commit 598be9170c5e21ba408ba139a2b7bd7da6a04c70
Author: Jelmer Vernooij <jelmer@samba.org>
Date:   Thu Jan 15 23:30:28 2015 +0100

    By default refuse to create index entries with a path starting with .git/.

--- a/dulwich/index.py
+++ b/dulwich/index.py
@@ -390,14 +390,20 @@ def index_entry_from_stat(stat_val, hex_
             stat_val.st_ino, mode, stat_val.st_uid,
             stat_val.st_gid, stat_val.st_size, hex_sha, flags)
 
+def validate_path_default(path):
+    """Default path validator that just checks for .git/."""
+    return not path.startswith(".git/")
 
-def build_index_from_tree(prefix, index_path, object_store, tree_id):
+def build_index_from_tree(prefix, index_path, object_store, tree_id,
+                          validate_path=validate_path_default):
     """Generate and materialize index from a tree
 
     :param tree_id: Tree to materialize
     :param prefix: Target dir for materialized index files
     :param index_path: Target path for generated index
     :param object_store: Non-empty object store holding tree contents
+    :param validate_path: Function to validate paths to check out;
+        default just refuses filenames starting with .git/.
 
     :note:: existing index is wiped and contents are not merged
         in a working dir. Suiteable only for fresh clones.
@@ -406,6 +412,8 @@ def build_index_from_tree(prefix, index_
     index = Index(index_path)
 
     for entry in object_store.iter_tree_contents(tree_id):
+        if not validate_path(entry.path):
+            continue
         full_path = os.path.join(prefix, entry.path)
 
         if not os.path.exists(os.path.dirname(full_path)):
--- a/dulwich/tests/test_index.py
+++ b/dulwich/tests/test_index.py
@@ -248,6 +248,43 @@ class BuildIndexTests(TestCase):
         # Verify no files
         self.assertEquals(['.git'], os.listdir(repo.path))
 
+    def test_git_dir(self):
+        if os.name != 'posix':
+            self.skip("test depends on POSIX shell")
+
+        repo_dir = tempfile.mkdtemp()
+        repo = Repo.init(repo_dir)
+        self.addCleanup(shutil.rmtree, repo_dir)
+
+        # Populate repo
+        filea = Blob.from_string('file a')
+        filee = Blob.from_string('d')
+
+        tree = Tree()
+        tree['.git/a'] = (stat.S_IFREG | 0o644, filea.id)
+        tree['c/e'] = (stat.S_IFREG | 0o644, filee.id)
+
+        repo.object_store.add_objects([(o, None)
+            for o in [filea, filee, tree]])
+
+        build_index_from_tree(repo.path, repo.index_path(),
+                repo.object_store, tree.id)
+
+        # Verify index entries
+        index = repo.open_index()
+        self.assertEqual(len(index), 1)
+
+        # filea
+        apath = os.path.join(repo.path, '.git', 'a')
+        self.assertFalse(os.path.exists(apath))
+
+        # filee
+        epath = os.path.join(repo.path, 'c', 'e')
+        self.assertTrue(os.path.exists(epath))
+        self.assertReasonableIndexEntry(index['c/e'],
+            stat.S_IFREG | 0o644, 1, filee.id)
+        self.assertFileContents(epath, 'd')
+
     def test_nonempty(self):
         if os.name != 'posix':
             self.skip("test depends on POSIX shell")
