aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2019-12-15 22:22:12 -0800
committerRobin H. Johnson <robbat2@gentoo.org>2019-12-15 22:22:12 -0800
commitfcff62262703554ccebdda353f5435aeb6162834 (patch)
treef7dc3987dd25a2e17980e74842a820bbbc21c069
parentlocal: autofixing from shellcheck (diff)
downloadgithooks-fcff62262703554ccebdda353f5435aeb6162834.tar.gz
githooks-fcff62262703554ccebdda353f5435aeb6162834.tar.bz2
githooks-fcff62262703554ccebdda353f5435aeb6162834.zip
local: resync from git-gx86-tools/49b86a7418e68de3cf90ec88add3ac08630b7f0b, need to redo local commits
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
m---------git-gx86-tools0
-rwxr-xr-xlocal/postrecv-bugs18
-rw-r--r--local/tests/lib.sh44
-rwxr-xr-xlocal/tests/run-all.sh1
-rwxr-xr-xlocal/tests/update-04-utf8.sh1
-rwxr-xr-xlocal/tests/update-05-manifest.sh1
-rwxr-xr-xlocal/tests/update-06-copyright.sh1
-rwxr-xr-xlocal/update-01-basic1
-rwxr-xr-xlocal/update-02-gpg134
-rwxr-xr-xlocal/update-03-filename12
-rwxr-xr-xlocal/update-04-utf812
-rwxr-xr-xlocal/update-05-manifest12
-rwxr-xr-xlocal/update-06-copyright2
13 files changed, 128 insertions, 111 deletions
diff --git a/git-gx86-tools b/git-gx86-tools
-Subproject f2eb9ed28de2ce3ade1ebd8097afded19d4ae2e
+Subproject 49b86a7418e68de3cf90ec88add3ac08630b7f0
diff --git a/local/postrecv-bugs b/local/postrecv-bugs
index c36ba56..992815b 100755
--- a/local/postrecv-bugs
+++ b/local/postrecv-bugs
@@ -1,5 +1,4 @@
#!/bin/bash
-# gentoo-infra: infra/githooks.git:local/postrecv-bugs
# Copyright 2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 or later
@@ -30,13 +29,18 @@ while read -r oldrev newrev refname; do
while read -r commithash; do
while read -r l; do
+ is_fixes=0
case ${l} in
# kinda-like github/gitlab/bitbucket but:
# 1. we accept only -s forms for simplicity,
# 2. we accept only footer-style to avoid false positives,
# 3. we have to scan the whole commit message because
# developers still fail to have just one footer.
- Closes:*|Resolves:*|Fixes:*)
+ Closes:*|Resolves:*)
+ close=1;;
+ # normally used to reference commit ids
+ Fixes:*)
+ is_fixes=1
close=1;;
# alternate form to ref without closing
Bug:*)
@@ -47,6 +51,16 @@ while read -r oldrev newrev refname; do
# strip whitespace, split words
bugref=( ${l#*:} )
+ if [[ ${is_fixes} == 1 ]]; then
+ case ${bugref} in
+ # commit ref
+ [0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]*)
+ continue;;
+ *)
+ echo "WARNING: 'Fixes' tag should reference commit id, not: ${bugref[*]}"
+ ;;
+ esac
+ fi
for bug in "${bugref[@]}"; do
case ${bug} in
# long bugzilla URL
diff --git a/local/tests/lib.sh b/local/tests/lib.sh
index f4fcaaa..e3432db 100644
--- a/local/tests/lib.sh
+++ b/local/tests/lib.sh
@@ -1,5 +1,4 @@
#!/bin/bash
-# gentoo-infra: infra/githooks.git:local/tests/lib.sh
# Git hook test helpers
# Copyright 2018 Michał Górny
# Distributed under the terms of the GNU General Public License v2 or later
@@ -51,13 +50,13 @@ run_test() {
)
}
-# Run the test for specified branch, presuming it's a new branch.
-# $1 - branch name
-run_test_branch() {
- local branch=${1}
+# Run the test for specified ref, presuming it's a new branch/tag.
