Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 808 bytes --]

I see this in the log:

$ git log --show-signature 6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91
commit 6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91
gpg: Signature made Wed 28 Dec 2016 08:38:21 PM EST
gpg:                using RSA key 91CCDB9B48541B99
gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" [unknown]
Author: Tobias Geerinckx-Rice <me@tobias.gr>
Date:   Wed Dec 28 23:01:49 2016 +0100

    gnu: python-prompt-toolkit: Update to 1.0.9.
    
    * gnu/packages/python.scm (python-prompt-toolkit): Update to 1.0.9.

Does anyone else get the same result? Any ideas?

Tobias, what version of GnuPG are you using?

I'm using:

gnupg	2.1.17	/gnu/store/1sa7k3x3y3chdl31p7y7x3sa7p9h1qa3-gnupg-2.1.17

... which is built from Guix commit 791ac6a68d1e4bc80f4760cd968cb6c26dbab9ba.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 1996 bytes --]

On Wed, Dec 28, 2016 at 09:10:15PM -0500, Leo Famulari wrote:
> I see this in the log:
> 
> $ git log --show-signature 6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91
> commit 6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91
> gpg: Signature made Wed 28 Dec 2016 08:38:21 PM EST
> gpg:                using RSA key 91CCDB9B48541B99
> gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" [unknown]
> Author: Tobias Geerinckx-Rice <me@tobias.gr>
> Date:   Wed Dec 28 23:01:49 2016 +0100
> 
>     gnu: python-prompt-toolkit: Update to 1.0.9.
>     
>     * gnu/packages/python.scm (python-prompt-toolkit): Update to 1.0.9.
> 
> Does anyone else get the same result? Any ideas?
> 
> Tobias, what version of GnuPG are you using?
> 
> I'm using:
> 
> gnupg	2.1.17	/gnu/store/1sa7k3x3y3chdl31p7y7x3sa7p9h1qa3-gnupg-2.1.17
> 
> ... which is built from Guix commit 791ac6a68d1e4bc80f4760cd968cb6c26dbab9ba.

I'm also unable to verify the signature of two more commits, as below.
I've attached a handy Git signature verifier script.

commit e0f8a520eda6b86a71f99eddf2c6968a95c8de0e
gpg: Signature made Thu 24 Nov 2016 08:21:51 PM EST
gpg:                using RSA key 91CCDB9B48541B99
gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" [unknown]
Author: Tobias Geerinckx-Rice <me@tobias.gr>
Date:   Thu Nov 24 19:28:52 2016 +0100

    gnu: miniupnpc: Improve synopsis and description.
    
    * gnu/packages/upnp.scm (miniupnp)[synopsis, description]: Edit, fix typos,
    add some relevant (search) terms from the home page, and expand acronyms.

commit 7d162df8ce4dc90c681ff627b2ed94c192e6342f
gpg: Signature made Thu 15 Dec 2016 09:08:42 PM EST
gpg:                using RSA key 91CCDB9B48541B99
gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>" [unknown]
Author: Tobias Geerinckx-Rice <me@tobias.gr>
Date:   Thu Dec 15 23:17:52 2016 +0100

    gnu: mcelog: Update to 146.
    
    * gnu/packages/linux.scm (mcelog): Update to 146.

[-- Attachment #1.2: verifier --]
[-- Type: text/plain, Size: 606 bytes --]

#!/bin/sh

# This script requires a Git revision selector, such as HEAD, 734713bc0,
# origin/master..HEAD, et cetera:
# https://git-scm.com/book/en/v2/Git-Tools-Revision-Selection

# A revision selector example for guix.git: v0.11.0..HEAD

if test $# -eq 1 ; then
	range=$1
else
	exit 1
fi

for commit in $(git rev-list $range); do
	results=$(git verify-commit $commit 2>&1)
	if test $? -ne 0; then
		git show --format=full --show-signature $commit
		# I'm not sure if the previous line will always include the
		# contents of $results, so I re-print it just in case.
		printf "%s\n\n" "$results"
	fi
done

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Tobias Geerinckx-Rice]

[-- Attachment #1.1: Type: text/plain, Size: 470 bytes --]

Leo,

On 29/12/16 03:10, Leo Famulari wrote:
> gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>"

Oh dear.

