diff options
| author | Matěj Cepl <mcepl@cepl.eu> | 2024-05-28 11:31:29 +0200 |
|---|---|---|
| committer | Robin Jarry <robin@jarry.cc> | 2024-05-28 23:52:35 +0200 |
| commit | 36457f82f22dd98125f845c908a342a1bebb3a8f (patch) | |
| tree | 94ddfa0d9857810586910fc856c4615f46cc51ad | |
| parent | d3288e6359744ad0383d08270aea74f4497c974d (diff) | |
| download | aerc-36457f82f22dd98125f845c908a342a1bebb3a8f.tar.gz | |
sendemail-validate: optionally use patatt to attest patches
One weakness of the email based workflow as used on Sourcehut is that
git send-email strips all signatures from commits. patatt is not strict
equivalent of signed commits, but at least there is a cryptographic
attestation that the patch was send by the person it pretends it was
sent.
Optional, default off, switched on by setting
$ git config --bool sendemail.runPatatt true
Signed-off-by: Matěj Cepl <mcepl@cepl.eu>
Acked-by: Robin Jarry <robin@jarry.cc>
| -rwxr-xr-x | contrib/sendemail-validate | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/contrib/sendemail-validate b/contrib/sendemail-validate index 76031115..efcce648 100755 --- a/contrib/sendemail-validate +++ b/contrib/sendemail-validate @@ -27,7 +27,14 @@ validate_cover_letter () { validate_patch () { file="$1" # Ensure that the patch applies without conflicts. - git am -3 "$file" + git am -3 "$file" || return + # Sign the patch if patatt is available. + case "$(git config --default false --get sendemail.runPatatt)" in + TRUE|True|true|yes|YES|Yes|Y|y|on|ON|On|1) + command -v patatt >/dev/null 2>&1 || return + patatt sign --hook "$file" || return 1 + ;; + esac } validate_series () { |