3. The `pre-receive` hook MUST NOT update any refs to point to
quarantined objects. Other programs accessing the repository will
not be able to see the objects (and if the pre-receive hook fails,
- those refs would become corrupted).
+ those refs would become corrupted). For safety, any ref updates
+ from within `pre-receive` are automatically rejected.
SEE ALSO
{
struct ref_store *refs = get_ref_store(NULL);
+ if (getenv(GIT_QUARANTINE_ENVIRONMENT)) {
+ strbuf_addstr(err,
+ _("ref updates forbidden inside quarantine environment"));
+ return -1;
+ }
+
return refs->be->transaction_commit(refs, transaction, err);
}
test_cmp expect actual
'
+test_expect_success 'updating a ref from quarantine is forbidden' '
+ git init --bare update.git &&
+ write_script update.git/hooks/pre-receive <<-\EOF &&
+ read old new refname
+ git update-ref refs/heads/unrelated $new
+ exit 1
+ EOF
+ test_must_fail git push update.git HEAD &&
+ git -C update.git fsck
+'
+
test_done