Git Mailing List Archive on
 help / color / Atom feed
From: Junio C Hamano <>
To: Jakub Narebski <>
Cc: "Shawn O. Pearce" <>,
Subject: Re: Git and securing a repository
Date: Thu, 03 Jan 2008 01:36:48 -0800
Message-ID: <> (raw)
In-Reply-To: <> (Jakub Narebski's message of "Thu, 3 Jan 2008 10:11:24 +0100")

Jakub Narebski <> writes:

> Shawn O. Pearce wrote:
>> Jakub Narebski <> wrote:
>> > AFAIK both update and pre-receive hooks are invoked also on fetch...
>> > but I might be mistaken.
>> No, they are *not* invoked on fetch.  Currently no hooks execute
>> during fetch; either on the server *or* on the client side of
>> the connection.
> Errr... I think at least post-update hook (the one with 
> git-update-server-info by default) is invoked on fetch.

Please don't think then.  Instead check your facts before
posting to avoid wasting bandwidth and people's time.  The
post-update hook is run on the remote end when you push into it.

I do not particularly like hooks that act after an operation is
initiated locally and act solely on local data.  This is maybe
because I still consider git tools building blocks suitable for
higher level scripting more than other people do.

There are five valid reasons you might want a hook to a git

 (1) A hook that countermands the normal decision made by the
     underlying command.  Examples of this class are the update
     hook and the pre-commit hook.

 (2) A hook that operates on data generated after the command
     starts to run.  The ability to munge the commit log message
     by the commit-msg hook is an example.

 (3) A hook that operates on the remote end of the connection
     that you may not otherwise have access to other than over
     the git protocol.  An example is the post-update hook.

 (4) A hook that runs under a lock that is acquired by the
     command for mutual exclusion.  Currently there is no
     example, but if we allowed the update hook to modify the
     commit that was pushed through send-pack => receive-pack
     pair, which was discussed on the list a while ago, it would
     be a good example of this.

 (5) A hook that is run differently depending on the outcome of
     the command.  The post-merge hook conditionally run by
     git-pull is an example of this (it is not even run if no
     merge takes place).  Another example is the post-checkout
     hook that gets information that is otherwise harder to get
     (namely, if it was a branch checkout or file checkout --
     you can figure it out by examining the command line but
     that already is part of the processing git-checkout does
     anyway, so no need to force duplicating that code in the

You cannot do an equivalent operation from outside the git
command for the above classes of operations.  You need hooks
for them.

On the other hand, if you want to always cause an action after
running a git opeation locally, you do not have to have a hook.
You can just run them yourself, or have "git myfetch" wrapper
that does whatever you want after running "git fetch".  Only
when the combination of the underlying command and something
else is widely useful, _and_ that something else needs
flexibility, a hook is warranted (if that something else is
always the same thing, it is better to fold that into the
underlying command).

  reply index

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-02  7:13 Gonzalo Garramuño
2008-01-02  6:34 ` Felipe Balbi
2008-01-02 10:04   ` Gonzalo Garramuño
2008-01-02  9:26     ` David Symonds
2008-01-02 10:39       ` Gonzalo Garramuño
2008-01-02 10:51         ` Jakub Narebski
2008-01-03  3:58           ` Shawn O. Pearce
2008-01-03  4:30             ` Bruno Cesar Ribas
2008-01-03  5:36             ` Gonzalo Garramuño
2008-01-03  4:45               ` Shawn O. Pearce
2008-01-03  6:08                 ` Gonzalo Garramuño
2008-01-03  5:19                   ` Shawn O. Pearce
2008-01-03  9:11             ` Jakub Narebski
2008-01-03  9:36               ` Junio C Hamano [this message]
2008-01-02 19:31     ` Jan Hudec
2008-01-02 19:41       ` Gregory Jefferis
2008-01-02 22:17     ` Linus Torvalds
2008-01-02 16:18 ` Daniel Barkalow

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Git Mailing List Archive on

Archives are clonable:
	git clone --mirror git/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 git git/ \
	public-inbox-index git

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone