From fcff62262703554ccebdda353f5435aeb6162834 Mon Sep 17 00:00:00 2001 From: "Robin H. Johnson" Date: Sun, 15 Dec 2019 22:22:12 -0800 Subject: local: resync from git-gx86-tools/49b86a7418e68de3cf90ec88add3ac08630b7f0b, need to redo local commits Signed-off-by: Robin H. Johnson --- git-gx86-tools | 2 +- local/postrecv-bugs | 18 ++++- local/tests/lib.sh | 44 +++++++++--- local/tests/run-all.sh | 1 - local/tests/update-04-utf8.sh | 1 - local/tests/update-05-manifest.sh | 1 - local/tests/update-06-copyright.sh | 1 - local/update-01-basic | 1 - local/update-02-gpg | 134 +++++++++++++++++++++---------------- local/update-03-filename | 12 ---- local/update-04-utf8 | 12 ---- local/update-05-manifest | 12 ---- local/update-06-copyright | 2 - 13 files changed, 129 insertions(+), 112 deletions(-) diff --git a/git-gx86-tools b/git-gx86-tools index f2eb9ed..49b86a7 160000 --- a/git-gx86-tools +++ b/git-gx86-tools @@ -1 +1 @@ -Subproject commit f2eb9ed28de2ce3ade1ebd8097afded19d4ae2ec +Subproject commit 49b86a7418e68de3cf90ec88add3ac08630b7f0b diff --git a/local/postrecv-bugs b/local/postrecv-bugs index c36ba56..992815b 100755 --- a/local/postrecv-bugs +++ b/local/postrecv-bugs @@ -1,5 +1,4 @@ #!/bin/bash -# gentoo-infra: infra/githooks.git:local/postrecv-bugs # Copyright 2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 or later @@ -30,13 +29,18 @@ while read -r oldrev newrev refname; do while read -r commithash; do while read -r l; do + is_fixes=0 case ${l} in # kinda-like github/gitlab/bitbucket but: # 1. we accept only -s forms for simplicity, # 2. we accept only footer-style to avoid false positives, # 3. we have to scan the whole commit message because # developers still fail to have just one footer. - Closes:*|Resolves:*|Fixes:*) + Closes:*|Resolves:*) + close=1;; + # normally used to reference commit ids + Fixes:*) + is_fixes=1 close=1;; # alternate form to ref without closing Bug:*) @@ -47,6 +51,16 @@ while read -r oldrev newrev refname; do # strip whitespace, split words bugref=( ${l#*:} ) + if [[ ${is_fixes} == 1 ]]; then + case ${bugref} in + # commit ref + [0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F][0-9a-fA-F]*) + continue;; + *) + echo "WARNING: 'Fixes' tag should reference commit id, not: ${bugref[*]}" + ;; + esac + fi for bug in "${bugref[@]}"; do case ${bug} in # long bugzilla URL diff --git a/local/tests/lib.sh b/local/tests/lib.sh index f4fcaaa..e3432db 100644 --- a/local/tests/lib.sh +++ b/local/tests/lib.sh @@ -1,5 +1,4 @@ #!/bin/bash -# gentoo-infra: infra/githooks.git:local/tests/lib.sh # Git hook test helpers # Copyright 2018 Michał Górny # Distributed under the terms of the GNU General Public License v2 or later @@ -51,13 +50,13 @@ run_test() { ) } -# Run the test for specified branch, presuming it's a new branch. -# $1 - branch name -run_test_branch() { - local branch=${1} +# Run the test for specified ref, presuming it's a new branch/tag. +# $1 - ref path +run_test_ref() { + local ref=${1} ( - set -- "refs/heads/${branch}" 0000000000000000000000000000000000000000 HEAD + set -- "${ref}" 0000000000000000000000000000000000000000 HEAD set +e . "${HOOK_PATH}" ) @@ -76,7 +75,17 @@ test_success() { # $1 - branch name test_branch_success() { local branch=${1} - run_test_branch "${branch}" + run_test_ref "refs/heads/${branch}" + tend ${?} + : $(( TEST_RET |= ${?