post-receive.hook (1646B)
1 #!/bin/sh 2 # 3 # Copyright (c) 2026 Fred Großkopf 4 # 5 # Permission to use, copy, modify, and/or distribute this software for any 6 # purpose with or without fee is hereby granted, provided that the above 7 # copyright notice and this permission notice appear in all copies. 8 # 9 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 17 set -euf 18 19 QUEUE_DIR="/var/spool/gitpages/queue" 20 21 sanitize_repo_name() { 22 name="$1" 23 24 # WHITELIST: ONLY these chars allowed 25 name=$(printf '%s' "$name" | tr -cd 'A-Za-z0-9_-') 26 27 # Reject if invalid length or format 28 if [ ${#name} -lt 1 ] || [ ${#name} -gt 32 ]; then 29 printf '%s\n' "invalid" >&2 30 exit 1 31 fi 32 33 # Reject if just separators or ending with seperators 34 case "$name" in 35 "-" | "_" | *"-" | *"_") printf '%s\n' "invalid" >&2; exit 1 ;; 36 esac 37 38 # No leading digits 39 if echo "$name" | grep -q '^[0-9]' ; then 40 printf '%s\n' "invalid" >&2; exit 1 41 fi 42 43 printf '%s\n' "$name" 44 } 45 46 main() { 47 REPO_PATH="$PWD" 48 49 repo_name=$(basename "$REPO_PATH" .git) 50 safe_repo_name=$(sanitize_repo_name "$repo_name") 51 jobfile="$QUEUE_DIR/$safe_repo_name" 52 53 umask 002 54 55 printf '%s\n' "$REPO_PATH" > "$jobfile.$$" 56 mv "$jobfile.$$" "$jobfile" 57 } 58 59 main