diff options
| author |   Michał Górny <mgorny@gentoo.org> | 2018-07-16 18:37:21 +0200 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2019-04-09 13:05:55 +0200 |
| commit | e0262d3a4c681884515b78c6715c525803ecca90 (patch) | |
| tree | c838426456a5f0b75582be2699cf30c367b1a07e | |
| parent | update-02-gpg: Enforce @gentoo.org committer addresses (diff) | |
| download | githooks-e0262d3a4c681884515b78c6715c525803ecca90.tar.gz githooks-e0262d3a4c681884515b78c6715c525803ecca90.tar.bz2 githooks-e0262d3a4c681884515b78c6715c525803ecca90.zip | |
gpg hook: Make signature verification optional
Make signature verification optional. When disabled, the hook only
enforces that a signature is present but does not necessarily verify its
validity.
The used configuration key uses a default value of 'gentoo-devs'. This
is meant to match the gkeys seed group, to make the configuration
future-proof for gkeys-based verification with multiple possible groups.
| -rwxr-xr-x | local/update-02-gpg | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/local/update-02-gpg b/local/update-02-gpg index 3e0cc7b..cae648b 100755 --- a/local/update-02-gpg +++ b/local/update-02-gpg @@ -18,6 +18,19 @@ if [ -z "${refname}" -o -z "${oldrev}" -o -z "${newrev}" ]; then exit 1 fi +VERIFY_SIGS=$(git config --get gentoo.verify-signatures) +: ${VERIFY_SIGS:=gentoo-devs} + +case ${VERIFY_SIGS} in + gentoo-devs) + ;; + no) + ;; + *) + echo "Invalid value of gentoo.verify-signatures" >&2 + exit 1 +esac + # --- Check types # if $newrev is 0000...0000, it's a commit to delete a ref. zero="0000000000000000000000000000000000000000" @@ -33,15 +46,26 @@ case ${refname} in revs=$(git rev-list --first-parent "${newrev}" "^${oldrev}") for r in ${revs}; do committer=$(git show -q --pretty=format:'%ce' "${r}") - if [[ ${committer} != *@gentoo.org ]]; then + if [[ ${VERIFY_SIGS} == gentoo-devs && ${committer} != *@gentoo.org ]]; then echo "*** Committer address is not @gentoo.org, refusing" exit 1 fi signst=$(git show -q --pretty=format:'%G?' "${r}") - case ${signst} in - G) + case ${VERIFY_SIGS} in + gentoo-devs) + # gentoo dev signatures must be Good + [[ ${signst} == G ]] && continue ;; + no) + # additionally skip untrusted/impossible to check + # when verification is disabled + [[ ${signst} == [GUE] ]] && continue + ;; + esac + + # error reporting + case ${signst} in U) echo "*** Untrusted signature on ${r}, refusing" exit 1 @@ -54,6 +78,10 @@ case ${refname} in echo "*** No signature on ${r}, refusing" exit 1 ;; + E) + echo "*** Signature cannot be checked on ${r}, refusing" + exit 1 + ;; *) echo "*** Unknown signature status '${signst}', refusing" exit 1 |