* Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) @ 2016-12-29 2:10 Leo Famulari 2016-12-29 2:47 ` Leo Famulari 2016-12-29 2:49 ` Tobias Geerinckx-Rice 0 siblings, 2 replies; 14+ messages in thread From: Leo Famulari @ 2016-12-29 2:10 UTC (permalink / raw) To: guix-devel [-- Attachment #1: Type: text/plain, Size: 808 bytes --] I see this in the log: $ git log --show-signature 6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91 commit 6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91 gpg: Signature made Wed 28 Dec 2016 08:38:21 PM EST gpg: using RSA key 91CCDB9B48541B99 gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" [unknown] Author: Tobias Geerinckx-Rice <me@tobias.gr> Date: Wed Dec 28 23:01:49 2016 +0100 gnu: python-prompt-toolkit: Update to 1.0.9. * gnu/packages/python.scm (python-prompt-toolkit): Update to 1.0.9. Does anyone else get the same result? Any ideas? Tobias, what version of GnuPG are you using? I'm using: gnupg 2.1.17 /gnu/store/1sa7k3x3y3chdl31p7y7x3sa7p9h1qa3-gnupg-2.1.17 ... which is built from Guix commit 791ac6a68d1e4bc80f4760cd968cb6c26dbab9ba. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2016-12-29 2:10 Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) Leo Famulari @ 2016-12-29 2:47 ` Leo Famulari 2016-12-29 3:04 ` Tobias Geerinckx-Rice 2016-12-29 2:49 ` Tobias Geerinckx-Rice 1 sibling, 1 reply; 14+ messages in thread From: Leo Famulari @ 2016-12-29 2:47 UTC (permalink / raw) To: guix-devel [-- Attachment #1.1: Type: text/plain, Size: 1996 bytes --] On Wed, Dec 28, 2016 at 09:10:15PM -0500, Leo Famulari wrote: > I see this in the log: > > $ git log --show-signature 6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91 > commit 6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91 > gpg: Signature made Wed 28 Dec 2016 08:38:21 PM EST > gpg: using RSA key 91CCDB9B48541B99 > gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" [unknown] > Author: Tobias Geerinckx-Rice <me@tobias.gr> > Date: Wed Dec 28 23:01:49 2016 +0100 > > gnu: python-prompt-toolkit: Update to 1.0.9. > > * gnu/packages/python.scm (python-prompt-toolkit): Update to 1.0.9. > > Does anyone else get the same result? Any ideas? > > Tobias, what version of GnuPG are you using? > > I'm using: > > gnupg 2.1.17 /gnu/store/1sa7k3x3y3chdl31p7y7x3sa7p9h1qa3-gnupg-2.1.17 > > ... which is built from Guix commit 791ac6a68d1e4bc80f4760cd968cb6c26dbab9ba. I'm also unable to verify the signature of two more commits, as below. I've attached a handy Git signature verifier script. commit e0f8a520eda6b86a71f99eddf2c6968a95c8de0e gpg: Signature made Thu 24 Nov 2016 08:21:51 PM EST gpg: using RSA key 91CCDB9B48541B99 gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" [unknown] Author: Tobias Geerinckx-Rice <me@tobias.gr> Date: Thu Nov 24 19:28:52 2016 +0100 gnu: miniupnpc: Improve synopsis and description. * gnu/packages/upnp.scm (miniupnp)[synopsis, description]: Edit, fix typos, add some relevant (search) terms from the home page, and expand acronyms. commit 7d162df8ce4dc90c681ff627b2ed94c192e6342f gpg: Signature made Thu 15 Dec 2016 09:08:42 PM EST gpg: using RSA key 91CCDB9B48541B99 gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" [unknown] Author: Tobias Geerinckx-Rice <me@tobias.gr> Date: Thu Dec 15 23:17:52 2016 +0100 gnu: mcelog: Update to 146. * gnu/packages/linux.scm (mcelog): Update to 146. [-- Attachment #1.2: verifier --] [-- Type: text/plain, Size: 606 bytes --] #!/bin/sh # This script requires a Git revision selector, such as HEAD, 734713bc0, # origin/master..HEAD, et cetera: # https://git-scm.com/book/en/v2/Git-Tools-Revision-Selection # A revision selector example for guix.git: v0.11.0..HEAD if test $# -eq 1 ; then range=$1 else exit 1 fi for commit in $(git rev-list $range); do results=$(git verify-commit $commit 2>&1) if test $? -ne 0; then git show --format=full --show-signature $commit # I'm not sure if the previous line will always include the # contents of $results, so I re-print it just in case. printf "%s\n\n" "$results" fi done [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2016-12-29 2:47 ` Leo Famulari @ 2016-12-29 3:04 ` Tobias Geerinckx-Rice 2016-12-29 17:13 ` Leo Famulari 0 siblings, 1 reply; 14+ messages in thread From: Tobias Geerinckx-Rice @ 2016-12-29 3:04 UTC (permalink / raw) To: leo, guix-devel [-- Attachment #1.1: Type: text/plain, Size: 779 bytes --] Leo, On 29/12/16 03:47, Leo Famulari wrote: > I'm also unable to verify the signature of two more commits, as below. Signing seems to fail both seldom and pseudo-randomly. Oh, and silently[1]. My favourite kind of bug. I'm guessing this is what happens: $ $ git commit, am or cherry-pick && git log --show-signatures ...everything looks good and signed! Let's push! $ git fetch --all && git rebase upstream/master ...now signing some non-HEAD commit silently fails... $ git push upstream ...badness. Good night, T G-R [1]: until you check the log, of course. PS: nckx@ubuntu~$ $ /usr/bin/gpg2 --version gpg (GnuPG) 2.1.15 libgcrypt 1.7.2-beta but I doubt that matters much now. I don't use Guix's gpg [yet]. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 476 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2016-12-29 3:04 ` Tobias Geerinckx-Rice @ 2016-12-29 17:13 ` Leo Famulari 0 siblings, 0 replies; 14+ messages in thread From: Leo Famulari @ 2016-12-29 17:13 UTC (permalink / raw) To: Tobias Geerinckx-Rice; +Cc: guix-devel [-- Attachment #1.1: Type: text/plain, Size: 1171 bytes --] On Thu, Dec 29, 2016 at 04:04:49AM +0100, Tobias Geerinckx-Rice wrote: > Signing seems to fail both seldom and pseudo-randomly. Oh, and > silently[1]. My favourite kind of bug. > > I'm guessing this is what happens: > > $ > $ git commit, am or cherry-pick && git log --show-signatures > ...everything looks good and signed! Let's push! > $ git fetch --all && git rebase upstream/master > ...now signing some non-HEAD commit silently fails... > $ git push upstream > ...badness. > > Good night, > > T G-R > > [1]: until you check the log, of course. > > PS: > nckx@ubuntu~$ $ /usr/bin/gpg2 --version > gpg (GnuPG) 2.1.15 > libgcrypt 1.7.2-beta > but I doubt that matters much now. I don't use Guix's gpg [yet]. It would be nice to figure out why it fails. It seems specific to your setup somehow (since there are no other broken signatures in the log), but I have no idea where to start. Perhaps with the beta version of libgcrypt. Especially since it seems specific to your setup, can you evaluate the pre-push hook that's attached, and start using the hook if you're satisfied that it's correct? [-- Attachment #1.2: pre-push --] [-- Type: text/plain, Size: 1272 bytes --] #!/bin/sh # A hook script that prevents the user from pushing unsigned commits. # Called by "git push" after it has checked the remote status, but before # anything has been pushed. If this script exits with a non-zero status nothing # will be pushed. # # This hook is called with the following parameters: # # $1 -- Name of the remote to which the push is being done # $2 -- URL to which the push is being done # # If pushing without using a named remote those arguments will be equal. # # Information about the commits which are being pushed is supplied as lines to # the standard input in the form: # # <local ref> <local sha1> <remote ref> <remote sha1> z40=0000000000000000000000000000000000000000 # Only use the hook when pushing to Savannah. case "$2" in *git.sv.gnu.org*) break ;; *) exit 0 ;; esac while read local_ref local_sha remote_ref remote_sha do if [ "$local_sha" = $z40 ] then # Handle delete : else if [ "$remote_sha" = $z40 ] then # New branch, examine all commits range="$local_sha" else # Update to existing branch, examine new commits range="$remote_sha..