aboutsummaryrefslogtreecommitdiff
blob: 94fc593cb6acb012f63a2b9fdb1525e209992570 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/bash
# gentoo-infra: infra/githooks.git:update-05-manifest
# Copyright 2017-2021 Michał Górny and others
# Distributed under the terms of the GNU General Public License v2 or later

# Author: Michał Górny <mgorny@gentoo.org>

refname=$1
oldrev=$2
newrev=$3

export LC_MESSAGES=C

# enforce only on master branch
[[ ${refname} == refs/heads/master ]] || exit 0

# special cases
zeros=0000000000000000000000000000000000000000
# branch removal
[[ ${newrev} == "${zeros}" ]] && exit 0
# no need to check for new branch because we skip non-master commits above

ret=0
while read commithash; do
    # check for any Manifest changes
    while read fname; do
        if [[ ${fname} == */Manifest ]]; then
            # check the resulting Manifest line-by-line
            while read tag mfile size hashes; do
                if [[ ${tag} != DIST ]]; then
                    echo "Thin Manifests can contain only DIST lines!"
                    echo " commit: ${commithash}"
                    echo "   file: ${fname}"
                    echo "  entry: ${tag} ${mfile} ${size} ${hashes}"
                    ret=1
                    break
                fi

                case ${hashes} in
                    *SHA256*WHIRLPOOL*)
                        echo "Disallowed hash set in Manifest!"
                        echo " commit: ${commithash}"
                        echo "   file: ${fname}"
                        echo "  entry: ${tag} ${mfile} ${size} ${hashes}"
                        ret=1
                        break
                        ;;
                    *BLAKE2B*SHA512*)
                        ;;
                    *)
                        echo "Disallowed hash set in Manifest!"
                        echo " commit: ${commithash}"
                        echo "   file: ${fname}"
                        echo "  entry: ${tag} ${mfile} ${size} ${hashes}"
                        ret=1
                        break
                        ;;
                esac
            done < <(git cat-file -p "${commithash}:${fname}")
        fi
    done < <(git diff --diff-filter=d --name-only "${commithash}^".."${commithash}")
done < <(git rev-list "${oldrev}..${newrev}")

exit ${ret}