From 6fb43c29f63b85c3424520819427903e5a204426 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Sun, 1 Oct 2017 13:16:03 +0100
Subject: Pass some git environment variables to the test-receive hook

Since git 2.11, git has stored the proposed push in a "quarantine
area" until it is accepted by the pre-receive hook, and passed
extra environment variables to the pre-receive hook so that it can
read objects from the quarantine area.

This fixes untrusted push on modern git versions.

Signed-off-by: Simon McVittie <smcv@debian.org>
---
 IkiWiki/Wrapper.pm | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'IkiWiki')

diff --git a/IkiWiki/Wrapper.pm b/IkiWiki/Wrapper.pm
index d8a387ec1..739ee3173 100644
--- a/IkiWiki/Wrapper.pm
+++ b/IkiWiki/Wrapper.pm
@@ -52,6 +52,8 @@ sub gen_wrapper () {
 		       HTTP_COOKIE REMOTE_USER HTTPS REDIRECT_STATUS
 		       HTTP_HOST SERVER_PORT HTTPS HTTP_ACCEPT
 		       REDIRECT_URL} if $config{cgi};
+	push @envsave, qw{GIT_OBJECT_DIRECTORY GIT_QUARANTINE_PATH
+	               GIT_ALTERNATE_OBJECT_DIRECTORIES} if $config{test_receive};
 	my $envsave="";
 	foreach my $var (@envsave) {
 		$envsave.=<<"EOF";
-- 
cgit v1.2.3