diff --git a/Documentation/config.txt b/Documentation/config.txt index 29369d051b1d82..965ed746da0901 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1188,6 +1188,10 @@ receive.unpackLimit:: especially on slow filesystems. If not set, the value of `transfer.unpackLimit` is used instead. +receive.denyDeletes:: + If set to true, git-receive-pack will deny a ref update that deletes + the ref. Use this to prevent such a ref deletion via a push. + receive.denyNonFastForwards:: If set to true, git-receive-pack will deny a ref update which is not a fast forward. Use this to prevent such an update via a push, diff --git a/builtin-receive-pack.c b/builtin-receive-pack.c index 9f60f31c2bb7da..2c0225c89a44a2 100644 --- a/builtin-receive-pack.c +++ b/builtin-receive-pack.c @@ -11,6 +11,7 @@ static const char receive_pack_usage[] = "git-receive-pack "; +static int deny_deletes = 0; static int deny_non_fast_forwards = 0; static int receive_fsck_objects; static int receive_unpack_limit = -1; @@ -23,6 +24,11 @@ static int capabilities_sent; static int receive_pack_config(const char *var, const char *value, void *cb) { + if (strcmp(var, "receive.denydeletes") == 0) { + deny_deletes = git_config_bool(var, value); + return 0; + } + if (strcmp(var, "receive.denynonfastforwards") == 0) { deny_non_fast_forwards = git_config_bool(var, value); return 0; @@ -185,6 +191,12 @@ static const char *update(struct command *cmd) "but I can't find it!", sha1_to_hex(new_sha1)); return "bad pack"; } + if (deny_deletes && is_null_sha1(new_sha1) && + !is_null_sha1(old_sha1) && + !prefixcmp(name, "refs/heads/")) { + error("denying ref deletion for %s", name); + return "deletion prohibited"; + } if (deny_non_fast_forwards && !is_null_sha1(new_sha1) && !is_null_sha1(old_sha1) && !prefixcmp(name, "refs/heads/")) { diff --git a/t/t5400-send-pack.sh b/t/t5400-send-pack.sh index 544771d8fa98ec..6fe2f87b850c1a 100755 --- a/t/t5400-send-pack.sh +++ b/t/t5400-send-pack.sh @@ -103,6 +103,17 @@ unset GIT_CONFIG GIT_CONFIG_LOCAL HOME=`pwd`/no-such-directory export HOME ;# this way we force the victim/.git/config to be used. +test_expect_failure \ + 'pushing a delete should be denied with denyDeletes' ' + cd victim && + git config receive.denyDeletes true && + git branch extra master && + cd .. && + test -f victim/.git/refs/heads/extra && + test_must_fail git send-pack ./victim/.git/ :extra master +' +rm -f victim/.git/refs/heads/extra + test_expect_success \ 'pushing with --force should be denied with denyNonFastforwards' ' cd victim &&