From ca8503d0bef294ad3057382235e8ca2899e3a74e Mon Sep 17 00:00:00 2001 From: Jay Colson Date: Thu, 23 Jul 2020 10:53:23 +0100 Subject: git config to request abort if --force not passed Default to emit a warning if the git config flag is not set. Signed-off-by: Jay Colson --- README.rst | 12 ++++++++++++ git-remote-gcrypt | 21 ++++++++++++++++++--- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index 04b656d..b1f12cb 100644 --- a/README.rst +++ b/README.rst @@ -97,6 +97,18 @@ The following ``git-config(1)`` variables are supported: ``rsync://`` backend. If the flags are set to a specific remote, the global flags, if also set, will not be applied for that remote. +``remote..gcrypt-force-required`` + .. +``gcrypt.force-required`` + A known issue is that every git push effectively has a ``--force``. + + By default, git-remote-gcrypt will warn the user of this known issue + when a push is requested without the ``--force`` flag. + + If this flag is set to ``true``, git-remote-gcrypt will fail to push, + as a precaution, unless ``--force`` is passed to git or you prefix your + refspecs with a '+'. + Environment variables ===================== diff --git a/git-remote-gcrypt b/git-remote-gcrypt index 689e025..9b00d95 100755 --- a/git-remote-gcrypt +++ b/git-remote-gcrypt @@ -426,12 +426,14 @@ read_config() Conf_signkey=$(git config --get "remote.$NAME.gcrypt-signingkey" '.+' || git config --path user.signingkey || :) conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' || - git config --get gcrypt.participants '.+' || :) + git config --get gcrypt.participants '.+' || :) Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' || git config --get --bool gcrypt.publish-participants || :) Conf_gpg_args=$(git config --get gcrypt.gpg-args '.+' || :) Conf_rsync_put_flags=$(git config --get "remote.$NAME.gcrypt-rsync-put-flags" '.+' || git config --get "gcrypt.rsync-put-flags" '.+' || :) + Conf_force_required=$(git config --get --bool "remote.$NAME.gcrypt-force-required" '.+' || + git config --get --bool gcrypt.force-required '.+' || :) # Figure out which keys we should encrypt to or accept signatures from if isnull "$conf_part" || iseq "$conf_part" simple @@ -730,7 +732,8 @@ do_push() # file's hash. The manifest is updated with the pack id. # The manifest is encrypted. local r_revlist= pack_id= key_= obj_= src_= dst_= \ - r_pack_delete= tmp_encrypted= tmp_objlist= tmp_manifest= + r_pack_delete= tmp_encrypted= tmp_objlist= tmp_manifest= \ + force_passed= ensure_connected @@ -745,9 +748,12 @@ do_push() r_revlist=$(xfeed "$Refslist" cut -f 1 -d ' ' | safe_git_rev_parse | sed -e 's/^\(.\)/^&/') fi - while IFS=: read -r src_ dst_ # << +src:dst do + if [ "+" != "${src_:0:1}" ] + then + force_passed=false + fi src_=${src_#+} filter_to ! @Refslist "$Hex40 $dst_" "$Refslist" @@ -760,6 +766,15 @@ do_push() done <