diff options
author | Jay Colson <jay@karma.net> | 2020-07-23 10:53:23 +0100 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2020-07-24 15:19:02 -0700 |
commit | ca8503d0bef294ad3057382235e8ca2899e3a74e (patch) | |
tree | 90a31a93f4af555362c34439fbc8c8809c742292 | |
parent | 23cd13e4e2550b8af969da70c30a843343075022 (diff) | |
download | git-remote-gcrypt-ca8503d0bef294ad3057382235e8ca2899e3a74e.tar.gz |
git config to request abort if --force not passed
Default to emit a warning if the git config flag is not set.
Signed-off-by: Jay Colson <jay@karma.net>
-rw-r--r-- | README.rst | 12 | ||||
-rwxr-xr-x | git-remote-gcrypt | 21 |
2 files changed, 30 insertions, 3 deletions
@@ -97,6 +97,18 @@ The following ``git-config(1)`` variables are supported: ``rsync://`` backend. If the flags are set to a specific remote, the global flags, if also set, will not be applied for that remote. +``remote.<name>.gcrypt-force-required`` + .. +``gcrypt.force-required`` + A known issue is that every git push effectively has a ``--force``. + + By default, git-remote-gcrypt will warn the user of this known issue + when a push is requested without the ``--force`` flag. + + If this flag is set to ``true``, git-remote-gcrypt will fail to push, + as a precaution, unless ``--force`` is passed to git or you prefix your + refspecs with a '+'. + Environment variables ===================== diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 689e025..9b00d95 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -426,12 +426,14 @@ read_config() Conf_signkey=$(git config --get "remote.$NAME.gcrypt-signingkey" '.+' || git config --path user.signingkey || :) conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' || - git config --get gcrypt.participants '.+' || :) + git config --get gcrypt.participants '.+' || :) Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' || git config --get --bool gcrypt.publish-participants || :) Conf_gpg_args=$(git config --get gcrypt.gpg-args '.+' || :) Conf_rsync_put_flags=$(git config --get "remote.$NAME.gcrypt-rsync-put-flags" '.+' || git config --get "gcrypt.rsync-put-flags" '.+' || :) + Conf_force_required=$(git config --get --bool "remote.$NAME.gcrypt-force-required" '.+' || + git config --get --bool gcrypt.force-required '.+' || :) # Figure out which keys we should encrypt to or accept signatures from if isnull "$conf_part" || iseq "$conf_part" simple @@ -730,7 +732,8 @@ do_push() # file's hash. The manifest is updated with the pack id. # The manifest is encrypted. local r_revlist= pack_id= key_= obj_= src_= dst_= \ - r_pack_delete= tmp_encrypted= tmp_objlist= tmp_manifest= + r_pack_delete= tmp_encrypted= tmp_objlist= tmp_manifest= \ + force_passed= ensure_connected @@ -745,9 +748,12 @@ do_push() r_revlist=$(xfeed "$Refslist" cut -f 1 -d ' ' | safe_git_rev_parse | sed -e 's/^\(.\)/^&/') fi - while IFS=: read -r src_ dst_ # << +src:dst do + if [ "+" != "${src_:0:1}" ] + then + force_passed=false + fi src_=${src_#+} filter_to ! @Refslist "$Hex40 $dst_" "$Refslist" @@ -760,6 +766,15 @@ do_push() done <<EOF $1 EOF + if [ "$force_passed" = false ] + then + if [ "$Conf_force_required" = true ] + then + echo_die "gcrypt.force-required is set to true. Explicitly force push by passing --force in order to override this error." + else + echo_info "An implicit --force push is occuring. Please set 'git config --global add gcrypt.force-required true' to protect from implicit force pushes." + fi + fi tmp_encrypted="$Tempdir/packP" tmp_objlist="$Tempdir/objlP" |