aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/sendemail-validate
diff options
context:
space:
mode:
authorMatěj Cepl <mcepl@cepl.eu>2024-05-28 11:31:29 +0200
committerRobin Jarry <robin@jarry.cc>2024-05-28 23:52:35 +0200
commit36457f82f22dd98125f845c908a342a1bebb3a8f (patch)
tree94ddfa0d9857810586910fc856c4615f46cc51ad /contrib/sendemail-validate
parentd3288e6359744ad0383d08270aea74f4497c974d (diff)
downloadaerc-36457f82f22dd98125f845c908a342a1bebb3a8f.tar.gz
sendemail-validate: optionally use patatt to attest patches
One weakness of the email based workflow as used on Sourcehut is that git send-email strips all signatures from commits. patatt is not strict equivalent of signed commits, but at least there is a cryptographic attestation that the patch was send by the person it pretends it was sent. Optional, default off, switched on by setting $ git config --bool sendemail.runPatatt true Signed-off-by: Matěj Cepl <mcepl@cepl.eu> Acked-by: Robin Jarry <robin@jarry.cc>
Diffstat (limited to 'contrib/sendemail-validate')
-rwxr-xr-xcontrib/sendemail-validate9
1 files changed, 8 insertions, 1 deletions
diff --git a/contrib/sendemail-validate b/contrib/sendemail-validate
index 76031115..efcce648 100755
--- a/contrib/sendemail-validate
+++ b/contrib/sendemail-validate
@@ -27,7 +27,14 @@ validate_cover_letter () {
validate_patch () {
file="$1"
# Ensure that the patch applies without conflicts.
- git am -3 "$file"
+ git am -3 "$file" || return
+ # Sign the patch if patatt is available.
+ case "$(git config --default false --get sendemail.runPatatt)" in
+ TRUE|True|true|yes|YES|Yes|Y|y|on|ON|On|1)
+ command -v patatt >/dev/null 2>&1 || return
+ patatt sign --hook "$file" || return 1
+ ;;
+ esac
}
validate_series () {