add stddev to mustache visualization template
[scripts.git] / git / force-signed-commits-hook
1 #!/usr/bin/env bash
2
3 commit_Oh="0000000000000000000000000000000000000000"
4
5 export GNUPGHOME=/tmp/
6
7 # don't look at old stuff
8
9 oldstuff="--not --all"
10
11 while read oldrev newrev refname; do
12   # echo "payload"
13   echo $refname $oldrev $newrev
14
15   # branch or tag get deleted
16   if [ "$newrev" = "$commit_Oh" ]; then
17     continue
18   fi
19
20   # Check for new branch or tag
21   if [ "$oldrev" = "$commit_Oh" ]; then
22     span=`git rev-list $newrev $oldstuff`
23   else
24     span=`git rev-list $oldrev..$newrev $oldstuff`
25   fi
26
27   for COMMIT in $span;
28   do
29     unsigned=$(git log --pretty="format:%G?" $COMMIT 2>&1)
30     case $unsigned in
31       [N])
32          echo Commit $COMMIT was NOT signed by an OpenPGP key. REFUSING
33          exit 1
34       *)
35          echo Commit $COMMIT was probably signed. Is it trusted?
36     esac
37   done
38 done
39 exit 0