> Does anyone else get the same result? Any ideas?

I do, so it's a real® corrupted signature.

Looking back, it turns out that this isn't the first time this has
happened: another commit of mine (7d162df, gnu: mcelog: Update to 146.)
also has a bad signature, which I probably missed for the same reason.

Kind regards,

T G-R


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 476 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Tobias Geerinckx-Rice]

[-- Attachment #1.1: Type: text/plain, Size: 779 bytes --]

Leo,

On 29/12/16 03:47, Leo Famulari wrote:
> I'm also unable to verify the signature of two more commits, as below.

Signing seems to fail both seldom and pseudo-randomly. Oh, and
silently[1]. My favourite kind of bug.

I'm guessing this is what happens:

  $
  $ git commit, am or cherry-pick && git log --show-signatures
      ...everything looks good and signed! Let's push!
  $ git fetch --all && git rebase upstream/master
      ...now signing some non-HEAD commit silently fails...
  $ git push upstream
      ...badness.

Good night,

T G-R

[1]: until you check the log, of course.

PS:
  nckx@ubuntu~$ $ /usr/bin/gpg2 --version
  gpg (GnuPG) 2.1.15
  libgcrypt 1.7.2-beta
but I doubt that matters much now. I don't use Guix's gpg [yet].


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 476 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[John Darrington]

[-- Attachment #1: Type: text/plain, Size: 1014 bytes --]

On Thu, Dec 29, 2016 at 03:49:51AM +0100, Tobias Geerinckx-Rice wrote:
     Leo,
     
     On 29/12/16 03:10, Leo Famulari wrote:
     > gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>"
     
     Oh dear.
     
     > Does anyone else get the same result? Any ideas?
     
     I do, so it's a real?? corrupted signature.
     
     Looking back, it turns out that this isn't the first time this has
     happened: another commit of mine (7d162df, gnu: mcelog: Update to 146.)
     also has a bad signature, which I probably missed for the same reason.
     

How did these commits get into the repository?  Our repository is 
configured to reject unsigned commits.   Can it be that it doesn't
actually check that the signature matches? !!!




-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 1007 bytes --]

On Thu, Dec 29, 2016 at 07:08:18AM +0100, John Darrington wrote:
> On Thu, Dec 29, 2016 at 03:49:51AM +0100, Tobias Geerinckx-Rice wrote:
>      Leo,
>      
>      On 29/12/16 03:10, Leo Famulari wrote:
>      > gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>"
>      
>      Oh dear.
>      
>      > Does anyone else get the same result? Any ideas?
>      
>      I do, so it's a real?? corrupted signature.
>      
>      Looking back, it turns out that this isn't the first time this has
>      happened: another commit of mine (7d162df, gnu: mcelog: Update to 146.)
>      also has a bad signature, which I probably missed for the same reason.
>      
> 
> How did these commits get into the repository?  Our repository is 
> configured to reject unsigned commits.   Can it be that it doesn't
> actually check that the signature matches? !!!

Yes, it's a known limitation:

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#129

We need to improve the hook.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 419 bytes --]

On Thu, Dec 29, 2016 at 07:08:18AM +0100, John Darrington wrote:
> How did these commits get into the repository?  Our repository is 
> configured to reject unsigned commits.   Can it be that it doesn't
> actually check that the signature matches? !!!

Here's a pre-push Git hook that should prevent unsigned commits from
being pushed to any remote. I'd like to improve it to be applied
selectively per-remote.

