We are creating a system in which users will be able to push arbitrary content to a shared Git repository. Our server will then checkout the repository and use the files.
To reduce risks, I'd like the git checkout
command not to write any .exe
, .cmd
, .bat
etc. on disk, and control which file types will be written.
How to configure Git (either using a configuration file, or a command-line argument) to ignore/skip specific file types at checkout?
Note that I'm running Git for Windows.
The first thing that comes to my mind is to use a smudge filter that you can specify as part of your
gitattributes
file (Customizing Git - Git Attributes).Or, if you want to prevent these files from being committed in the first place, maybe placing a
pre-recieve
hook (Git hooks) on your git server might be the way to go.