Created
July 13, 2023 15:19
-
-
Save limitedeternity/f376691e2c7385b598da914631b9d96f to your computer and use it in GitHub Desktop.
These hooks enforce commits to be signed, because most Git GUI clients don't support x509 signatures
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export LC_ALL=en_US.utf8 | |
| set -o nounset | |
| set -o pipefail | |
| set +o histexpand | |
| RED='\033[0;31m' | |
| YELLOW='\033[33m' | |
| GREEN='\033[0;32m' | |
| YELLOW_BACK='\033[30;43m' | |
| NC='\033[0m' | |
| head_sha=$(git rev-parse --short HEAD) | |
| if git verify-commit HEAD &> /dev/null; then | |
| printf "${GREEN}$head_sha is signed${NC}\n\n" | |
| exit 0 | |
| fi | |
| stashed=false | |
| if ! git diff-index --quiet HEAD --; then | |
| git stash --include-untracked --keep-index | |
| stashed=true | |
| fi | |
| printf "${YELLOW}Signing $head_sha${NC}\n\n" | |
| FILTER_BRANCH_SQUELCH_WARNING=1 git filter-branch -f --commit-filter 'git commit-tree -S "$@";' HEAD~1..HEAD | |
| if [[ "$stashed" == true ]]; then | |
| git stash pop | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export LC_ALL=en_US.utf8 | |
| set -o nounset | |
| set -o pipefail | |
| set +o histexpand | |
| RED='\033[0;31m' | |
| YELLOW='\033[33m' | |
| GREEN='\033[0;32m' | |
| YELLOW_BACK='\033[30;43m' | |
| NC='\033[0m' | |
| if [[ "$1" != "rebase" ]]; then | |
| exit 0 | |
| fi | |
| stashed=false | |
| if ! git diff-index --quiet HEAD --; then | |
| git stash --include-untracked --keep-index | |
| stashed=true | |
| fi | |
| while read pre post ref ; do | |
| unsigned=false | |
| from=$post | |
| to=HEAD | |
| for commit in $(git rev-list --reverse $from~1..$to); do | |
| if ! git verify-commit $commit &> /dev/null; then | |
| unsigned=true | |
| from=$commit | |
| break | |
| fi | |
| done | |
| from_sha=$(git rev-parse --short $from~1) | |
| to_sha=$(git rev-parse --short $to) | |
| if [[ "$unsigned" == false ]]; then | |
| printf "${GREEN}$from_sha..$to_sha are signed${NC}\n\n" | |
| continue | |
| fi | |
| printf "${YELLOW}Signing $from_sha..$to_sha${NC}\n\n" | |
| FILTER_BRANCH_SQUELCH_WARNING=1 git filter-branch -f --commit-filter 'git commit-tree -S "$@";' $from~1..$to | |
| done | |
| if [[ "$stashed" == true ]]; then | |
| git stash pop | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment