Hi Simon, Simon Tournier <[email protected]> writes:
> Hi Maxim > > On Sat, 21 Mar 2026 at 12:12, Maxim Cournoyer <[email protected]> wrote: > >> etc/git/post-merge | 8 +++++++- >> 1 file changed, 7 insertions(+), 1 deletion(-) >> > > [...] > >> +else >> + exec guix git authenticate >> +fi > > I’m not a fan to authenticate again and again after each rebase / merge. > > I would prefer to use the post-checkout hook. WDYT? Perhaps that could go in a different PR/commit as this changes from what we've been doing. The doc of the post-checkout hook says: --8<---------------cut here---------------start------------->8--- post-checkout This hook is invoked when a git-checkout(1) or git-switch(1) is run after having updated the worktree. The hook is given three parameters: the ref of the previous HEAD, the ref of the new HEAD (which may or may not have changed), and a flag indicating whether the checkout was a branch checkout (changing branches, flag=1) or a file checkout (retrieving a file from the index, flag=0). This hook cannot affect the outcome of git switch or git checkout, other than that the hook’s exit status becomes the exit status of these two commands. It is also run after git-clone(1), unless the --no-checkout (-n) option is used. The first parameter given to the hook is the null-ref, the second the ref of the new HEAD and the flag is always 1. Likewise for git worktree add unless --no-checkout is used. This hook can be used to perform repository validity checks, auto-display differences from the previous HEAD if different, or set working dir metadata properties. --8<---------------cut here---------------end--------------->8--- So it seems it'd run only on the original 'git clone' and any time we change/create a branch, which is not the same. I think the rationale for having it in post-merge is to ensure the commits you pull with 'git pull' are authenticated as soon as they are installed, which makes sense; but it's also perhaps incomplete as I always do the equivalent of 'git pull --rebase', which if I read 'man 5 githooks' correctly, would trigger the post-rewrite but not the post-merge hook. I think to cover for the initial 'git clone as well as 'git pull' (merge) or 'git pull --rebase' (rewrite/rebase), we'd need to put the 'git authenticate' logic in all of these hooks: - post-checkout - post-merge (already there) - post-rewrite - pre-push (already there) What do you think? -- Thanks, Maxim