} )) +} + +# Run the hook presuming new tag is added. +# Expect success. +# $1 - tag name +test_tag_success() { + local tag=${1} + run_test_ref "refs/tags/${tag}" tend ${?} : $(( TEST_RET |= ${?} )) } @@ -107,7 +116,26 @@ test_branch_failure() { local expected=${2} local msg - if msg=$(run_test_branch "${branch}"); then + if msg=$(run_test_ref "refs/heads/${branch}"); then + tend 1 "Hook unexpectedly succeeded" + return 1 + fi + + [[ ${msg} == ${expected} ]] + tend ${?} "'${msg}' != '${expected}'" + : $(( TEST_RET |= ${?} )) +} + +# Run the hook presuming new tag is added. +# Expect failure with message matching the pattern. +# $1 - tag name +# $2 - bash pattern to match +test_tag_failure() { + local tag=${1} + local expected=${2} + local msg + + if msg=$(run_test_ref "refs/tags/${tag}"); then tend 1 "Hook unexpectedly succeeded" return 1 fi diff --git a/local/tests/run-all.sh b/local/tests/run-all.sh index 50bef43..117f210 100755 --- a/local/tests/run-all.sh +++ b/local/tests/run-all.sh @@ -1,5 +1,4 @@ #!/bin/bash -# gentoo-infra: infra/githooks.git:local/tests/run-all.sh # Tests for git hooks # Copyright 2018 Michał Górny # Distributed under the terms of the GNU General Public License v2 or later diff --git a/local/tests/update-04-utf8.sh b/local/tests/update-04-utf8.sh index b172d6a..f471948 100755 --- a/local/tests/update-04-utf8.sh +++ b/local/tests/update-04-utf8.sh @@ -1,5 +1,4 @@ #!/bin/bash -# gentoo-infra: infra/githooks.git:local/tests/update-04-utf8.sh # Tests for update-04-utf8 hook # Copyright 2018 Michał Górny # Distributed under the terms of the GNU General Public License v2 or later diff --git a/local/tests/update-05-manifest.sh b/local/tests/update-05-manifest.sh index 6b894ad..1597092 100755 --- a/local/tests/update-05-manifest.sh +++ b/local/tests/update-05-manifest.sh @@ -1,5 +1,4 @@ #!/bin/bash -# gentoo-infra: infra/githooks.git:local/tests/update-05-manifest.sh # Tests for update-05-manifest hook # Copyright 2018 Michał Górny # Distributed under the terms of the GNU General Public License v2 or later diff --git a/local/tests/update-06-copyright.sh b/local/tests/update-06-copyright.sh index dd969da..4edaa72 100755 --- a/local/tests/update-06-copyright.sh +++ b/local/tests/update-06-copyright.sh @@ -1,5 +1,4 @@ #!/bin/bash -# gentoo-infra: infra/githooks.git:local/tests/update-06-copyright.sh # Tests for update-06-copyright hook # Copyright 2018 Michał Górny # Distributed under the terms of the GNU General Public License v2 or later diff --git a/local/update-01-basic b/local/update-01-basic index 9c9741a..b1a36dc 100755 --- a/local/update-01-basic +++ b/local/update-01-basic @@ -1,5 +1,4 @@ #!/bin/sh -# gentoo-infra: infra/githooks.git:local/update-01-basic # --- Command line refname=${1} diff --git a/local/update-02-gpg b/local/update-02-gpg index 10cf13b..c3c15e9 100755 --- a/local/update-02-gpg +++ b/local/update-02-gpg @@ -1,5 +1,4 @@ -#!/bin/sh -# gentoo-infra: infra/githooks.git:local/update-02-gpg +#!