[asterisk-scf-commits] team/dlee/git-hooks.git branch "master" created.
Commits to the Asterisk SCF project code repositories
asterisk-scf-commits at lists.digium.com
Fri Dec 3 09:59:49 CST 2010
branch "master" has been created
at d9fb9c71b5d847d21076afffc5c2f1fc87c8f308 (commit)
- Log -----------------------------------------------------------------
commit d9fb9c71b5d847d21076afffc5c2f1fc87c8f308
Author: David M. Lee <dlee at digium.com>
Date: Fri Dec 3 09:59:22 2010 -0600
Initial rev of check-author-whitelist.sh
diff --git a/check-author-whitelist.sh b/check-author-whitelist.sh
new file mode 100755
index 0000000..3292f4e
--- /dev/null
+++ b/check-author-whitelist.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+#
+# Copyright (C) 2010, Digium, Inc.
+#
+# This git update hook compares the author emails from commits with a
+# whitelist stored in ${GIT_DIR}/author-whitelist. If any commit has an
+# author that is not whitelisted, the offending author's email is displayed
+# the the update is rejected.
+#
+
+exit 0
+
+if test -z ${GIT_DIR}; then
+ cat <<EOF >&2
+Do not run directly. This is a git update hook.
+EOF
+ exit 1
+fi
+
+# Prints a list of all authors for the given revlist to stdout
+function git-authors
+{
+ git rev-list --pretty=format:"%ae" "$1" | grep -v "^commit " | sort | uniq
+}
+
+function commit-authors
+{
+ if test "$1" = 0000000000000000000000000000000000000000; then
+ # Creating a new branch. Unfortunately, we don't know if we're
+ # cloning an existing branch or not, so we'll have to check most
+ # revisions.
+ #
+ # This went pretty quickly on an Ubuntu 10.10 VM against
+ # the Linux kernel repo (8601 authors, 221706 commits, < 7 seconds).
+ # I doubt a performance optimization is necessary.
+ #
+ # We will grandfather in some commits that happened prior to
+ # Nov 4, 2010. They already exist in the repos with a bad email
+ # address, and correcting that would require rebasing several
+ # publicly exposed repos. Not happy, but you can't change the
+ # past.
+ git-authors --max-age 1288828800 $2
+ else if test "$2" = 0000000000000000000000000000000000000000; then
+ # deleting a branch
+ cat /dev/null
+ else
+ # regular commit
+ git-authors $1..$2
+ fi
+}
+
+# Some things to note when modifying this script
+# * the output from commit-authors can be pretty much anything. Just clone
+# the Linux kernel repo and look at the authors. Given that, you
+# _really_ have to be careful about shell injection.
+#
+# * the grep below will remove whitelisted authors from the list of
+# commit-authors. it will return with an exit code of 0 if there are
+# non-whitelisted commit-authors.
+#
+# * grep --fixed-strings matches the whole line, so we'll never have
+# the case of hacker_bob at yahoo.com being mistaken for bob at yahoo.com.
+#
+# * as a (pleasant) side effect, the list of non-whitelisted authors is
+# printed to stdout.
+#
+# * this is surpisingly fast; it took less than 100ms to compare 8601
+# commit-authors against a whitelist of 8601 authors.
+commit-authors $2 $3 | \
+ grep -v --fixed-strings --file=${GIT_DIR}/author-whitelist
+
+if test $? -eq 0; then
+ echo ">>> Unrecognized Authors. Fail!" >&2
+ exit 1
+fi
-----------------------------------------------------------------------
--
team/dlee/git-hooks.git
More information about the asterisk-scf-commits
mailing list