ENV["GIT_ALTERNATE_OBJECT_DIRECTORIES"],
++ "GIT_OBJECT_DIRECTORY" => ENV["GIT_OBJECT_DIRECTORY"]
++ }
++ status = api.check_access('git-receive-pack', @repo_path, @actor, @changes, @protocol, env: env.to_json)
+
+ raise AccessDeniedError, status.message unless status.allowed?
+
+--- a/lib/gitlab_net.rb
++++ b/lib/gitlab_net.rb
+@@ -15,14 +15,15 @@
+ CHECK_TIMEOUT = 5
+ READ_TIMEOUT = 300
+
+- def check_access(cmd, repo, actor, changes, protocol)
++ def check_access(cmd, repo, actor, changes, protocol, env: {})
+ changes = changes.join("\n") unless changes.kind_of?(String)
+
+ params = {
+ action: cmd,
+ changes: changes,
+ project: project_name(repo),
+- protocol: protocol
++ protocol: protocol,
++ env: env
+ }
+
+ if actor =~ /\Akey\-\d+\Z/
diff --git a/debian/patches/series b/debian/patches/series
index 982f34e..80c9cbd 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
use-system-libs.patch
set-root-path.patch
+git-env.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/gitlab-shell.git
More information about the Pkg-ruby-extras-commits
mailing list