[PATCH 1/1] templates: pre-push hook: check for missing GPG signatures (was: Re: [PATCH] Add .gitconfig variable commit.gpg-sign)

Wed, 24 Apr 2013 10:30:37 -0700 

On 04/24/2013 11:51 AM, Michael J Gruber wrote:
> Sebastian Götte venit, vidit, dixit 24.04.2013 10:53:
>>                                          What could be nice would be a
>> config option that makes "git push" warn/abort in case I try to push an
>> unsigned head commit to a repo where I want to have signed commits:
>>> remote.<name>.abortUnsigned
>> This of course needs a command line override switch.
> 
> This appears to be more suited for a server side hook (update), or a new
> pre-push hook.
Ok, here it is ;)
I replaced the previous sample hook code because it did only check for commits
containing "WIP" in their messages which I think is not terribly useful (and
can easily be added to this script. I also added a missing colon that caused my
shell to complain about an empty if.
This patch applies to the current master as it requires the new GPG %G? pretty
placeholder output.

Signed-off-by: Sebastian Götte <ja...@physik-pool.tu-berlin.de>
---
 templates/hooks--pre-push.sample | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/templates/hooks--pre-push.sample b/templates/hooks--pre-push.sample
old mode 100644
new mode 100755
index 15ab6d8..08a72df
--- a/templates/hooks--pre-push.sample
+++ b/templates/hooks--pre-push.sample
@@ -16,20 +16,19 @@
 #
 #   <local ref> <local sha1> <remote ref> <remote sha1>
 #
-# This sample shows how to prevent push of commits where the log message starts
-# with "WIP" (work in progress).
+# This sample shows how to prevent pushing commits without good GPG signatures
 
 remote="$1"
 url="$2"
 
 z40=0000000000000000000000000000000000000000
+ec=0
 
-IFS=' '
 while read local_ref local_sha remote_ref remote_sha
 do
        if [ "$local_sha" = $z40 ]
        then
-               # Handle delete
+               : # Handle delete
        else
                if [ "$remote_sha" = $z40 ]
                then
@@ -40,14 +39,13 @@ do
                        range="$remote_sha..$local_sha"
                fi
 
-               # Check for WIP commit
-               commit=`git rev-list -n 1 --grep '^WIP' "$range"`
-               if [ -n "$commit" ]
-               then
-                       echo "Found WIP commit in $local_ref, not pushing"
-                       exit 1
-               fi
+               commits=`git log --format="%G? %h" "$range" | grep -v '^G' | 
cut -d\  -f2`
+               for commit in $commits
+               do
+                       echo "Commit $commit does not have a good GPG signature"
+                       ec=1
+               done
        fi
 done
 
-exit 0
+exit $ec
-- 
1.8.2

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to