branch master updated: hydra: Add the server-side Git hook.

[Leo Famulari]

This is an automated email from the git hooks/post-receive script.

lfam pushed a commit to branch master
in repository maintenance.

The following commit(s) were added to refs/heads/master by this push:
     new a703475  hydra: Add the server-side Git hook.
a703475 is described below

commit a7034752cf3469d80485f44f02efb123862ba0a0
Author: Leo Famulari <leo@famulari.name>
AuthorDate: Sun Feb 28 14:06:20 2021 -0500

    hydra: Add the server-side Git hook.
    
    * hydra/savannah/assert-commit-signed: New file.
---
 hydra/savannah/assert-commit-signed | 38 +++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/hydra/savannah/assert-commit-signed 
b/hydra/savannah/assert-commit-signed
new file mode 100644
index 0000000..39cbfae
--- /dev/null
+++ b/hydra/savannah/assert-commit-signed
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# Server-side Git update hook for checking whether pushed commits are
+# signed.  To enable it, rename this file to 'update'.
+#
+# For more info:
+#
+# https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#112
+# https://savannah.nongnu.org/support/?109104
+#
+# TODO: Eventually, we'll check whether commits are signed by people
+# authorized to modify the files they touch.
+
+## $1 is the reference being revised
+## $2 is the last HEAD
+## $3 is the HEAD commit of the series of commits being applied
+ref="$1"
+rev_old="$2"
+rev_new="$3"
+span="`git rev-list ^$rev_old $rev_new`"
+zero="0000000000000000000000000000000000000000"
+
+result=0
+for commit in $span
+do
+    if [ "$commit" = "$zero" ]
+    then
+       break
+    fi
+
+    if ! git cat-file -p "$commit" | grep -q '^gpgsig '
+    then
+       echo "error: commit '$commit' lacks an OpenPGP signature; rejected" >&2
+       result=1
+    fi
+done
+
+exit $result