Browse Source

etc: The pre-push hook says which commits failed the signature check.

* etc/git/pre-push: Check each commit's signature individually so that
we can report which commits fail the check.
gn-latest-20200428
Leo Famulari 3 years ago
parent
commit
f0d0c5bb18
No known key found for this signature in database GPG Key ID: 2646FA30BACA7F08
1 changed files with 17 additions and 5 deletions
  1. +17
    -5
      etc/git/pre-push

+ 17
- 5
etc/git/pre-push View File

@@ -40,17 +40,29 @@ do
else
if [ "$remote_sha" = $z40 ]
then
# New branch, examine all commits
range="$local_sha"
# We are pushing a new branch. To prevent wasting too
# much time for this relatively rare case, we examine
# all commits since the first signed commit, rather than
# the full history. This check *will* fail, and the user
# will need to temporarily disable the hook to push the
# new branch.
range="e3d0fcbf7e55e8cbe8d0a1c5a24d73f341d7243b..$local_sha"
else
# Update to existing branch, examine new commits
range="$remote_sha..$local_sha"
fi

# Verify the signatures of all commits being pushed.
git verify-commit $(git rev-list $range) >/dev/null 2>&1

exit $?
ret=0
for commit in $(git rev-list $range)
do
if ! git verify-commit $commit >/dev/null 2>&1
then
printf "%s failed signature check\n" $commit
ret=1
fi
done
exit $ret
fi
done



Loading…
Cancel
Save