#4071: Block pushes to origin/ in gitolite ACLs

[Fedora Release Engineering]

#4071: Block pushes to origin/ in gitolite ACLs
-----------------------+-----------------------
  Reporter:  jkeating  |      Owner:  rel-eng@…
      Type:  task      |     Status:  new
 Milestone:            |  Component:  git
Resolution:            |   Keywords:  meeting
Blocked By:            |   Blocking:
-----------------------+-----------------------

Comment (by bochecha):

 Here are the new patches, based on the discussion in the last releng
 meeting.

 First patch is the same as before: it implements the hook (now with a
 better regexp than before) and sets it to be deployed in '''newly
 created''' git repositories.

 Second patch is just some reorganization of a role in Ansible, to make the
 existing git check script easier to reuse.

 Third patch adds to the git check script a new test, to verify that the
 update hooks are properly set up, and optionally fix it if not. This is
 what we can use to go over all '''existing''' git repositories and add the
 new hook to them. The command to run would be:

 {{{
 $ git check-perms --check=update-hook [--fix] /srv/git/rpms
 }}}

 Fourth patch is completely optional, but I figured I'd throw it out there,
 in case it is useful. It just schedules a weekly execution of the check
 script, to ensure that we don't have any  repositories left that somehow
 don't have the right update hooks.

-- 
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/4071#comment:5>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project