diff options
author | kwadronaut <kwadronaut@leap.se> | 2017-03-15 21:00:10 +0100 |
---|---|---|
committer | kwadronaut <kwadronaut@leap.se> | 2017-03-15 21:00:10 +0100 |
commit | 64d5c5e5aef06d9dfef68a08040b5d97845253df (patch) | |
tree | a053f8a3c968020b2958dd4478c03cb6a435aec4 /git | |
parent | f60585b4e8822bf71d50bfbee175db2db5d1699a (diff) |
bitmask wants only signed commits, hookscript
Diffstat (limited to 'git')
-rw-r--r-- | git/force-signed-commits-hook | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/git/force-signed-commits-hook b/git/force-signed-commits-hook new file mode 100644 index 0000000..f884399 --- /dev/null +++ b/git/force-signed-commits-hook @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +commit_Oh="0000000000000000000000000000000000000000" + +export GNUPGHOME=/tmp/ + +# don't look at old stuff + +oldstuff="--not --all" + +while read oldrev newrev refname; do + # echo "payload" + echo $refname $oldrev $newrev + + # branch or tag get deleted + if [ "$newrev" = "$zero_commit" ]; then + continue + fi + + # Check for new branch or tag + if [ "$oldrev" = "$zero_commit" ]; then + span=`git rev-list $newrev $excludeExisting` + else + span=`git rev-list $oldrev..$newrev $excludeExisting` + fi + + for COMMIT in $span; + do + unsigned=$(git log --pretty="format:%G?" $COMMIT 2>&1) + case $unsigned in + [N]) + echo Commit $COMMIT was NOT signed by an OpenPGP key. REFUSING + exit 1 + *) + echo Commit $COMMIT was probably signed. Is it trusted? + esac + done +done +exit 0 |