diff options
| author | Leo Famulari <leo@famulari.name> | 2017-01-23 00:57:46 -0500 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2017-02-08 03:42:08 +0100 |
| commit | f0d0c5bb188455e0b82ee3089ba103ef71877c87 (patch) | |
| tree | f048dc0fa25b9932090041688996146fc4bc8cda | |
| parent | 4621acfd8272fa93d0530faa5f015b26a194b587 (diff) | |
| download | guix-f0d0c5bb188455e0b82ee3089ba103ef71877c87.tar guix-f0d0c5bb188455e0b82ee3089ba103ef71877c87.tar.gz | |
etc: The pre-push hook says which commits failed the signature check.
* etc/git/pre-push: Check each commit's signature individually so that
we can report which commits fail the check.
| -rwxr-xr-x | etc/git/pre-push | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/etc/git/pre-push b/etc/git/pre-push index c894c5a9ec..9206a2dfe5 100755 --- a/etc/git/pre-push +++ b/etc/git/pre-push @@ -40,17 +40,29 @@ do else if [ "$remote_sha" = $z40 ] then - # New branch, examine all commits - range="$local_sha" + # We are pushing a new branch. To prevent wasting too + # much time for this relatively rare case, we examine + # all commits since the first signed commit, rather than + # the full history. This check *will* fail, and the user + # will need to temporarily disable the hook to push the + # new branch. + range="e3d0fcbf7e55e8cbe8d0a1c5a24d73f341d7243b..$local_sha" else # Update to existing branch, examine new commits range="$remote_sha..$local_sha" fi # Verify the signatures of all commits being pushed. - git verify-commit $(git rev-list $range) >/dev/null 2>&1 - - exit $? + ret=0 + for commit in $(git rev-list $range) + do + if ! git verify-commit $commit >/dev/null 2>&1 + then + printf "%s failed signature check\n" $commit + ret=1 + fi + done + exit $ret fi done |