[-- Attachment #1.2: pre-push --]
[-- Type: text/plain, Size: 1219 bytes --]

#!/gnu/store/b1yqjimbdh5bf9jnizd4h7yf110744j2-bash-4.3.42/bin/sh

# A hook script that prevents the user from pushing unsigned commits.

# Called by "git push" after it has checked the remote status, but before
# anything has been pushed.  If this script exits with a non-zero status nothing
# will be pushed.
#
# This hook is called with the following parameters:
#
# $1 -- Name of the remote to which the push is being done
# $2 -- URL to which the push is being done
#
# If pushing without using a named remote those arguments will be equal.
#
# Information about the commits which are being pushed is supplied as lines to
# the standard input in the form:
#
#   <local ref> <local sha1> <remote ref> <remote sha1>

z40=0000000000000000000000000000000000000000

while read local_ref local_sha remote_ref remote_sha
do
	if [ "$local_sha" = $z40 ]
	then
		# Handle delete
		:
	else
		if [ "$remote_sha" = $z40 ]
		then
			# New branch, examine all commits
			range="$local_sha"
		else
			# Update to existing branch, examine new commits
			range="$remote_sha..$local_sha"
		fi


		# Check if push candidate commits are PGP signed.
		git verify-commit $(git rev-list $range) >/dev/null 2>&1

		exit $?
	fi
done

exit 0

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 818 bytes --]

On Thu, Dec 29, 2016 at 01:44:59AM -0500, Leo Famulari wrote:
> Here's a pre-push Git hook that should prevent unsigned commits from
> being pushed to any remote. I'd like to improve it to be applied
> selectively per-remote.

The hook will only apply when pushing to Savannah if you put this test
at the beginning of the hook:

case "$2" in
*git.sv.gnu.org*)
        break
        ;;  
*)
        exit 0
        ;;  
esac

Commit signatures will be verified before pushing to Savannah, but it
doesn't interfere when pushing to another repository. I think this is
right balance between safety and convenience.

If people think the hook is correct, we could recommend it in HACKING.

> #!/gnu/store/b1yqjimbdh5bf9jnizd4h7yf110744j2-bash-4.3.42/bin/sh

Oops! It should all work with #!/bin/sh.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 1171 bytes --]

On Thu, Dec 29, 2016 at 04:04:49AM +0100, Tobias Geerinckx-Rice wrote:
> Signing seems to fail both seldom and pseudo-randomly. Oh, and
> silently[1]. My favourite kind of bug.
> 
> I'm guessing this is what happens:
> 
>   $
>   $ git commit, am or cherry-pick && git log --show-signatures
>       ...everything looks good and signed! Let's push!
>   $ git fetch --all && git rebase upstream/master
>       ...now signing some non-HEAD commit silently fails...
>   $ git push upstream
>       ...badness.
> 
> Good night,
> 
> T G-R
> 
> [1]: until you check the log, of course.
> 
> PS:
>   nckx@ubuntu~$ $ /usr/bin/gpg2 --version
>   gpg (GnuPG) 2.1.15
>   libgcrypt 1.7.2-beta
> but I doubt that matters much now. I don't use Guix's gpg [yet].

It would be nice to figure out why it fails. It seems specific to your
setup somehow (since there are no other broken signatures in the log),
but I have no idea where to start. Perhaps with the beta version of
libgcrypt.

Especially since it seems specific to your setup, can you evaluate the
pre-push hook that's attached, and start using the hook if you're
satisfied that it's correct?

[-- Attachment #1.2: pre-push --]
[-- Type: text/plain, Size: 1272 bytes --]

#!/bin/sh

# A hook script that prevents the user from pushing unsigned commits.

# Called by "git push" after it has checked the remote status, but before
# anything has been pushed.  If this script exits with a non-zero status nothing
# will be pushed.
#
# This hook is called with the following parameters:
#
# $1 -- Name of the remote to which the push is being done
# $2 -- URL to which the push is being done
#
# If pushing without using a named remote those arguments will be equal.
#
# Information about the commits which are being pushed is supplied as lines to
# the standard input in the form:
#
#   <local ref> <local sha1> <remote ref> <remote sha1>

z40=0000000000000000000000000000000000000000

# Only use the hook when pushing to Savannah.
case "$2" in
*git.sv.gnu.org*)
	break
	;;
*)
	exit 0
	;;
esac

while read local_ref local_sha remote_ref remote_sha
do
	if [ "$local_sha" = $z40 ]
	then
		# Handle delete
		:
	else
		if [ "$remote_sha" = $z40 ]
		then
			# New branch, examine all commits
			range="$local_sha"
		else
			# Update to existing branch, examine new commits
			range="$remote_sha..$local_sha"
		fi

		# Check if push candidate commits are PGP signed.
		git verify-commit $(git rev-list $range) >/dev/null 2>&1

		exit $?
	fi
done

exit 0

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Ludovic Courtès]

Hello Guix!

