c2c7fdf691
---
type: change
message: |-
Support non-fastforward commits
This includes:
* adding a filter to accessctl which can be used to allow non-ff commits, and
augmenting the default access controls to deny non-ff commits for master.
VerifyCommits was then modified to use that new functionality, and then tests
were added to cover that.
* adding a `VerifyBranchCanSetHEADTo` method, and using that in the pre-receive
hook rather than putting all the logic in the hook itself.
`VerifyBranchCanSetHEADTo` is thoroughly tested, and the tests for it ended up
uncovering some broken aspects of `VerifyCommits` as well, so those are fixed
too.
change_hash: ACTyCsTFBnAjGAek355IU3I6MioLIx5mb1mS4YjMUrF5
credentials:
- type: pgp_signature
pub_key_id: 95C46FA6A41148AC
body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl6jPvsACgkQlcRvpqQRSKxfag/+JD8bs7zbFZc3XzLWz3vOhPl3OaxdXbQoqlCVywBSZ1dHrJ7BtbTltQpRgNRv+Khs/ibQAUphDFKsAauF7IKZu2fcluMYH1kulEZsYzHFZUz3zDNcPtZhD/KdPgBRSa4tv76iaeCvGGv7Eb9zHxzYiXofkf8Bkn7n63D3aE1N3MhceSPAU07johiZnjXpb2UGonLq1kQlCcEAy57H82iv0N21QjJmZ/bSNgT9d6c9kEb4lmOCs1ZWvW7kzqVLXkhgZ2/77nLKTaFvsTjA6MOodD2vrLQ4KmHmWLjYA2PmqMLkSKoMIUQhatIZiBiJNvF0HztPiIhCJLVwu5eGnVGQwMR74IOBoATlb8R7FuqOhX70b4B0W8O7ovIDWM5dNatKyrzJkJ9lWPX61dP6cx7cshM3dQAr+Xmjvu2CTllIFg01b0j3Ec0epbbXbb5QsuWleaEbsqatktRMiISC/6ix2ijH/n5vYq9GsDS9VhpsXLHdBVIiveorAXr92BR0wrHF2p7sSy7sptcmNLXe4SlJVHi4AHw7qbixoZKo4mPQepsxaIbeBNG74X0Wg4MGKDBUfQ2kX8JpU4jq/ZVDBGAY6CfH9s1Zns4BVQBokBeCUgh3Iik6NzeKAiPTNnD20JfXxaX1OfJIwP8yopUnqJQXdjqV0KFPRym0VNZyCXQEHFU=
account: mediocregopher
|
||
|---|---|---|
| .dehub | ||
| accessctl | ||
| cmd | ||
| fs | ||
| sigcred | ||
| typeobj | ||
| yamlutil | ||
| .gitignore | ||
| commit_change_test.go | ||
| commit_change.go | ||
| commit_comment.go | ||
| commit_credential_test.go | ||
| commit_credential.go | ||
| commit_test.go | ||
| commit.go | ||
| config.go | ||
| diff.go | ||
| Dockerfile.dehub-remote | ||
| go.mod | ||
| go.sum | ||
| hash_test.go | ||
| hash.go | ||
| README.md | ||
| repo_test.go | ||
| repo.go | ||
| ROADMAP.md | ||
| SPEC.md | ||
dehub
dehub aims to provide all the features of a git hosting platform, but without the hosting part. These features include:
User management - Authentication that commits come from the user they say they do, and fine-grained control over which users can do what.
Pull requests and issues - Facilitation of discussion via comment commits, and fine-grained (down to the file level) sign-off requirements.
Tags and releases* - Mark releases in the repo itself, and provide immutable and verifiable git tags so there's never any funny business.
Plugins*: Extend all aspects of dehub functionality via executables managed in the repo itself (in the same style as git hooks).
Key Concepts
To implement these features, dehub combines two key concepts:
First, repo configuration is defined in the repo itself. A file called
.dehub/config.yml contains all information related to user accounts, their pgp
keys, branch and file level access controls, and more. Every commit must adhere
to the configuration of its parent in order to be considered verifiable. The
configuration file is committed to the repo like any other file would be, and so
is even able to define the access controls on itself.
Second, the commit message of every dehub commit contains YAML encoded metadata,
which allows dehub to extend git and provide multiple commit types, each with
its own capabilities and restrictions. Some example dehub commit types are
change commits, comment commits, and credential commits.
Infrastructure (or lack thereof)
Because a dehub project is entirely housed within a traditional git project, which is merely a collection of files, any existing git or network filesystem infrastructure can be used to host any dehub project:
-
The most barebones git daemon server (with a simple pre-receive hook set up).
-
A remote SSH endpoint.
-
A mailing list (aka the old school way).
-
Network file syncing utilities such as dropbox, syncthing, or NFS.
-
Existing git project hosts like GitHub, Bitbucket, or Keybase.
-
Decentralized filesystems such as IPFS*.
* Planned feature, but not yet implemented.
Getting Started
The dehub project itself can be found by cloning
https://dehub.dev/src/dehub.git.
Installation of the dehub tool is currently done via the go get command:
go get dehub.dev/src/dehub.git/cmd/dehub
This will install the binary to your $GOBIN path, which you'll want to put in
your $PATH. Run go env if you're not sure where your $GOBIN is.
Once installed, running dehub -h should show you the help output of the
command. You can continue on to the tutorials if you're not sure where to go
from here.
Tutorials
The following tutorials will guide you through the basic usage of dehub. As dehub is still very much in development a high level of git and PGP profiency is still required in order to use dehub effectively.
TODO
Documentation
The SPEC is the best place to see every possible nitty-gritty detail of how dehub works. It attempts to be both human-readable and exhaustive in its coverage.
Other links
ROADMAP documents upcoming features and other work required on the project. If you're looking to contribute, this is a great place to start.
dehub-remote is a simple docker image which can be used to host a remote dehub project over http(s). The endpoint will automatically verify all pushed commits.
git-http-server is a small server which makes a git repo's file tree available via http. It will automatically render markdown files to html as well. git-http-server is used to render dehub's website.