summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2020-05-29 18:19:07 +0200
committerLudovic Courtès <ludo@gnu.org>2020-05-29 18:31:38 +0200
commite65a44649e8d7698c4a888f1de625a67052520e9 (patch)
treefc36c4088a82f2af4d1d52c492d1ee5bf505b9fc
parent17a102332a253f0e3b1f511fa7bda2094264a77c (diff)
downloadguix-e65a44649e8d7698c4a888f1de625a67052520e9.tar.gz
maint: Git pre-push hook runs "make authenticate check-channel-news".
* etc/git/pre-push: Change to run "make authenticate check-channel-news".
-rwxr-xr-xetc/git/pre-push49
1 files changed, 5 insertions, 44 deletions
diff --git a/etc/git/pre-push b/etc/git/pre-push
index 9206a2dfe5..59294f0ffb 100755
--- a/etc/git/pre-push
+++ b/etc/git/pre-push
@@ -1,7 +1,6 @@
 #!/bin/sh
 
-# This hook script prevents the user from pushing to Savannah if any of the new
-# commits' OpenPGP signatures cannot be verified.
+# A hook script that prevents the user from pushing unsigned commits.
 
 # Called by "git push" after it has checked the remote status, but before
 # anything has been pushed.  If this script exits with a non-zero status nothing
@@ -19,51 +18,13 @@
 #
 #   <local ref> <local sha1> <remote ref> <remote sha1>
 
-z40=0000000000000000000000000000000000000000
-
 # Only use the hook when pushing to Savannah.
 case "$2" in
-*git.sv.gnu.org*)
-	break
+    *.gnu.org*)
+	exec make authenticate check-channel-news
+	exit 127
 	;;
-*)
+    *)
 	exit 0
 	;;
 esac
-
-while read local_ref local_sha remote_ref remote_sha
-do
-	if [ "$local_sha" = $z40 ]
-	then
-		# Handle delete
-		:
-	else
-		if [ "$remote_sha" = $z40 ]
-		then
-			# We are pushing a new branch. To prevent wasting too
-			# much time for this relatively rare case, we examine
-			# all commits since the first signed commit, rather than
-			# the full history. This check *will* fail, and the user
-			# will need to temporarily disable the hook to push the
-			# new branch.
-			range="e3d0fcbf7e55e8cbe8d0a1c5a24d73f341d7243b..$local_sha"
-		else
-			# Update to existing branch, examine new commits
-			range="$remote_sha..$local_sha"
-		fi
-
-		# Verify the signatures of all commits being pushed.
-		ret=0
-		for commit in $(git rev-list $range)
-		do
-			if ! git verify-commit $commit >/dev/null 2>&1
-			then
-				printf "%s failed signature check\n" $commit
-				ret=1
-			fi
-		done
-		exit $ret
-	fi
-done
-
-exit 0