+# $1 - ref path
+run_test_ref() {
+ local ref=${1}
(
- set -- "refs/heads/${branch}" 0000000000000000000000000000000000000000 HEAD
+ set -- "${ref}" 0000000000000000000000000000000000000000 HEAD
set +e
. "${HOOK_PATH}"
)
@@ -76,7 +75,17 @@ test_success() {
# $1 - branch name
test_branch_success() {
local branch=${1}
- run_test_branch "${branch}"
+ run_test_ref "refs/heads/${branch}"
+ tend ${?}
+ : $(( TEST_RET |= ${?} ))
+}
+
+# Run the hook presuming new tag is added.
+# Expect success.
+# $1 - tag name
+test_tag_success() {
+ local tag=${1}
+ run_test_ref "refs/tags/${tag}"
tend ${?}
: $(( TEST_RET |= ${?} ))
}
@@ -107,7 +116,26 @@ test_branch_failure() {
local expected=${2}
local msg
- if msg=$(run_test_branch "${branch}"); then
+ if msg=$(run_test_ref "refs/heads/${branch}"); then
+ tend 1 "Hook unexpectedly succeeded"
+ return 1
+ fi
+
+ [[ ${msg} == ${expected} ]]
+ tend ${?} "'${msg}' != '${expected}'"
+ : $(( TEST_RET |= ${?} ))
+}
+
+# Run the hook presuming new tag is added.
+# Expect failure with message matching the pattern.
+# $1 - tag name
+# $2 - bash pattern to match
+test_tag_failure() {
+ local tag=${1}
+ local expected=${2}
+ local msg
+
+ if msg=$(run_test_ref "refs/tags/${tag}"); then
tend 1 "Hook unexpectedly succeeded"
return 1
fi
diff --git a/local/tests/run-all.sh b/local/tests/run-all.sh
index 50bef43..117f210 100755
--- a/local/tests/run-all.sh
+++ b/local/tests/run-all.sh
@@ -1,5 +1,4 @@
#!/bin/bash
-# gentoo-infra: infra/githooks.git:local/tests/run-all.sh
# Tests for git hooks
# Copyright 2018 Michał Górny
# Distributed under the terms of the GNU General Public License v2 or later
diff --git a/local/tests/update-04-utf8.sh b/local/tests/update-04-utf8.sh
index b172d6a..f471948 100755
--- a/local/tests/update-04-utf8.sh
+++ b/local/tests/update-04-utf8.sh
@@ -1,5 +1,4 @@
#!/bin/bash
-# gentoo-infra: infra/githooks.git:local/tests/update-04-utf8.sh
# Tests for update-04-utf8 hook
# Copyright 2018 Michał Górny
# Distributed under the terms of the GNU General Public License v2 or later
diff --git a/local/tests/update-05-manifest.sh b/local/tests/update-05-manifest.sh
index 6b894ad..1597092 100755
--- a/local/tests/update-05-manifest.sh
+++ b/local/tests/update-05-manifest.sh
@@ -1,5 +1,4 @@
#!/bin/bash
-# gentoo-infra: infra/githooks.git:local/tests/update-05-manifest.sh
# Tests for update-05-manifest hook
# Copyright 2018 Michał Górny
# Distributed under the terms of the GNU General Public License v2 or later
diff --git a/local/tests/update-06-copyright.sh b/local/tests/update-06-copyright.sh
index dd969da..4edaa72 100755
--- a/local/tests/update-06-copyright.sh
+++ b/local/tests/update-06-copyright.sh
@@ -1,5 +1,4 @@
#!/bin/bash
-# gentoo-infra: infra/githooks.git:local/tests/update-06-copyright.sh
# Tests for update-06-copyright hook
# Copyright 2018 Michał Górny
# Distributed under the terms of the GNU General Public License v2 or later
diff --git a/local/update-01-basic b/local/update-01-basic
index 9c9741a..b1a36dc 100755
--- a/local/update-01-basic
+++ b/local/update-01-basic
@@ -1,5 +1,4 @@
#!/bin/sh
-# gentoo-infra: infra/githooks.git:local/update-01-basic
# --- Command line
refname=${1}
diff --git a/local/update-02-gpg b/local/update-02-gpg
index 10cf13b..c3c15e9 100755
--- a/local/update-02-gpg
+++ b/local/update-02-gpg
@@ -1,5 +1,4 @@
-#!/bin/sh
-# gentoo-infra: infra/githooks.git:local/update-02-gpg
+#!/bin/bash
# --- Command line
refname=${1}
@@ -19,6 +18,9 @@ if [ -z "${refname}" -o -z "${oldrev}" -o -z "${newrev}" ]; then
exit 1
fi
+# branch names or 'all', or 'all-refs' for all refs
+SIGNED_BRANCHES=$(git config --get gentoo.signed-branches)
+: ${SIGNED_BRANCHES:=master}
VERIFY_SIGS=$(git config --get gentoo.verify-signatures)
: ${VERIFY_SIGS:=gentoo-devs}
@@ -69,68 +71,84 @@ case ${VERIFY_SIGS} in
exit 1
esac
-# --- Check types
-# if $newrev is 0000...0000, it's a commit to delete a ref.