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

> On 29/12/16 03:10, Leo Famulari wrote:
>> gpg: BAD signature from "Tobias Geerinckx-Rice <me@tobias.gr>"
>
> Oh dear.
>
>> Does anyone else get the same result? Any ideas?
>
> I do, so it's a real® corrupted signature.

It’s a valid signature (gpg parses it correctly):

--8<---------------cut here---------------start------------->8---
$ git cat-file -p 6a34f4ccc8a5d4a48e25ad3c9c512f8634928b91
tree 1fcfe231ee1ee856980ee3e2f055a0d4615c59a6
parent 791ac6a68d1e4bc80f4760cd968cb6c26dbab9ba
author Tobias Geerinckx-Rice <me@tobias.gr> 1482962509 +0100
committer Tobias Geerinckx-Rice <me@tobias.gr> 1482975501 +0100
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCgAGBQJYZGkNAAoJEJHM25tIVBuZ+3QH/3wYO1BqGBolMzwD5wI5EVGO
 PBfHnvVBGonNUbuI9F7NwJqYbOeS2Nzd19/h/1T6oMclFCzPfPL5MpPQFnihvSo0
 sPdI+KRtXz4jOJ0WLy+JA65zbKpu84PM0rf0+m8iDA8bRCXIQt1Ym2uYdyIcqUj5
 +sCf6wbnrBhCGTf6t7phWCM3wd166V8L8sIHFhnpxfZRVV2sOGXyunHkcWu8v4/6
 Mf2oaBA08Gq+uCffsbHyqMRr03XhnXprAtaM1eKP0/d7G1nj14lM97mEjr9huGDk
 GKA8F+u3W/7FvaVIN9PhCzSrxzgmdMnVm9q61YB4RmEcBD1E/lG5h8dVOY3eMuI=
 =/4F2
 -----END PGP SIGNATURE-----

gnu: python-prompt-toolkit: Update to 1.0.9.

* gnu/packages/python.scm (python-prompt-toolkit): Update to 1.0.9.
--8<---------------cut here---------------end--------------->8---

However, it’s a signature against a different piece of data.

It would be good to figure out how that happened.

The pre-push hook that Leo sent runs ‘git verify-commit’, so it should
catch this kind of problem.

I’m all for adding it to the repo and recommending it in HACKING.

Leo?

But we really need to fix the server-side hook.

Thanks,
Ludo’.

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 217 bytes --]

On Mon, Jan 02, 2017 at 09:59:20PM +0100, Ludovic Courtès wrote:
> I’m all for adding it to the repo and recommending it in HACKING.
> 
> Leo?

I've attached a patch.

I'm not sure where to store the hook.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Ludovic Courtès]

Leo Famulari <leo@famulari.name> skribis:

> On Mon, Jan 02, 2017 at 09:59:20PM +0100, Ludovic Courtès wrote:
>> I’m all for adding it to the repo and recommending it in HACKING.
>> 
>> Leo?
>
> I've attached a patch.

Actually no.  :-)

> I'm not sure where to store the hook.

I’d say in a new etc/guix directory?

Thanks!

Ludo’.

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 455 bytes --]

On Tue, Jan 03, 2017 at 01:34:31PM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> 
> > On Mon, Jan 02, 2017 at 09:59:20PM +0100, Ludovic Courtès wrote:
> >> I’m all for adding it to the repo and recommending it in HACKING.
> >> 
> >> Leo?
> >
> > I've attached a patch.
> 
> Actually no.  :-)

Oops! I'll try again ;)

> > I'm not sure where to store the hook.
> 
> I’d say in a new etc/guix directory?