$local_sha" fi # Check if push candidate commits are PGP signed. git verify-commit $(git rev-list $range) >/dev/null 2>&1 exit $? fi done exit 0 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2016-12-29 2:10 Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) Leo Famulari 2016-12-29 2:47 ` Leo Famulari @ 2016-12-29 2:49 ` Tobias Geerinckx-Rice 2016-12-29 6:08 ` John Darrington 2017-01-02 20:59 ` Ludovic Courtès 1 sibling, 2 replies; 14+ messages in thread From: Tobias Geerinckx-Rice @ 2016-12-29 2:49 UTC (permalink / raw) To: leo, guix-devel [-- Attachment #1.1: Type: text/plain, Size: 470 bytes --] Leo, On 29/12/16 03:10, Leo Famulari wrote: > gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" Oh dear. > Does anyone else get the same result? Any ideas? I do, so it's a real® corrupted signature. Looking back, it turns out that this isn't the first time this has happened: another commit of mine (7d162df, gnu: mcelog: Update to 146.) also has a bad signature, which I probably missed for the same reason. Kind regards, T G-R [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 476 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2016-12-29 2:49 ` Tobias Geerinckx-Rice @ 2016-12-29 6:08 ` John Darrington 2016-12-29 6:39 ` Leo Famulari 2016-12-29 6:44 ` Leo Famulari 2017-01-02 20:59 ` Ludovic Courtès 1 sibling, 2 replies; 14+ messages in thread From: John Darrington @ 2016-12-29 6:08 UTC (permalink / raw) To: Tobias Geerinckx-Rice; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 1014 bytes --] On Thu, Dec 29, 2016 at 03:49:51AM +0100, Tobias Geerinckx-Rice wrote: Leo, On 29/12/16 03:10, Leo Famulari wrote: > gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" Oh dear. > Does anyone else get the same result? Any ideas? I do, so it's a real?? corrupted signature. Looking back, it turns out that this isn't the first time this has happened: another commit of mine (7d162df, gnu: mcelog: Update to 146.) also has a bad signature, which I probably missed for the same reason. How did these commits get into the repository? Our repository is configured to reject unsigned commits. Can it be that it doesn't actually check that the signature matches? !!! -- Avoid eavesdropping. Send strong encrypted email. PGP Public key ID: 1024D/2DE827B3 fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key. [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 181 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2016-12-29 6:08 ` John Darrington @ 2016-12-29 6:39 ` Leo Famulari 2016-12-29 6:44 ` Leo Famulari 1 sibling, 0 replies; 14+ messages in thread From: Leo Famulari @ 2016-12-29 6:39 UTC (permalink / raw) To: John Darrington; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 1007 bytes --] On Thu, Dec 29, 2016 at 07:08:18AM +0100, John Darrington wrote: > On Thu, Dec 29, 2016 at 03:49:51AM +0100, Tobias Geerinckx-Rice wrote: > Leo, > > On 29/12/16 03:10, Leo Famulari wrote: > > gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" > > Oh dear. > > > Does anyone else get the same result? Any ideas? > > I do, so it's a real?? corrupted signature. > > Looking back, it turns out that this isn't the first time this has > happened: another commit of mine (7d162df, gnu: mcelog: Update to 146.) > also has a bad signature, which I probably missed for the same reason. > > > How did these commits get into the repository? Our repository is > configured to reject unsigned commits. Can it be that it doesn't > actually check that the signature matches? !!! Yes, it's a known limitation: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#129 We need to improve the hook. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2016-12-29 6:08 ` John Darrington 2016-12-29 6:39 ` Leo Famulari @ 2016-12-29 6:44 ` Leo Famulari 2016-12-29 7:38 ` Leo Famulari 1 sibling, 1 reply; 14+ messages in thread From: Leo Famulari @ 2016-12-29 6:44 UTC (permalink / raw) To: John Darrington; +Cc: guix-devel [-- Attachment #1.1: Type: text/plain, Size: 419 bytes --] On Thu, Dec 29, 2016 at 07:08:18AM +0100, John Darrington wrote: > How did these commits get into the repository? Our repository is > configured to reject unsigned commits. Can it be that it doesn't > actually check that the signature matches? !!! Here's a pre-push Git hook that should prevent unsigned commits from being pushed to any remote. I'd like to improve it to be applied selectively per-remote. [-- Attachment #1.2: pre-push --] [-- Type: text/plain, Size: 1219 bytes --] #!/gnu/store/b1yqjimbdh5bf9jnizd4h7yf110744j2-bash-4.3.42/bin/sh # A hook script that prevents the user from pushing unsigned commits. # Called by "git push" after it has checked the remote status, but before # anything has been pushed. If this script exits with a non-zero status nothing # will be pushed. # # This hook is called with the following parameters: # # $1 -- Name of the remote to which the push is being done # $2 -- URL to which the push is being done # # If pushing without using a named remote those arguments will be equal. # # Information about the commits which are being pushed is supplied as lines to # the standard input in the form: # # <local ref> <local sha1> <remote ref> <remote sha1> z40=0000000000000000000000000000000000000000 while read local_ref local_sha remote_ref remote_sha do if [ "$local_sha" = $z40 ] then # Handle delete : else if [ "$remote_sha" = $z40 ] then # New branch, examine all commits range="$local_sha" else # Update to existing branch, examine new commits range="$remote_sha..$local_sha" fi # Check if push candidate commits are PGP signed. git verify-commit $(git rev-list $range) >/dev/null 2>&1 exit $? fi done exit 0 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2016-12-29 6:44 ` Leo Famulari @ 2016-12-29 7:38 ` Leo Famulari 0 siblings, 0 replies; 14+ messages in thread From: Leo Famulari @ 2016-12-29 7:38 UTC (permalink / raw) To: John Darrington; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 818 bytes --] On Thu, Dec 29, 2016 at 01:44:59AM -0500, Leo Famulari wrote: > Here's a pre-push Git hook that should prevent unsigned commits from > being pushed to any remote. I'd like to improve it to be applied > selectively per-remote. The hook will only apply when pushing to Savannah if you put this test at the beginning of the hook: case "$2" in *git.sv.gnu.org*) break ;; *) exit 0 ;; esac Commit signatures will be verified before pushing to Savannah, but it doesn't interfere when pushing to another repository. I think this is right balance between safety and convenience. If people think the hook is correct, we could recommend it in HACKING. > #!/gnu/store/b1yqjimbdh5bf9jnizd4h7yf110744j2-bash-4.3.42/bin/sh Oops! It should all work with #!/bin/sh. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2016-12-29 2:49 ` Tobias Geerinckx-Rice 2016-12-29 6:08 ` John Darrington @ 2017-01-02 20:59 ` Ludovic Courtès 2017-01-03 6:24 ` Leo Famulari 1 sibling, 1 reply; 14+ messages in thread From: Ludovic Courtès @ 2017-01-02 20:59 UTC (permalink / raw) To: Tobias Geerinckx-Rice; +Cc: guix-devel Hello Guix! Tobias Geerinckx-Rice <me@tobias.gr> skribis: > On 29/12/16 03:10, Leo Famulari wrote: >> gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" > > Oh dear. > >> Does anyone else get the same result? Any ideas? > > I do, so it's a real® corrupted signature. It’s a valid signature (gpg parses it correctly): --8<---------------cut here---------------start------------->8--- $ git cat-file -p 6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91 tree 1fcfe231ee1ee856980ee3e2f055a0d4615c59a6 parent 791ac6a68d1e4bc80f4760cd968cb6c26dbab9ba author Tobias Geerinckx-Rice <me@tobias.gr> 1482962509 +0100 committer Tobias Geerinckx-Rice <me@tobias.gr> 1482975501 +0100 gpgsig -----BEGIN PGP SIGNATURE----- iQEcBAABCgAGBQJYZGkNAAoJEJHM25tIVBuZ+3QH/3wYO1BqGBolMzwD5wI5EVGO PBfHnvVBGonNUbuI9F7NwJqYbOeS2Nzd19/h/1T6oMclFCzPfPL5MpPQFnihvSo0 sPdI+KRtXz4jOJ0WLy+JA65zbKpu84PM0rf0+m8iDA8bRCXIQt1Ym2uYdyIcqUj5 +sCf6wbnrBhCGTf6t7phWCM3wd166V8L8sIHFhnpxfZRVV2sOGXyunHkcWu8v4/6 Mf2oaBA08Gq+uCffsbHyqMRr03XhnXprAtaM1eKP0/d7G1nj14lM97mEjr9huGDk GKA8F+u3W/7FvaVIN9PhCzSrxzgmdMnVm9q61YB4RmEcBD1E/lG5h8dVOY3eMuI= =/4F2 -----END PGP SIGNATURE----- gnu: python-prompt-toolkit: Update to 1.0.9. * gnu/packages/python.scm (python-prompt-toolkit): Update to 1.0.9. --8<---------------cut here---------------end--------------->8--- However, it’s a signature against a different piece of data. It would be good to figure out how that happened. The pre-push hook that Leo sent runs ‘git verify-commit’, so it should catch this kind of problem. I’m all for adding it to the repo and recommending it in HACKING. Leo? But we really need to fix the server-side hook. Thanks, Ludo’. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2017-01-02 20:59 ` Ludovic Courtès @ 2017-01-03 6:24 ` Leo Famulari 2017-01-03 12:34 ` Ludovic Courtès 0 siblings, 1 reply; 14+ messages in thread From: Leo Famulari @ 2017-01-03 6:24 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 217 bytes --] On Mon, Jan 02, 2017 at 09:59:20PM +0100, Ludovic Courtès wrote: > I’m all for adding it to the repo and recommending it in HACKING. > > Leo? I've attached a patch. I'm not sure where to store the hook. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2017-01-03 6:24 ` Leo Famulari @ 2017-01-03 12:34 ` Ludovic Courtès 2017-01-03 17:29 ` Leo Famulari 0 siblings, 1 reply; 14+ messages in thread From: Ludovic Courtès @ 2017-01-03 12:34 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari <leo@famulari.name> skribis: > On Mon, Jan 02, 2017 at 09:59:20PM +0100, Ludovic Courtès wrote: >> I’m all for adding it to the repo and recommending it in HACKING. >> >> Leo? > > I've attached a patch. Actually no. :-) > I'm not sure where to store the hook. I’d say in a new etc/guix directory? Thanks! Ludo’. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2017-01-03 12:34 ` Ludovic Courtès @ 2017-01-03 17:29 ` Leo Famulari 2017-01-04 21:05 ` Ludovic Courtès 0 siblings, 1 reply; 14+ messages in thread From: Leo Famulari @ 2017-01-03 17:29 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel [-- Attachment #1.1: Type: text/plain, Size: 455 bytes --] On Tue, Jan 03, 2017 at 01:34:31PM +0100, Ludovic Courtès wrote: > Leo Famulari <leo@famulari.name> skribis: > > > On Mon, Jan 02, 2017 at 09:59:20PM +0100, Ludovic Courtès wrote: > >> I’m all for adding it to the repo and recommending it in HACKING. > >> > >> Leo? > > > > I've attached a patch. > > Actually no. :-) Oops! I'll try again ;) > > I'm not sure where to store the hook. > > I’d say in a new etc/guix directory? [-- Attachment #1.2: 0001-doc-Add-a-Git-hook-that-verifies-signatures-before-p.patch --] [-- Type: text/plain, Size: 3135 bytes --] From 837f7c717b201998810a46b8dadf8ba2165dde69 Mon Sep 17 00:00:00 2001 From: Leo Famulari <leo@famulari.name> Date: Tue, 3 Jan 2017 01:19:25 -0500 Subject: [PATCH] doc: Add a Git hook that verifies signatures before pushing. * HACKING (Commit Access): Describe the pre-push Git hook. * etc/guix/pre-push: New file. --- HACKING | 5 +++++ etc/guix/pre-push | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100755 etc/guix/pre-push diff --git a/HACKING b/HACKING index 28948b3e2..364eedf6b 100644 --- a/HACKING +++ b/HACKING @@ -4,6 +4,7 @@ Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org> Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org> +Copyright © 2017 Leo Famulari <leo@famulari.name> Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright @@ -43,6 +44,10 @@ configure Git to automatically sign commits, run: git config commit.gpgsign true git config user.signingkey CABBA6EA1DC0FF33 +You can prevent yourself from accidentally pushing unsigned commits to Savannah +by using the pre-push Git hook called 'pre-push'. It's located at +'etc/guix/pre-push'. + For anything else, please post to guix-devel@gnu.org and leave time for a review, without committing anything. If you didn’t receive any reply after two weeks, and if you’re confident, it’s OK to commit. diff --git a/etc/guix/pre-push b/etc/guix/pre-push new file mode 100755 index 000000000..c894c5a9e --- /dev/null +++ b/etc/guix/pre-push @@ -0,0 +1,57 @@ +#!/bin/sh + +# This hook script prevents the user from pushing to Savannah if any of the new +# commits' OpenPGP signatures cannot be verified. + +# Called by "git push" after it has checked the remote status, but before +# anything has been pushed. If this script exits with a non-zero status nothing +# will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# <local ref> <local sha1> <remote ref> <remote sha1> + +z40=0000000000000000000000000000000000000000 + +# Only use the hook when pushing to Savannah. +case "$2" in +*git.sv.gnu.org*) + break + ;; +*) + exit 0 + ;; +esac + +while read local_ref local_sha remote_ref remote_sha +do + if [ "$local_sha" = $z40 ] + then + # Handle delete + : + else + if [ "$remote_sha" = $z40 ] + then + # New branch, examine all commits + range="$local_sha" + else + # Update to existing branch, examine new commits + range="$remote_sha..$local_sha" + fi + + # Verify the signatures of all commits being pushed. + git verify-commit $(git rev-list $range) >/dev/null 2>&1 + + exit $? + fi +done + +exit 0 -- 2.11.0 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) 2017-01-03 17:29 ` Leo Famulari @ 2017-01-04 21:05 ` Ludovic Courtès 0 siblings, 0 replies; 14+ messages in thread From: Ludovic Courtès @ 2017-01-04 21:05 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari <leo@famulari.name> skribis: > On Tue, Jan 03, 2017 at 01:34:31PM +0100, Ludovic Courtès wrote: >> Leo Famulari <leo@famulari.name> skribis: [...] >> > I'm not sure where to store the hook. >> >> I’d say in a new etc/guix directory? Argh, I meant “etc/git”, sorry. > From 837f7c717b201998810a46b8dadf8ba2165dde69 Mon Sep 17 00:00:00 2001 > From: Leo Famulari <leo@famulari.name> > Date: Tue, 3 Jan 2017 01:19:25 -0500 > Subject: [PATCH] doc: Add a Git hook that verifies signatures before pushing. > > * HACKING (Commit Access): Describe the pre-push Git hook. > * etc/guix/pre-push: New file. OK with “etc/git”, thank you! Ludo’. ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2017-01-04 21:05 UTC | newest] Thread overview: 14+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-12-29 2:10 Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.) Leo Famulari 2016-12-29 2:47 ` Leo Famulari 2016-12-29 3:04 ` Tobias Geerinckx-Rice 2016-12-29 17:13 ` Leo Famulari 2016-12-29 2:49 ` Tobias Geerinckx-Rice 2016-12-29 6:08 ` John Darrington 2016-12-29 6:39 ` Leo Famulari 2016-12-29 6:44 ` Leo Famulari 2016-12-29 7:38 ` Leo Famulari 2017-01-02 20:59 ` Ludovic Courtès 2017-01-03 6:24 ` Leo Famulari 2017-01-03 12:34 ` Ludovic Courtès 2017-01-03 17:29 ` Leo Famulari 2017-01-04 21:05 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).