On Sat, Sep 12, 2015 at 12:37:33PM +0200, Julian Andres Klode wrote: > Introduce an option to deny unsigned tags from entering > a repository. This is useful in teams where members forget > to sign their release tags. > > It does not actually check whether the signature is actually > complete or valid, it just checks for the beginning of a > signature, as further checks would be too involved. > > This effectively also denies un-annotated tags, as those > are unsigned by definition. > > Signed-off-by: Julian Andres Klode <jak@xxxxxxxxxx> > --- > templates/hooks--update.sample | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) > [...] > @@ -86,6 +90,14 @@ case "$refname","$newrev_type" in > ;; > refs/tags/*,tag) > # annotated tag > + if [ "$denyunsignedtag" != "true" ] || git cat-file -p $newrev | grep -q 'BEGIN PGP SIGNATURE'; then > + : > + else > + echo "*** Tag '$refname' is unsigned" > + echo "*** Unsigned tags are not allowed in this repository." >&2 > + exit 1 There are some accidental space characters in front of that, this is fixed locally already. Sorry. -- Julian Andres Klode - Debian Developer, Ubuntu Member See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/. Be friendly, do not top-post, and follow RFC 1855 "Netiquette". - If you don't I might ignore you. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html