blob: 94fc593cb6acb012f63a2b9fdb1525e209992570 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
#!/bin/bash
# gentoo-infra: infra/githooks.git:update-05-manifest
# Copyright 2017-2021 Michał Górny and others
# Distributed under the terms of the GNU General Public License v2 or later
# Author: Michał Górny <mgorny@gentoo.org>
refname=$1
oldrev=$2
newrev=$3
export LC_MESSAGES=C
# enforce only on master branch
[[ ${refname} == refs/heads/master ]] || exit 0
# special cases
zeros=0000000000000000000000000000000000000000
# branch removal
[[ ${newrev} == "${zeros}" ]] && exit 0
# no need to check for new branch because we skip non-master commits above
ret=0
while read commithash; do
# check for any Manifest changes
while read fname; do
if [[ ${fname} == */Manifest ]]; then
# check the resulting Manifest line-by-line
while read tag mfile size hashes; do
if [[ ${tag} != DIST ]]; then
echo "Thin Manifests can contain only DIST lines!"
echo " commit: ${commithash}"
echo " file: ${fname}"
echo " entry: ${tag} ${mfile} ${size} ${hashes}"
ret=1
break
fi
case ${hashes} in
*SHA256*WHIRLPOOL*)
echo "Disallowed hash set in Manifest!"
echo " commit: ${commithash}"
echo " file: ${fname}"
echo " entry: ${tag} ${mfile} ${size} ${hashes}"
ret=1
break
;;
*BLAKE2B*SHA512*)
;;
*)
echo "Disallowed hash set in Manifest!"
echo " commit: ${commithash}"
echo " file: ${fname}"
echo " entry: ${tag} ${mfile} ${size} ${hashes}"
ret=1
break
;;
esac
done < <(git cat-file -p "${commithash}:${fname}")
fi
done < <(git diff --diff-filter=d --name-only "${commithash}^".."${commithash}")
done < <(git rev-list "${oldrev}..${newrev}")
exit ${ret}
|