/bin/bash # --- Command line refname=${1} @@ -19,6 +18,9 @@ if [ -z "${refname}" -o -z "${oldrev}" -o -z "${newrev}" ]; then exit 1 fi +# branch names or 'all', or 'all-refs' for all refs +SIGNED_BRANCHES=$(git config --get gentoo.signed-branches) +: ${SIGNED_BRANCHES:=master} VERIFY_SIGS=$(git config --get gentoo.verify-signatures) : ${VERIFY_SIGS:=gentoo-devs} @@ -69,68 +71,84 @@ case ${VERIFY_SIGS} in exit 1 esac -# --- Check types -# if $newrev is 0000...0000, it's a commit to delete a ref. -zero="0000000000000000000000000000000000000000" - -case ${refname} in - refs/heads/master) +case ${SIGNED_BRANCHES} in + all-refs) + ;; + all) + [[ ${refname} == refs/heads/* ]] || exit 0 + ;; + *) + [[ ${refname} == refs/heads/* ]] || exit 0 + branch_found= + for branch in ${SIGNED_BRANCHES}; do + if [[ ${refname#refs/heads/} == ${branch} ]]; then + branch_found=1 + break + fi + done + [[ ${branch_found} == 1 ]] || exit 0 +esac - IFS=' +IFS=' ' - # verify that everything on the left-hand side of commit history is signed - # (further branches of merges can be unsigned) - revs=$(git rev-list --first-parent "${newrev}" "^${oldrev}") - for r in ${revs}; do - committer=$(git show -q --pretty=format:'%ce' "${r}") - if [[ ${VERIFY_SIGS} == gentoo-devs && ${committer} != *@gentoo.org ]]; then - echo "*** Committer address is not @gentoo.org, refusing" - exit 1 - fi +# special cases +zeros=0000000000000000000000000000000000000000 +# branch removal +[[ ${newrev} == "${zeros}" ]] && exit 0 +# new branch; try to find a merge base with master +if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then + mergebase=$(git merge-base refs/heads/master "${newrev}") + [[ -n ${mergebase} ]] && oldrev=${mergebase} +fi +rev_list_arg="${oldrev}..${newrev}" +# new and no common commit? gotta check them all +[[ ${oldrev} == "${zeros}" ]] && rev_list_arg="${newrev}" - signst=$(git show -q --pretty=format:'%G?' "${r}") - case ${VERIFY_SIGS} in - gentoo-devs) - # gentoo dev signatures must be Good - [[ ${signst} == G ]] && continue - ;; - no) - # additionally skip untrusted/impossible to check - # when verification is disabled - [[ ${signst} == [GUE] ]] && continue - ;; - esac +while read -r r; do + committer=$(git show -q --pretty=format:'%ce' "${r}") + if [[ ${VERIFY_SIGS} == gentoo-devs && ${committer} != *@gentoo.org ]]; then + echo "*** Committer address is not @gentoo.org, refusing" + exit 1 + fi - # error reporting - case ${signst} in - U) - echo "*** Untrusted signature on ${r}, refusing" - exit 1 - ;; - B) - echo "*** Bad signature on ${r}, refusing" - exit 1 - ;; - N) - echo "*** No signature on ${r}, refusing" - exit 1 - ;; - E) - echo "*** Signature cannot be checked on ${r}, refusing" - exit 1 - ;; - *) - echo "*** Unknown signature status '${signst}', refusing" - exit 1 - ;; - esac - done + signst=$(git show -q --pretty=format:'%G?' "${r}") + case ${VERIFY_SIGS} in + gentoo-devs) + # gentoo dev signatures must be Good + [[ ${signst} == G ]] && continue + ;; + no) + # additionally skip untrusted/impossible to check + # when verification is disabled + [[ ${signst} == [GUE] ]] && continue + ;; + esac - ;; - *) - ;; -esac + # error reporting + case ${signst} in + U) + echo "*** Untrusted signature on ${r}, refusing" + exit 1 + ;; + B) + echo "*** Bad signature on ${r}, refusing" + exit 1 + ;; + N) + echo "*** No signature on ${r}, refusing" + exit 1 + ;; + E) + echo "*** Signature cannot be checked on ${r}, refusing" + exit 1 + ;; + *) + echo "*** Unknown signature status '${signst}', refusing" + exit 1 + ;; + esac +done < <(git rev-list --first-parent "${rev_list_arg}") # --- Finished exit 0 diff --git a/local/update-03-filename b/local/update-03-filename index 6871175..da2c8ff 100755 --- a/local/update-03-filename +++ b/local/update-03-filename @@ -1,5 +1,4 @@ #!/bin/bash -# gentoo-infra: infra/githooks.git:local/update-03-filename # Copyright 2015-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 or later @@ -12,17 +11,6 @@ newrev=$3 # skip non-master commits [[ ${refname} == refs/heads/master ]] || exit 0 -# special cases -zeros=0000000000000000000000000000000000000000 -# branch removal -[[ ${newrev} == "${zeros}" ]] && exit 0 -# new branch; try to find a merge base with master -if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then - mergebase=$(git merge-base refs/heads/master "${newrev}") - [[ -n ${mergebase} ]] && oldrev=${mergebase} - [[ -z ${mergebase} ]] && echo "WARNING: No common commits with master!" -fi - # Filenames must contain only the characters [A-Za-z0-9._+-] and must # not begin with a dot, a hyphen, or a plus sign. # https://devmanual.gentoo.org/general-concepts/tree/#what-belongs-in-the-tree%3F diff --git a/local/update-04-utf8 b/local/update-04-utf8 index 0365dec..8195931 100755 --- a/local/update-04-utf8 +++ b/local/update-04-utf8 @@ -1,5 +1,4 @@ #!/bin/bash -# gentoo-infra: infra/githooks.git:local/update-04-utf8 # Copyright 2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 or later @@ -11,17 +10,6 @@ newrev=$3 export LC_MESSAGES=C -# special cases -zeros=0000000000000000000000000000000000000000 -# branch removal -[[ ${newrev} == "${zeros}" ]] && exit 0 -# new branch; try to find a merge base with master -if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then - mergebase=$(git merge-base refs/heads/master "${newrev}") - [[ -n ${mergebase} ]] && oldrev=${mergebase} - [[ -z ${mergebase} ]] && echo "WARNING: No common commits with master!" -fi - ret=0 while read commithash; do # verify that the commit object (including author, committer, commit diff --git a/local/update-05-manifest b/local/update-05-manifest index 4649fc3..42afd2a 100755 --- a/local/update-05-manifest +++ b/local/update-05-manifest @@ -1,5 +1,4 @@ #!/bin/bash -# gentoo-infra: infra/githooks.git:local/update-05-manifest # Copyright 2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 or later @@ -14,17 +13,6 @@ export LC_MESSAGES=C # enforce only on master branch [[ ${refname} == refs/heads/master ]] || exit 0 -# special cases -zeros=0000000000000000000000000000000000000000 -# branch removal -[[ ${newrev} == "${zeros}" ]] && exit 0 -# new branch; try to find a merge base with master -if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then - mergebase=$(git merge-base refs/heads/master "${newrev}") - [[ -n ${mergebase} ]] && oldrev=${mergebase} - [[ -z ${mergebase} ]] && echo "WARNING: No common commits with master!" -fi - ret=0 while read commithash; do # check for any Manifest changes diff --git a/local/update-06-copyright b/local/update-06-copyright index 70e39af..82cba58 100755 --- a/local/update-06-copyright +++ b/local/update-06-copyright @@ -1,5 +1,4 @@ #!/bin/bash -# gentoo-infra: infra/githooks.git:local/update-06-copyright # Verify that GCO sign-off is present in commit messages # Copyright 2018 Michał Górny # Distributed under the terms of the GNU General Public License v2 or later @@ -75,7 +74,6 @@ zeros=0000000000000000000000000000000000000000 if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then mergebase=$(git merge-base refs/heads/master "${newrev}") [[ -n ${mergebase} ]] && oldrev=${mergebase} - [[ -z ${mergebase} ]] && echo "WARNING: No common commits with master!" fi rev_list_arg="${oldrev}..${newrev}" # new and no common commit? gotta check them all -- cgit v1.2.3-65-gdbad