git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / code / Atom feed
* Git extra hook, pre-upload
@ 2018-12-30 20:11 Xheroz 128
  2018-12-30 21:34 ` Ævar Arnfjörð Bjarmason
  0 siblings, 1 reply; 5+ messages in thread
From: Xheroz 128 @ 2018-12-30 20:11 UTC (permalink / raw)
  To: git

Hello,

My name is Kenneth Lee, a student at Teikyo University, Japan.

Currently, I’m doing my Final Year Project that requires a hook that executes automatically on the server side of the repository, before the objects been pulled to the client side, and after the objects have been pushed to the server side, which is "post-receive" hook. The post-receive hook work well for me, but I couldn’t find any hook to be executed immediately before an upload-operation is performed, i.e. before data is sent to the client. 

Why Git doesn't have a hook that executed immediately before the data is sent to the client? Any advice on getting this hook or any similar function of the hook? 

Thanks,

Kenneth Lee Zhen Kang
+8180-9828-2935

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Git extra hook, pre-upload
  2018-12-30 20:11 Git extra hook, pre-upload Xheroz 128
@ 2018-12-30 21:34 ` Ævar Arnfjörð Bjarmason
  2019-01-02 17:27   ` Junio C Hamano
  2019-01-03  7:29   ` Jeff King
  0 siblings, 2 replies; 5+ messages in thread
From: Ævar Arnfjörð Bjarmason @ 2018-12-30 21:34 UTC (permalink / raw)
  To: Xheroz 128; +Cc: git


On Sun, Dec 30 2018, Xheroz 128 wrote:

> Currently, I’m doing my Final Year Project that requires a hook that executes automatically on the server side of the repository, before the objects been pulled to the client side, and after the objects have been pushed to the server side, which is "post-receive" hook. The post-receive hook work well for me, but I couldn’t find any hook to be executed immediately before an upload-operation is performed, i.e. before data is sent to the client.
>
> Why Git doesn't have a hook that executed immediately before the data is sent to the client? Any advice on getting this hook or any similar function of the hook?

We do not have such a pre-upload hook, but could have one. There's an
old thread from 2011 detailing some potential downsides:

https://public-inbox.org/git/CAMK1S_jaEWV=F6iHKZw_6u5ncDW0bPosNx-03W9bOLOfEEEY1Q@mail.gmail.com/

FWIW I think most servers who find themselves needing such a hook use it
to e.g. log how many fetches a given repository might serve, and end up
instead wrapping git commands in some custom shell.

It's also possible to imagine a much deeper integration for such a hook,
e.g. something that would allow you to implement the functionality of
the uploadpack.* variables and more in your own code, but I don't know
if that's the sort of thing you're imagining.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Git extra hook, pre-upload
  2018-12-30 21:34 ` Ævar Arnfjörð Bjarmason
@ 2019-01-02 17:27   ` Junio C Hamano
  2019-01-03  7:29   ` Jeff King
  1 sibling, 0 replies; 5+ messages in thread
From: Junio C Hamano @ 2019-01-02 17:27 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason; +Cc: Xheroz 128, git

Ævar Arnfjörð Bjarmason <avarab@gmail.com> writes:

> We do not have such a pre-upload hook, but could have one. There's an
> old thread from 2011 detailing some potential downsides:
>
> https://public-inbox.org/git/CAMK1S_jaEWV=F6iHKZw_6u5ncDW0bPosNx-03W9bOLOfEEEY1Q@mail.gmail.com/
>
> FWIW I think most servers who find themselves needing such a hook use it
> to e.g. log how many fetches a given repository might serve, and end up
> instead wrapping git commands in some custom shell.

Thanks for a concise summary.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Git extra hook, pre-upload
  2018-12-30 21:34 ` Ævar Arnfjörð Bjarmason
  2019-01-02 17:27   ` Junio C Hamano
@ 2019-01-03  7:29   ` Jeff King
       [not found]     ` <A842150D-2A45-4ABB-9B0F-DF516F7A2737@gmail.com>
  1 sibling, 1 reply; 5+ messages in thread
From: Jeff King @ 2019-01-03  7:29 UTC (permalink / raw)
  To: Ævar Arnfjörð Bjarmason; +Cc: Xheroz 128, git

On Sun, Dec 30, 2018 at 10:34:26PM +0100, Ævar Arnfjörð Bjarmason wrote:

