blob: 9cd76f4281c6ee44a27bc33fa45039fef30ff1cc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
#!/usr/bin/env bash
commit_Oh="0000000000000000000000000000000000000000"
export GNUPGHOME=/tmp/
# don't look at old stuff
oldstuff="--not --all"
while read oldrev newrev refname; do
# echo "payload"
echo $refname $oldrev $newrev
# branch or tag get deleted
if [ "$newrev" = "$commit_Oh" ]; then
continue
fi
# Check for new branch or tag
if [ "$oldrev" = "$commit_Oh" ]; then
span=`git rev-list $newrev $oldstuff`
else
span=`git rev-list $oldrev..$newrev $oldstuff`
fi
for COMMIT in $span;
do
unsigned=$(git log --pretty="format:%G?" $COMMIT 2>&1)
case $unsigned in
[N])
echo Commit $COMMIT was NOT signed by an OpenPGP key. REFUSING
exit 1
*)
echo Commit $COMMIT was probably signed. Is it trusted?
esac
done
done
exit 0
|