Opened 15 years ago

Closed 15 years ago

#221 closed task (wontfix) post-commit hook

Reported by: wadeb Owned by: bernie
Priority: normal Milestone:
Component: Version: Unspecified
Severity: Minor Keywords:
Cc: Distribution/OS: Unspecified
Bug Status: Unconfirmed


I'd like to have a post-commit hook on which does the following when a specially formatted vXXX tag is pushed to an activity repository:

  • Generates .xo and .tar.bz2 bundles.
  • Copies these to appropriate directories on

Currently, each activity committer who wants to make a release must have a shell account. This places a prohibitive dependency on the infrastructure team to get new activities posted.

There is a possible security issue here. A rogue activity developer could create a new activity repository and set the name to the same name as an existing activity. They would then be able to silently overwrite the other activity's releases on

To solve this, the post-commit hook should maintain the path to the repository which first executed the post-commit hook, and disallow other repositories from executing the post-commit hook.

This can be as simple as writing a file containing the repository URL which first posts a bundle to:

Then this file would be checked before allowing further bundle postings.

Change History (4)

comment:1 Changed 15 years ago by wadeb

Earlier discussion on this matter is found in ticket #199.

comment:2 Changed 15 years ago by bernie

  • Bug Status set to Unconfimed
  • Distribution/OS set to Unspecified
  • Severity set to Blocker

I had a look but it's non trivial: gitorious already uses the post-commit (post-receive, actually) for its own business and such script is written in ruby.

I don't see myself finding the time to work on it anytime soon...

comment:3 Changed 15 years ago by bernie

  • Severity changed from Blocker to Minor

Oh, and another solution would be fishing

comment:4 Changed 15 years ago by wadeb

  • Resolution set to wontfix
  • Status changed from new to closed

I'm closing this ticket since addons is now functional.

Note: See TracTickets for help on using tickets.