> 
> On Sun, Dec 30 2018, Xheroz 128 wrote:
> 
> > Currently, I’m doing my Final Year Project that requires a hook that executes automatically on the server side of the repository, before the objects been pulled to the client side, and after the objects have been pushed to the server side, which is "post-receive" hook. The post-receive hook work well for me, but I couldn’t find any hook to be executed immediately before an upload-operation is performed, i.e. before data is sent to the client.
> >
> > Why Git doesn't have a hook that executed immediately before the data is sent to the client? Any advice on getting this hook or any similar function of the hook?
> 
> We do not have such a pre-upload hook, but could have one. There's an
> old thread from 2011 detailing some potential downsides:
> 
> https://public-inbox.org/git/CAMK1S_jaEWV=F6iHKZw_6u5ncDW0bPosNx-03W9bOLOfEEEY1Q@mail.gmail.com/
> 
> FWIW I think most servers who find themselves needing such a hook use it
> to e.g. log how many fetches a given repository might serve, and end up
> instead wrapping git commands in some custom shell.
> 
> It's also possible to imagine a much deeper integration for such a hook,
> e.g. something that would allow you to implement the functionality of
> the uploadpack.* variables and more in your own code, but I don't know
> if that's the sort of thing you're imagining.

Since that thread, we've added this config:

  uploadpack.packObjectsHook
	     If this option is set, when upload-pack would run git
	     pack-objects to create a packfile for a client, it will run
	     this shell command instead. The pack-objects command and
	     arguments it would have run (including the git pack-objects
	     at the beginning) are appended to the shell command. The
	     stdin and stdout of the hook are treated as if pack-objects
	     itself was run. I.e., upload-pack will feed input intended
	     for pack-objects to the hook, and expects a completed
	     packfile on stdout.

	     Note that this configuration variable is ignored if it is
	     seen in the repository-level config (this is a safety
	     measure against fetching from untrusted repositories).

So:

  1. That's some prior art for how an upload-pack hook could behave
     without introducing a security problem.

  2. Depending on what you want to do, this hook may be enough already.
     But it can't do everything (for instance, a fetch which results in
     no objects being requested would not trigger the hook at all, so if
     you were planning to keep stats about no-op fetches, it would not
     work).

-Peff

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Git extra hook, pre-upload
       [not found]     ` <A842150D-2A45-4ABB-9B0F-DF516F7A2737@gmail.com>
@ 2019-01-06  6:07       ` Jeff King
  0 siblings, 0 replies; 5+ messages in thread
From: Jeff King @ 2019-01-06  6:07 UTC (permalink / raw)
  To: Xheroz 128; +Cc: git

[re-add git@vger cc]

On Sat, Jan 05, 2019 at 01:47:11PM +0900, Xheroz 128 wrote:

> Thank you for all your replies. I have read the thread from 2011 and
> understand the reason of the insecure part using pre and post upload
> hooks.
> But for my project I would still like to use pre-upload hook. But I do
> not know how to enable the ALLOW_INSECURE_HOOKS in my system. How to
> configure it?

We never actually merged that patch, so there is no such build-time knob
in Git. I.e., you can either use the uploadpack.packObjectsHook feature,
or you will have to make a custom patch yourself.

-Peff

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2019-01-06  6:07 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-30 20:11 Git extra hook, pre-upload Xheroz 128
2018-12-30 21:34 ` Ævar Arnfjörð Bjarmason
2019-01-02 17:27   ` Junio C Hamano
2019-01-03  7:29   ` Jeff King
     [not found]     ` <A842150D-2A45-4ABB-9B0F-DF516F7A2737@gmail.com>
2019-01-06  6:07       ` Jeff King

git@vger.kernel.org list mirror (unofficial, one of many)

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 git git/ https://public-inbox.org/git \
		git@vger.kernel.org
	public-inbox-index git

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://7fh6tueqddpjyxjmgtdiueylzoqt6pt7hec3pukyptlmohoowvhde4yd.onion/inbox.comp.version-control.git
	nntp://ie5yzdi7fg72h7s4sdcztq5evakq23rdt33mfyfcddc5u3ndnw24ogqd.onion/inbox.comp.version-control.git
	nntp://4uok3hntl7oi7b4uf4rtfwefqeexfzil2w6kgk2jn5z2f764irre7byd.onion/inbox.comp.version-control.git
	nntp://news.gmane.io/gmane.comp.version-control.git
 note: .onion URLs require Tor: https://www.torproject.org/

code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/git.git

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git