#!/bin/sh # This hook script prevents the user from pushing to Savannah if any of the new # commits' OpenPGP signatures cannot be verified. # Called by "git push" after it has checked the remote status, but before # anything has been pushed. If this script exits with a non-zero status nothing # will be pushed. # # This hook is called with the following parameters: # # $1 -- Name of the remote to which the push is being done # $2 -- URL to which the push is being done # # If pushing without using a named remote those arguments will be equal. # # Information about the commits which are being pushed is supplied as lines to # the standard input in the form: # # z40=0000000000000000000000000000000000000000 # Only use the hook when pushing to Savannah. case "$2" in *git.sv.gnu.org*) break ;; *) exit 0 ;; esac while read local_ref local_sha remote_ref remote_sha do if [ "$local_sha" = $z40 ] then # Handle delete : else if [ "$remote_sha" = $z40 ] then # We are pushing a new branch. To prevent wasting too # much time for this relatively rare case, we examine # all commits since the first signed commit, rather than # the full history. This check *will* fail, and the user # will need to temporarily disable the hook to push the # new branch. range="e3d0fcbf7e55e8cbe8d0a1c5a24d73f341d7243b..$local_sha" else # Update to existing branch, examine new commits range="$remote_sha..$local_sha" fi # Verify the signatures of all commits being pushed. ret=0 for commit in $(git rev-list $range) do if ! git verify-commit $commit >/dev/null 2>&1 then printf "%s failed signature check\n" $commit ret=1 fi done exit $ret fi done exit 0 value='grep'>log msg
path: root/gnu/build/accounts.scm
AgeCommit message (Expand)Author
2019-08-28accounts: Delete duplicate entries....When adding multiple instances of a service requiring some user account/group, we could end up with multiple entries for that account or group in /etc/passwd or /etc/group. * gnu/build/accounts.scm (database-writer)[write-entries]: Add call to 'delete-duplicates'. * tests/accounts.scm ("write-passwd with duplicate entry"): New test. Ludovic Courtès
2019-06-27accounts: Use 'fsync' instead of 'fdatasync'....* gnu/build/accounts.scm (catch-ENOSYS): Remove. (database-writer): Use 'fsync' instead of 'fdatasync'. Ludovic Courtès
2019-06-05accounts: Call 'fdatasync' when writing databases....* gnu/build/accounts.scm (catch-ENOSYS): New macro. (database-writer): Call 'fdatasync'. Ludovic Courtès
2019-06-05accounts: Close database before renaming it....Fixes <https://bugs.gnu.org/35996>. Reported by Florian Pelz <pelzflorian@pelzflorian.de>. * gnu/build/accounts.scm (database-writer): Move 'close-port' call before 'rename-file'. Ludovic Courtès
2019-06-05activation: Lock /etc/.pwd.lock before accessing databases....Suggested by Florian Pelz <pelzflorian@pelzflorian.de> in <http://bugs.gnu.org/35996>. * gnu/build/accounts.scm (%password-lock-file): New variable. * gnu/build/activation.scm (activate-users+groups): Wrap calls to 'user+group-databases', 'write-group', etc. into 'with-file-lock'. Ludovic Courtès
2019-04-26accounts: Always honor the configured user account shell....Starting from commit 0ae735bcc8ff7fdc89d67b492bdee9091ee19e86, Guix System would preserve the user shell across reconfigure and reboot. This was done so as to allow for the use of 'chsh'. This proved to be a misguided decision. This commit goes back to considering user shells as config and not "state." * gnu/build/accounts.scm (allocate-passwd): Do not use shell from PREVIOUS. Ludovic Courtès
2019-03-07Add (gnu build accounts)....* gnu/build/accounts.scm, tests/accounts.scm: New files. * Makefile.am (SCM_TESTS): Add tests/accounts.scm. * gnu/local.mk (GNU_SYSTEM_MODULES): Add build/accounts.scm. Ludovic Courtès