From 40252c20f75188147558c0135bf71de907e01442 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Mon, 15 Aug 2016 21:23:44 -0400 Subject: RepoHook: allow users to approve hooks via manifests The constant prompting when registered hooks change can be tedious and has a large multiplication factor when the project is large (e.g. the AOSP). It gets worse as people want to write more checks, hooks, docs, and tests (or fix bugs), but every CL that goes in will trigger a new prompt to approve. Let's tweak our trust model when it comes to hooks. Since people start off by calling `repo init` with a URL to a manifest, and that manifest defines all the hooks, anchor trust in that. This requires that we get the manifest over a trusted link (e.g. https or ssh) so that it can't be MITM-ed. If the user chooses to use an untrusted link (e.g. git or http), then we'll fallback to the existing hash based approval. Bug: Issue 226 Change-Id: I77be9e4397383f264fcdaefb582e345ea4069a13 --- subcmds/upload.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'subcmds/upload.py') diff --git a/subcmds/upload.py b/subcmds/upload.py index 674fc17d..4b05f1e8 100644 --- a/subcmds/upload.py +++ b/subcmds/upload.py @@ -456,7 +456,9 @@ Gerrit Code Review: http://code.google.com/p/gerrit/ if pending and (not opt.bypass_hooks): hook = RepoHook('pre-upload', self.manifest.repo_hooks_project, - self.manifest.topdir, abort_if_user_denies=True) + self.manifest.topdir, + self.manifest.manifestProject.GetRemote('origin').url, + abort_if_user_denies=True) pending_proj_names = [project.name for (project, avail) in pending] pending_worktrees = [project.worktree for (project, avail) in pending] try: -- cgit v1.2.3-54-g00ecf