From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: pre-push signature hook error reporting [was Re: [PATCH v6] gnu: python-sphinx: Update to 1.4.8.] Date: Mon, 16 Jan 2017 22:14:14 -0500 Message-ID: <20170117031414.GB23513@jasmine> References: <20170105161431.9803-1-dannym@scratchpost.org> <878tqpjw93.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <8760lj5eb6.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <20170113152400.GA24322@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1UWUbFP1cBYEclgG" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:51012) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cTKE4-0004iC-Tm for guix-devel@gnu.org; Mon, 16 Jan 2017 22:14:25 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cTKE1-00046O-P8 for guix-devel@gnu.org; Mon, 16 Jan 2017 22:14:24 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:47532) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cTKE1-00046E-Gw for guix-devel@gnu.org; Mon, 16 Jan 2017 22:14:21 -0500 Content-Disposition: inline In-Reply-To: <20170113152400.GA24322@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Marius Bakke Cc: guix-devel@gnu.org --1UWUbFP1cBYEclgG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 13, 2017 at 10:24:00AM -0500, Leo Famulari wrote: > I bet that you are using the new pre-push hook that verifies commit > signatures, and you're trying to push some commits that fail the > signature verification check. >=20 > Someone should add some error reporting to the hook. In Git 2.11.0, it seems that `git verify-commit` can't tell the user which commits failed verification: https://git.kernel.org/cgit/git/git.git/tree/builtin/verify-commit.c?h=3Dv2= =2E11.0 With a warm cache and all the public keys on my machine, checking the signature of all 17813 commits on the master branch takes ~40 seconds with `git verify-commit $(git rev-list HEAD)`. This is what the pre-push hook does now. Checking the commits one at a time takes ~105 seconds, using something like this: for commit in $(git rev-list HEAD); do if ! git verify-commit $commit; then echo $commit fi done We could make the hook do something like that. Thoughts? I think the performance regression is worth the convenience of knowing why it failed. --1UWUbFP1cBYEclgG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlh9jAIACgkQJkb6MLrK fwgssBAAuLml5utKbPmq4BvamNAMjP860+NQvDOEmsM+uUvoH223L9c6v7gKLBW4 oIiop8qP02LF4Y3XjKdGmPEz107yyq45Ok9dQ0QCBIVIWSYbwEs1w5ObjFmnvPIu IJ5/J0MU0wG7ErmGyuUa4sbnrL+PgTbesTABvBnThJP2m5yIbfcz1SJBwfFFyUYd prhrMYKZ54Hd5zyu7LuLIByHr1ldsIHgirKrnAkAZAWpxHnKI51l/4dpuvvEYRR5 z+9a45bEKdY170/YO1yYoDtAqxhAi7pyKHBDnJAVH09qUgKIxECurhBLxw5O9uUl ajYyawdnu1zu9oCGdfkcNu0vrOrggIFw2fVHGqiPSR/5Sp6BtQz9TCe38VtajhCh rJacFYs+hB3iPE9tdpU4EJiM32xIYohoaz2jEI5eOvvRSazGu63AI6KcYFbHFDlc I0rztFIwVEGkv/RU/umfwMMUDfNAgmAVlEHyrlVGnpUYvHFk+K4jFvwiWEOIZsL3 t1A+TnFyKJfPZpjC7Ub5qyTg0LE2rcHV3G3GFfNk3dawMRexYb1vXIjMlCsoSjtW 7ciy97uLTO5urhZFMQcRCMwnSEYpz8A62pSKVB5iMnxUDdj7Q3Oljfi2aAyeK7B1 fp9KCyrfYFYuX+Q2tnzDRN4kPchue95+oxbjOnZk8WdI6Xvll7A= =VUgZ -----END PGP SIGNATURE----- --1UWUbFP1cBYEclgG--