#!/bin/bash # gentoo-infra: infra/githooks.git:local/update-05-manifest # Copyright 2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 or later # Author: Michał Górny refname=$1 oldrev=$2 newrev=$3 export LC_MESSAGES=C # enforce only on master branch [[ ${refname} == refs/heads/master ]] || exit 0 # special cases zeros=0000000000000000000000000000000000000000 # branch removal [[ ${newrev} == "${zeros}" ]] && exit 0 # new branch; try to find a merge base with master if [[ ${oldrev} == "${zeros}" && ${refname} != refs/heads/master ]]; then mergebase=$(git merge-base refs/heads/master "${newrev}") [[ -n ${mergebase} ]] && oldrev=${mergebase} [[ -z ${mergebase} ]] && echo "WARNING: No common commits with master!" fi ret=0 while read commithash; do # check for any Manifest changes while read fname; do if [[ ${fname} == */Manifest ]]; then # check the resulting Manifest line-by-line while read tag mfile size hashes; do if [[ ${tag} != DIST ]]; then echo "Thin Manifests can contain only DIST lines!" echo " commit: ${commithash}" echo " file: ${fname}" echo " entry: ${tag} ${mfile} ${size} ${hashes}" ret=1 break fi case ${hashes} in *SHA256*WHIRLPOOL*) echo "Disallowed hash set in Manifest!" echo " commit: ${commithash}" echo " file: ${fname}" echo " entry: ${tag} ${mfile} ${size} ${hashes}" ret=1 break ;; *BLAKE2B*SHA512*) ;; *) echo "Disallowed hash set in Manifest!" echo " commit: ${commithash}" echo " file: ${fname}" echo " entry: ${tag} ${mfile} ${size} ${hashes}" ret=1 break ;; esac done < <(git cat-file -p "${commithash}:${fname}") fi done < <(git diff --diff-filter=d --name-only "${commithash}^".."${commithash}") done < <(git rev-list "${oldrev}..${newrev}") exit ${ret}