-zero="0000000000000000000000000000000000000000"
-
-case ${refname} in
- refs/heads/master)
+case ${SIGNED_BRANCHES} in
+ all-refs)
+ ;;
+ all)
+ [[ ${refname} == refs/heads/* ]] || exit 0
+ ;;
+ *)
+ [[ ${refname} == refs/heads/* ]] || exit 0
+ branch_found=
+ for branch in ${SIGNED_BRANCHES}; do
+ if [[ ${refname#refs/heads/} == ${branch} ]]; then
+ branch_found=1
+ break
+ fi
+ done
+ [[ ${branch_found} == 1 ]] || exit 0
+esac
- IFS='
+IFS='
'
- # verify that everything on the left-hand side of commit history is signed
- # (further branches of merges can be unsigned)
- revs=$(git rev-list --first-parent "${newrev}" "^${oldrev}")
- for r in ${revs}; do
- committer=$(git show -q --pretty=format:'%ce' "${r}")
- if [[ ${VERIFY_SIGS} == gentoo-devs && ${committer} != *@gentoo.org ]]; then
- echo "*** Committer address is not @gentoo.org, refusing"
- exit 1
- fi
+# special cases
+zeros=0000000000000000000000000000000000000000
+# branch removal
+[[ ${newrev} == "${zeros}" ]] && exit 0
+# new branch; try to find a merge base with master
+if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then
+ mergebase=$(git merge-base refs/heads/master "${newrev}")
+ [[ -n ${mergebase} ]] && oldrev=${mergebase}
+fi
+rev_list_arg="${oldrev}..${newrev}"
+# new and no common commit? gotta check them all
+[[ ${oldrev} == "${zeros}" ]] && rev_list_arg="${newrev}"
- signst=$(git show -q --pretty=format:'%G?' "${r}")
- case ${VERIFY_SIGS} in
- gentoo-devs)
- # gentoo dev signatures must be Good
- [[ ${signst} == G ]] && continue
- ;;
- no)
- # additionally skip untrusted/impossible to check
- # when verification is disabled
- [[ ${signst} == [GUE] ]] && continue
- ;;
- esac
+while read -r r; do
+ committer=$(git show -q --pretty=format:'%ce' "${r}")
+ if [[ ${VERIFY_SIGS} == gentoo-devs && ${committer} != *@gentoo.org ]]; then
+ echo "*** Committer address is not @gentoo.org, refusing"
+ exit 1
+ fi
- # error reporting
- case ${signst} in
- U)
- echo "*** Untrusted signature on ${r}, refusing"
- exit 1
- ;;
- B)
- echo "*** Bad signature on ${r}, refusing"
- exit 1
- ;;
- N)
- echo "*** No signature on ${r}, refusing"
- exit 1
- ;;
- E)
- echo "*** Signature cannot be checked on ${r}, refusing"
- exit 1
- ;;
- *)
- echo "*** Unknown signature status '${signst}', refusing"
- exit 1
- ;;
- esac
- done
+ signst=$(git show -q --pretty=format:'%G?' "${r}")
+ case ${VERIFY_SIGS} in
+ gentoo-devs)
+ # gentoo dev signatures must be Good
+ [[ ${signst} == G ]] && continue
+ ;;
+ no)
+ # additionally skip untrusted/impossible to check
+ # when verification is disabled
+ [[ ${signst} == [GUE] ]] && continue
+ ;;
+ esac
- ;;
- *)
- ;;
-esac
+ # error reporting
+ case ${signst} in
+ U)
+ echo "*** Untrusted signature on ${r}, refusing"
+ exit 1
+ ;;
+ B)
+ echo "*** Bad signature on ${r}, refusing"
+ exit 1
+ ;;
+ N)
+ echo "*** No signature on ${r}, refusing"
+ exit 1
+ ;;
+ E)
+ echo "*** Signature cannot be checked on ${r}, refusing"
+ exit 1
+ ;;
+ *)
+ echo "*** Unknown signature status '${signst}', refusing"
+ exit 1
+ ;;
+ esac
+done < <(git rev-list --first-parent "${rev_list_arg}")
# --- Finished
exit 0
diff --git a/local/update-03-filename b/local/update-03-filename
index 6871175..da2c8ff 100755
--- a/local/update-03-filename
+++ b/local/update-03-filename
@@ -1,5 +1,4 @@
#!/bin/bash
-# gentoo-infra: infra/githooks.git:local/update-03-filename
# Copyright 2015-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 or later
@@ -12,17 +11,6 @@ newrev=$3
# skip non-master commits
[[ ${refname} == refs/heads/master ]] || exit 0
-# special cases
-zeros=0000000000000000000000000000000000000000
-# branch removal
-[[ ${newrev} == "${zeros}" ]] && exit 0
-# new branch; try to find a merge base with master
-if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then
- mergebase=$(git merge-base refs/heads/master "${newrev}")
- [[ -n ${mergebase} ]] && oldrev=${mergebase}
- [[ -z ${mergebase} ]] && echo "WARNING: No common commits with master!"
