On Thu, 1 Oct 2020, Jonathan Wakely via Gcc wrote:
> The problem is that the script doesn't check whether the new_object is
> 000000000.
>
> I think we want something like this:
>
> --- update_hook 2020-09-02 23:30:25.074884982 +0000
> +++ /tmp/update_hook 2020-10-01 13:57:14.681656258 +0000
> @@ -12,6 +12,12 @@
> ref_name = sys.argv[1]
> old_object = sys.argv[2]
> new_object = sys.argv[3]
> + if re.fullmatch('0+', new_object) is not None:
> + if (not ref_name.startswith('refs/users/')
> + and not ref_name.startswith('refs/vendors/')):
> + error('Only personal and vendor branches can be deleted.')
> + sys.exit(1)
The check for which branches can be deleted is handled through the
restrict-branch-deletion and allow-delete-branch settings. All you should
need is to exit early for new_object indicating ref deletion.
(Remember to use --author when committing to the hooks-bin scripts so the
logs don't show all changes as authored by gccadmin.)
--
Joseph S. Myers
jos...@codesourcery.com