[-- Attachment #1.2: 0001-doc-Add-a-Git-hook-that-verifies-signatures-before-p.patch --]
[-- Type: text/plain, Size: 3135 bytes --]

From 837f7c717b201998810a46b8dadf8ba2165dde69 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Tue, 3 Jan 2017 01:19:25 -0500
Subject: [PATCH] doc: Add a Git hook that verifies signatures before pushing.

* HACKING (Commit Access): Describe the pre-push Git hook.
* etc/guix/pre-push: New file.
---
 HACKING           |  5 +++++
 etc/guix/pre-push | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100755 etc/guix/pre-push

diff --git a/HACKING b/HACKING
index 28948b3e2..364eedf6b 100644
--- a/HACKING
+++ b/HACKING
@@ -4,6 +4,7 @@
 
 Copyright © 2012, 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
 Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
+Copyright © 2017 Leo Famulari <leo@famulari.name>
 
   Copying and distribution of this file, with or without modification,
   are permitted in any medium without royalty provided the copyright
@@ -43,6 +44,10 @@ configure Git to automatically sign commits, run:
   git config commit.gpgsign true
   git config user.signingkey CABBA6EA1DC0FF33
 
+You can prevent yourself from accidentally pushing unsigned commits to Savannah
+by using the pre-push Git hook called 'pre-push'. It's located at
+'etc/guix/pre-push'.
+
 For anything else, please post to guix-devel@gnu.org and leave time for a
 review, without committing anything.  If you didn’t receive any reply
 after two weeks, and if you’re confident, it’s OK to commit.
diff --git a/etc/guix/pre-push b/etc/guix/pre-push
new file mode 100755
index 000000000..c894c5a9e
--- /dev/null
+++ b/etc/guix/pre-push
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+# This hook script prevents the user from pushing to Savannah if any of the new
+# commits' OpenPGP signatures cannot be verified.
+
+# Called by "git push" after it has checked the remote status, but before
+# anything has been pushed.  If this script exits with a non-zero status nothing
+# will be pushed.
+#
+# This hook is called with the following parameters:
+#
+# $1 -- Name of the remote to which the push is being done
+# $2 -- URL to which the push is being done
+#
+# If pushing without using a named remote those arguments will be equal.
+#
+# Information about the commits which are being pushed is supplied as lines to
+# the standard input in the form:
+#
+#   <local ref> <local sha1> <remote ref> <remote sha1>
+
+z40=0000000000000000000000000000000000000000
+
+# Only use the hook when pushing to Savannah.
+case "$2" in
+*git.sv.gnu.org*)
+	break
+	;;
+*)
+	exit 0
+	;;
+esac
+
+while read local_ref local_sha remote_ref remote_sha
+do
+	if [ "$local_sha" = $z40 ]
+	then
+		# Handle delete
+		:
+	else
+		if [ "$remote_sha" = $z40 ]
+		then
+			# New branch, examine all commits
+			range="$local_sha"
+		else
+			# Update to existing branch, examine new commits
+			range="$remote_sha..$local_sha"
+		fi
+
+		# Verify the signatures of all commits being pushed.
+		git verify-commit $(git rev-list $range) >/dev/null 2>&1
+
+		exit $?
+	fi
+done
+
+exit 0
-- 
2.11.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: Bad signature on commit 6a34f4ccc8a5d (gnu: python-prompt-toolkit: Update to 1.0.9.)

[Ludovic Courtès]

Leo Famulari <leo@famulari.name> skribis:

> On Tue, Jan 03, 2017 at 01:34:31PM +0100, Ludovic Courtès wrote:
>> Leo Famulari <leo@famulari.name> skribis:

[...]

>> > I'm not sure where to store the hook.
>> 
>> I’d say in a new etc/guix directory?

Argh, I meant “etc/git”, sorry.

> From 837f7c717b201998810a46b8dadf8ba2165dde69 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <leo@famulari.name>
> Date: Tue, 3 Jan 2017 01:19:25 -0500
> Subject: [PATCH] doc: Add a Git hook that verifies signatures before pushing.
>
> * HACKING (Commit Access): Describe the pre-push Git hook.
> * etc/guix/pre-push: New file.

OK with “etc/git”, thank you!

Ludo’.