#!/bin/sh

# This hook script prevents the user from pushing to Savannah if any of the new
# commits' OpenPGP signatures cannot be verified, or if a commit is signed
# with an unauthorized key.

# Called by "git push" after it has checked the remote status, but before
# anything has been pushed.  If this script exits with a non-zero status nothing
# will be pushed.
#
# This hook is called with the following parameters:
#
# $1 -- Name of the remote to which the push is being done
# $2 -- URL to which the push is being done
#
# If pushing without using a named remote those arguments will be equal.
#
# Information about the commits which are being pushed is supplied as lines to
# the standard input in the form:
#
#   <local ref> <local sha1> <remote ref> <remote sha1>

# This is the "empty hash" used by Git when pushing a branch deletion.
z40=0000000000000000000000000000000000000000

while read local_ref local_hash remote_ref remote_hash
do
	# When deleting a remote branch, no commits are pushed to the remote, and
	# thus there are no signatures to be verified.
	if [ "$local_hash" != $z40 ]
	then
		# Only use the hook when pushing to Savannah.
		case "$2" in
		    *.gnu.org*)
			set -e
			make check-channel-news
			exec guix git authenticate
			exit 127
			;;
		    *)
			exit 0
			;;
		esac
	fi
done

exit 0
14042a2f7d0bc3321'>tree</a><a href='/guix/commit/tests/openpgp.scm?id=42ee282d2d2dc6a35b58d6c14042a2f7d0bc3321'>commit</a><a href='/guix/diff/tests/openpgp.scm?id=42ee282d2d2dc6a35b58d6c14042a2f7d0bc3321'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/openpgp.scm'>
<input type='hidden' name='id' value='42ee282d2d2dc6a35b58d6c14042a2f7d0bc3321'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=42ee282d2d2dc6a35b58d6c14042a2f7d0bc3321'>root</a>/<a href='/guix/log/tests?id=42ee282d2d2dc6a35b58d6c14042a2f7d0bc3321'>tests</a>/<a href='/guix/log/tests/openpgp.scm?id=42ee282d2d2dc6a35b58d6c14042a2f7d0bc3321'>openpgp.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/openpgp.scm?id=42ee282d2d2dc6a35b58d6c14042a2f7d0bc3321&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2021-12-22 10:53:19 +0100'>2021-12-22</span></td><td><a href='/guix/commit/tests/openpgp.scm?id=9ebc9ca070a21ba0aeb3f61202a8071bb250ccc8'>tests: Move keys into ./tests/keys/ and add a third ed25519 key.</a><span class='msg-avail'>...<span class='msg-tooltip'>The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe &lt;othacehe@gnu.org&gt;
</span></span></td><td>Attila Lendvai</td></tr>
<tr><td><span title='2020-09-29 22:53:36 +0200'>2020-09-29</span></td><td><a href='/guix/commit/tests/openpgp.scm?id=680b80e37453d4e23ad8188d60894916e1c07162'>openpgp: Fix argument order of 'fxbit-set?'.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/openpgp.scm (fxbit-set?): Change to swap arguments compared to
'bit-set?'.
* tests/openpgp.scm (%binary-sample): New test vector.
("port-ascii-armored?, #t"): Add test.
("port-ascii-armored?, #f"): Add another test.

Co-authored-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Lars-Dominik Braun</td></tr>