-fi
-
# Filenames must contain only the characters [A-Za-z0-9._+-] and must
# not begin with a dot, a hyphen, or a plus sign.
# https://devmanual.gentoo.org/general-concepts/tree/#what-belongs-in-the-tree%3F
diff --git a/local/update-04-utf8 b/local/update-04-utf8
index 0365dec..8195931 100755
--- a/local/update-04-utf8
+++ b/local/update-04-utf8
@@ -1,5 +1,4 @@
#!/bin/bash
-# gentoo-infra: infra/githooks.git:local/update-04-utf8
# Copyright 2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 or later
@@ -11,17 +10,6 @@ newrev=$3
export LC_MESSAGES=C
-# special cases
-zeros=0000000000000000000000000000000000000000
-# branch removal
-[[ ${newrev} == "${zeros}" ]] && exit 0
-# new branch; try to find a merge base with master
-if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then
- mergebase=$(git merge-base refs/heads/master "${newrev}")
- [[ -n ${mergebase} ]] && oldrev=${mergebase}
- [[ -z ${mergebase} ]] && echo "WARNING: No common commits with master!"
-fi
-
ret=0
while read commithash; do
# verify that the commit object (including author, committer, commit
diff --git a/local/update-05-manifest b/local/update-05-manifest
index 4649fc3..42afd2a 100755
--- a/local/update-05-manifest
+++ b/local/update-05-manifest
@@ -1,5 +1,4 @@
#!/bin/bash
-# gentoo-infra: infra/githooks.git:local/update-05-manifest
# Copyright 2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2 or later
@@ -14,17 +13,6 @@ export LC_MESSAGES=C
# enforce only on master branch
[[ ${refname} == refs/heads/master ]] || exit 0
-# special cases
-zeros=0000000000000000000000000000000000000000
-# branch removal
-[[ ${newrev} == "${zeros}" ]] && exit 0
-# new branch; try to find a merge base with master
-if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then
- mergebase=$(git merge-base refs/heads/master "${newrev}")
- [[ -n ${mergebase} ]] && oldrev=${mergebase}
- [[ -z ${mergebase} ]] && echo "WARNING: No common commits with master!"
-fi
-
ret=0
while read commithash; do
# check for any Manifest changes
diff --git a/local/update-06-copyright b/local/update-06-copyright
index 70e39af..82cba58 100755
--- a/local/update-06-copyright
+++ b/local/update-06-copyright
@@ -1,5 +1,4 @@
#!/bin/bash
-# gentoo-infra: infra/githooks.git:local/update-06-copyright
# Verify that GCO sign-off is present in commit messages
# Copyright 2018 Michał Górny
# Distributed under the terms of the GNU General Public License v2 or later
@@ -75,7 +74,6 @@ zeros=0000000000000000000000000000000000000000
if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then
mergebase=$(git merge-base refs/heads/master "${newrev}")
[[ -n ${mergebase} ]] && oldrev=${mergebase}
- [[ -z ${mergebase} ]] && echo "WARNING: No common commits with master!"
fi
rev_list_arg="${oldrev}..${newrev}"
# new and no common commit? gotta check them all