etc: The pre-push hook says which commits failed the signature check.
* etc/git/pre-push: Check each commit's signature individually so that we can report which commits fail the check.
This commit is contained in:
Leo Famulari
parent
4621acfd82
commit
f0d0c5bb18
|
|
@ -40,17 +40,29 @@ do
|
||||||
else
|
else
|
||||||
if [ "$remote_sha" = $z40 ]
|
if [ "$remote_sha" = $z40 ]
|
||||||
then
|
then
|
||||||
# New branch, examine all commits
|
# We are pushing a new branch. To prevent wasting too
|
||||||
range="$local_sha"
|
# much time for this relatively rare case, we examine
|
||||||
|
# all commits since the first signed commit, rather than
|
||||||
|
# the full history. This check *will* fail, and the user
|
||||||
|
# will need to temporarily disable the hook to push the
|
||||||
|
# new branch.
|
||||||
|
range="e3d0fcbf7e55e8cbe8d0a1c5a24d73f341d7243b..$local_sha"
|
||||||
else
|
else
|
||||||
# Update to existing branch, examine new commits
|
# Update to existing branch, examine new commits
|
||||||
range="$remote_sha..$local_sha"
|
range="$remote_sha..$local_sha"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Verify the signatures of all commits being pushed.
|
# Verify the signatures of all commits being pushed.
|
||||||
git verify-commit $(git rev-list $range) >/dev/null 2>&1
|
ret=0
|
||||||
|
for commit in $(git rev-list $range)
|
||||||
exit $?
|
do
|
||||||
|
if ! git verify-commit $commit >/dev/null 2>&1
|
||||||
|
then
|
||||||
|
printf "%s failed signature check\n" $commit
|
||||||
|
ret=1
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
exit $ret
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue