Web lists-archives.com

Re: Fetch-hooks

On Wed, Feb 07 2018, Leo Gaspard jotted:

> Hello,
> tl;dr: Is there currently a way to have fetch hooks, and if not do you
> think it could be a nice feature?
> I was in the process of implementing hooks for git that ensure the
> repository is always cleanly signed by someone allowed to by the
> repository itself. I think I've completed the signature-checking part
> [1] and the push hook [2] (even though it isn't really configurable at
> the moment).
> However, I was starting to think about handling the fetch step, and
> couldn't find any fetch hook. Is there one?
> If not, would you think it is would be a good idea to add one, that
> would eg. be passed the commit-before, commit-after and could block the
> changing of the reference if it failed?
> The only other solution I could think of is using a separate script for
> fetching, but that would be fragile, as the user could always not think
> about it well and run a git fetch, breaking the objective that after the
> first clone all commits were correctly signature-checked.
> Thanks for reading me!
> Leo
> PS1: I am not subscribed to the ML.
> PS2: I've tried asking freenode#git, without success so far.
> [1]
> https://github.com/Ekleog/signed-git/blob/master/git-hooks/check-range-signed.sh
> [2] https://github.com/Ekleog/signed-git/blob/master/git-hooks/pre-push

There is no fetch hook, however you may find that the
post-{checkout,merge} hooks are suitable for what you want to do.

Setting those to some custom comand is a common pattern for
e.g. compiling some assets on "git pull", so you could similarly check
the commits from HEAD, of course those are post-* hooks, so they won't
stop the checkout.