Johannes Sixt <[email protected]> writes: > I think this is a good move. Hooks are written by users, who sometimes > are not clueful enough.
Thanks for a sanity check. I do not think it is about cluefulness in this particular case. A rule that is not meaningfully enforced by reliably failing offenders is a rule that is hard to follow if a clueful user wanted to. This round comes with a test, but depending on the size of your pipe buffer and context switching race, an unpatched Git may pass it (reducing the test_seq number down to say 199 would certainly make it pass without the fix most of the time). -- >8 -- Subject: [PATCH] receive-pack: allow hooks to ignore its standard input stream The pre-receive and post-receive hooks were designed to be an improvement over old style update and post-update hooks, which take the update information on their command line and are limited by the command line length limit. The same information is fed from the standard input to pre/post-receive hooks instead to lift this limitation. It has been mandatory for these new style hooks to consume the update information fully from the standard input stream. Otherwise, they would risk killing the receive-pack process via SIGPIPE. If a hook does not want to look at all the information, it is easy to send its standard input to /dev/null (perhaps a niche use of hook might need to know only the fact that a push was made, without having to know what objects have been pushed to update which refs), and this has already been done by existing hooks that are written carefully. However, because there is no good way to consistently fail hooks that do not consume the input fully (a small push may result in a short update record that may fit within the pipe buffer, to which the receive-pack process may manage to write before the hook has a chance to exit without reading anything, which will not result in a death-by-SIGPIPE of receive-pack), it can lead to a hard to diagnose "once in a blue moon" phantom failure. Lift this "hooks must consume their input fully" mandate. A mandate that is not enforced strictly is not helping us to catch mistakes in hooks. If a hook has a good reason to decide the outcome of its operation without reading the information we feed it, let it do so as it pleases. Signed-off-by: Junio C Hamano <[email protected]> --- builtin/receive-pack.c | 6 ++++++ t/t5401-update-hooks.sh | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index f93ac45..516386f 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -15,6 +15,7 @@ #include "connected.h" #include "argv-array.h" #include "version.h" +#include "sigchain.h" static const char receive_pack_usage[] = "git receive-pack <git-dir>"; @@ -288,6 +289,8 @@ static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_sta return code; } + sigchain_push(SIGPIPE, SIG_IGN); + while (1) { const char *buf; size_t n; @@ -299,6 +302,9 @@ static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_sta close(proc.in); if (use_sideband) finish_async(&muxer); + + sigchain_pop(SIGPIPE); + return finish_command(&proc); } diff --git a/t/t5401-update-hooks.sh b/t/t5401-update-hooks.sh index 17bcb0b..7f278d8 100755 --- a/t/t5401-update-hooks.sh +++ b/t/t5401-update-hooks.sh @@ -135,4 +135,17 @@ test_expect_success 'send-pack stderr contains hook messages' ' test_cmp expect actual ' +test_expect_success 'pre-receive hook that forgets to read its input' ' + write_script victim.git/hooks/pre-receive <<-\EOF && + exit 0 + EOF + rm -f victim.git/hooks/update victim.git/hooks/post-update && + + for v in $(test_seq 100 999) + do + git branch branch_$v master || return + done && + git push ./victim.git "+refs/heads/*:refs/heads/*" +' + test_done -- 2.1.0-403-g099cf47 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
