#!/bin/sh # This hook script prevents the user from pushing to Savannah if any of the new # commits' OpenPGP signatures cannot be verified. # Called by "git push" after it has checked the remote status, but before # anything has been pushed. If this script exits with a non-zero status nothing # will be pushed. # # This hook is called with the following parameters: # # $1 -- Name of the remote to which the push is being done # $2 -- URL to which the push is being done # # If pushing without using a named remote those arguments will be equal. # # Information about the commits which are being pushed is supplied as lines to # the standard input in the form: # # z40=0000000000000000000000000000000000000000 # Only use the hook when pushing to Savannah. case "$2" in *git.sv.gnu.org*) break ;; *) exit 0 ;; esac while read local_ref local_sha remote_ref remote_sha do if [ "$local_sha" = $z40 ] then # Handle delete : else if [ "$remote_sha" = $z40 ] then # We are pushing a new branch. To prevent wasting too # much time for this relatively rare case, we examine # all commits since the first signed commit, rather than # the full history. This check *will* fail, and the user # will need to temporarily disable the hook to push the # new branch. range="e3d0fcbf7e55e8cbe8d0a1c5a24d73f341d7243b..$local_sha" else # Update to existing branch, examine new commits range="$remote_sha..$local_sha" fi # Verify the signatures of all commits being pushed. ret=0 for commit in $(git rev-list $range) do if ! git verify-commit $commit >/dev/null 2>&1 then printf "%s failed signature check\n" $commit ret=1 fi done exit $ret fi done exit 0 thor
path: root/tests/lint.scm
AgeCommit message (Expand)Author
2023-09-08lint: Check that (cc-for-target) and friends are used...."CC=gcc" is almost always incorrect; people often just don't notice the incorrectness because they are compiling natively. For an exception, see tzdata. "guix style" partially made things worse, so I partially ignored it. * guix/lint.scm (check-compiler-for-target): New linter. * tests/lint.scm ("compiler-for-target: unconditional CC=gcc is unacceptable") ("compiler-for-target: looks through G-expressions") ("compiler-for-target: (cc-for-target) is acceptable") ("compiler-for-target: CC=gcc is acceptable when target=#false"): Test it. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Maxime Devos
2023-05-06lint: archival: Warn against non-origin package sources....Suggested by Maxim Cournoyer <maxim.cournoyer@gmail.com> and Simon Tournier <zimon.toutoune@gmail.com>. * guix/lint.scm (check-archival): Add 'local-file?' clause. Clarify message in case (package-source package) is not an origin. * tests/lint.scm ("archival: not an origin"): New test. Ludovic Courtès
2022-10-27gnu: python-setuptools: Move to python-build....* gnu/packages/python-xyz.scm (python-setuptools): Move… * gnu/packages/python-build.scm: …here. * gnu/packages/chemistry.scm, gnu/packages/messaging.scm, gnu/packages/sequoia.scm, tests/lint.scm: Adjust module imports accordingly. Co-authored-by: Marius Bakke <marius@gnu.org> Lars-Dominik Braun
2022-10-17lint: source: Add check for <svn-reference> over HTTP(S)....* guix/lint.scm (svn-reference-uri-with-userinfo): New procedure. (check-source): Add 'svn-reference?' clause. * tests/lint.scm ("source: svn-reference, HTTP 200") ("source: svn-reference, HTTP 404"): New tests. Ludovic Courtès