aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-01-23 00:57:46 -0500
committerLeo Famulari <leo@famulari.name>2017-02-08 03:42:08 +0100
commitf0d0c5bb188455e0b82ee3089ba103ef71877c87 (patch)
treef048dc0fa25b9932090041688996146fc4bc8cda
parent4621acfd8272fa93d0530faa5f015b26a194b587 (diff)
downloadguix-f0d0c5bb188455e0b82ee3089ba103ef71877c87.tar
guix-f0d0c5bb188455e0b82ee3089ba103ef71877c87.tar.gz
etc: The pre-push hook says which commits failed the signature check.
* etc/git/pre-push: Check each commit's signature individually so that we can report which commits fail the check.
-rwxr-xr-xetc/git/pre-push22
1 files changed, 17 insertions, 5 deletions
diff --git a/etc/git/pre-push b/etc/git/pre-push
index c894c5a9ec..9206a2dfe5 100755
--- a/etc/git/pre-push
+++ b/etc/git/pre-push
@@ -40,17 +40,29 @@ do
else
if [ "$remote_sha" = $z40 ]
then
- # New branch, examine all commits
- range="$local_sha"
+ # We are pushing a new branch. To prevent wasting too
+ # much time for this relatively rare case, we examine
+ # all commits since the first signed commit, rather than
+ # the full history. This check *will* fail, and the user
+ # will need to temporarily disable the hook to push the
+ # new branch.
+ range="e3d0fcbf7e55e8cbe8d0a1c5a24d73f341d7243b..$local_sha"
else
# Update to existing branch, examine new commits
range="$remote_sha..$local_sha"
fi
# Verify the signatures of all commits being pushed.
- git verify-commit $(git rev-list $range) >/dev/null 2>&1
-
- exit $?
+ ret=0
+ for commit in $(git rev-list $range)
+ do
+ if ! git verify-commit $commit >/dev/null 2>&1
+ then
+ printf "%s failed signature check\n" $commit
+ ret=1
+ fi
+ done
+ exit $ret
fi
done