#!/bin/sh

# This hook script prevents the user from pushing to Savannah if any of the new
# commits' OpenPGP signatures cannot be verified.

# Called by "git push" after it has checked the remote status, but before
# anything has been pushed.  If this script exits with a non-zero status nothing
# will be pushed.
#
# This hook is called with the following parameters:
#
# $1 -- Name of the remote to which the push is being done
# $2 -- URL to which the push is being done
#
# If pushing without using a named remote those arguments will be equal.
#
# Information about the commits which are being pushed is supplied as lines to
# the standard input in the form:
#
#   <local ref> <local sha1> <remote ref> <remote sha1>

z40=0000000000000000000000000000000000000000

# Only use the hook when pushing to Savannah.
case "$2" in
*git.sv.gnu.org*)
	break
	;;
*)
	exit 0
	;;
esac

while read local_ref local_sha remote_ref remote_sha
do
	if [ "$local_sha" = $z40 ]
	then
		# Handle delete
		:
	else
		if [ "$remote_sha" = $z40 ]
		then
			# New branch, examine all commits
			range="$local_sha"
		else
			# Update to existing branch, examine new commits
			range="$remote_sha..$local_sha"
		fi

		# Verify the signatures of all commits being pushed.
		git verify-commit $(git rev-list $range) >/dev/null 2>&1

		exit $?
	fi
done

exit 0
2889c97fb50f94371d7c7f7591bc0bc67901'>tree</a><a href='/guix/commit/gnu/packages/libupnp.scm?id=464a2889c97fb50f94371d7c7f7591bc0bc67901'>commit</a><a href='/guix/diff/gnu/packages/libupnp.scm?id=464a2889c97fb50f94371d7c7f7591bc0bc67901'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/libupnp.scm'>
<input type='hidden' name='id' value='464a2889c97fb50f94371d7c7f7591bc0bc67901'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=464a2889c97fb50f94371d7c7f7591bc0bc67901'>root</a>/<a href='/guix/log/gnu?id=464a2889c97fb50f94371d7c7f7591bc0bc67901'>gnu</a>/<a href='/guix/log/gnu/packages?id=464a2889c97fb50f94371d7c7f7591bc0bc67901'>packages</a>/<a href='/guix/log/gnu/packages/libupnp.scm?id=464a2889c97fb50f94371d7c7f7591bc0bc67901'>libupnp.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/libupnp.scm?id=464a2889c97fb50f94371d7c7f7591bc0bc67901&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2017-01-23 23:27:04 -0500'>2017-01-23</span></td><td><a href='/guix/commit/gnu/packages/libupnp.scm?id=165259593a21c6586125a5f93c20ee199deefbe3'>gnu: libupnp: Update to 1.6.21.</a><span class='msg-avail'>...</span></td><td>Leo Famulari</td></tr>
<tr><td><span title='2016-12-16 15:28:02 -0500'>2016-12-16</span></td><td><a href='/guix/commit/gnu/packages/libupnp.scm?id=f8faf537cae393b9d9bdb7fd476ad5f79dedaf91'>gnu: libupnp: Fix CVE-2016-8863.</a><span class='msg-avail'>...</span></td><td>Leo Famulari</td></tr>
<tr><td><span title='2016-10-09 15:57:28 -0400'>2016-10-09</span></td><td><a href='/guix/commit/gnu/packages/libupnp.scm?id=9e672bcc0b61a007ea29858517b58896dc1b9449'>gnu: libupnp: Fix CVE-2016-6255.</a><span class='msg-avail'>...</span></td><td>Leo Famulari</td></tr>
<tr><td><span title='2016-09-11 11:31:40 -0400'>2016-09-11</span></td><td><a href='/guix/commit/gnu/packages/libupnp.scm?id=9f20f7f8416c79e20a9670662630711cf00760bb'>gnu: libupnp: Update to 1.6.20.</a><span class='msg-avail'>...</span></td><td>Leo Famulari</td></tr>