Created
July 8, 2020 18:23
-
-
Save matheusd/76118f9fac96e11df5f6ff4f19dbd8cf to your computer and use it in GitHub Desktop.
Pre-push hook to verify all commits were gpg signed
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Somewhat adapted from the same hook and from | |
| # https://gist.github.com/kotnik/ef3a62316aa5e8e788a6e4365cb41878 | |
| # | |
| # Uses my git lshort alias on error. | |
| remote="$1" | |
| url="$2" | |
| z40=0000000000000000000000000000000000000000 | |
| while read local_ref local_sha remote_ref remote_sha | |
| do | |
| if [ "$local_sha" = $z40 ] | |
| then | |
| # Handle delete | |
| : | |
| else | |
| if [ "$remote_sha" = $z40 ] | |
| then | |
| # New branch, examine all commits | |
| range="$local_sha" | |
| else | |
| # Update to existing branch, examine new commits | |
| range="$remote_sha..$local_sha" | |
| fi | |
| span=$(git rev-list $range) | |
| for commit in $span ; do | |
| # echo "commit $commit" | |
| has_good_sig=$(git log -1 --format="%H" --show-signature "$commit" | \ | |
| grep "Good signature") | |
| if test -z "$has_good_sig" ; then | |
| echo "*** Commit $commit does not have a good sig ***" | |
| git lshort -1 "$commit" | |
| exit 1 | |
| fi | |
| done | |
| fi | |
| done | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment