[Bugs] #221 NORM: git.sugarlabs.org post-commit hook

[SugarLabs Bugs]

#221: git.sugarlabs.org post-commit hook
-------------------------------+--------------------------------------------
 Reporter:  wadeb              |       Owner:  bernie     
     Type:  task               |      Status:  new        
 Priority:  normal             |   Milestone:             
Component:  git.sugarlabs.org  |     Version:  unspecified
 Keywords:                     |  
-------------------------------+--------------------------------------------
 I'd like to have a post-commit hook on git.sugarlabs.org which does the
 following when a specially formatted vXXX tag is pushed to an activity
 repository:

 * Generates .xo and .tar.bz2 bundles.
 * Copies these to appropriate directories on downloads.sugarlabs.org.

 Currently, each activity committer who wants to make a release must have a
 shell account.  This places a prohibitive dependency on the infrastructure
 team to get new activities posted.

 There is a possible security issue here.  A rogue activity developer could
 create a new activity repository and set the activity.info name to the
 same name as an existing activity.  They would then be able to silently
 overwrite the other activity's releases on download.sugarlabs.org.

 To solve this, the post-commit hook should maintain the path to the
 repository which first executed the post-commit hook, and disallow other
 repositories from executing the post-commit hook.

 This can be as simple as writing a file containing the repository URL
 which first posts a bundle to:

 downloads.sugarlabs.org/activities/Moon/.gitrepository

 Then this file would be checked before allowing further bundle postings.

-- 
Ticket URL: <http://dev.sugarlabs.org/ticket/221>
Sugar Labs <http://sugarlabs.org/>
Sugar Labs bug tracking system