summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-01-23 00:57:46 -0500
committerLeo Famulari <leo@famulari.name>2017-02-08 03:42:08 +0100
commitf0d0c5bb188455e0b82ee3089ba103ef71877c87 (patch)
treef048dc0fa25b9932090041688996146fc4bc8cda
parent4621acfd8272fa93d0530faa5f015b26a194b587 (diff)
downloadguix-f0d0c5bb188455e0b82ee3089ba103ef71877c87.tar.gz
etc: The pre-push hook says which commits failed the signature check.
* etc/git/pre-push: Check each commit's signature individually so that
we can report which commits fail the check.
-rwxr-xr-xetc/git/pre-push22
1 files changed, 17 insertions, 5 deletions
diff --git a/etc/git/pre-push b/etc/git/pre-push
index c894c5a9ec..9206a2dfe5 100755
--- a/etc/git/pre-push
+++ b/etc/git/pre-push
@@ -40,17 +40,29 @@ do
 	else
 		if [ "$remote_sha" = $z40 ]
 		then
-			# New branch, examine all commits
-			range="$local_sha"
+			# We are pushing a new branch. To prevent wasting too
+			# much time for this relatively rare case, we examine
+			# all commits since the first signed commit, rather than
+			# the full history. This check *will* fail, and the user
+			# will need to temporarily disable the hook to push the
+			# new branch.
+			range="e3d0fcbf7e55e8cbe8d0a1c5a24d73f341d7243b..$local_sha"
 		else
 			# Update to existing branch, examine new commits
 			range="$remote_sha..$local_sha"
 		fi
 
 		# Verify the signatures of all commits being pushed.
-		git verify-commit $(git rev-list $range) >/dev/null 2>&1
-
-		exit $?
+		ret=0
+		for commit in $(git rev-list $range)
+		do
+			if ! git verify-commit $commit >/dev/null 2>&1
+			then
+				printf "%s failed signature check\n" $commit
+				ret=1
+			fi
+		done
+		exit $ret
 	fi
 done