Skip to content

Commit 98b7879

Browse files
laanwjlaanwj
committed
Add signoff.py script
1 parent f1e8f2e commit 98b7879

File tree

2 files changed

+59
-0
lines changed

2 files changed

+59
-0
lines changed

README.md

+21
Original file line numberDiff line numberDiff line change
@@ -61,3 +61,24 @@ treehash512.py [<commithash>]
6161

6262
This should match the Tree-SHA512 commit metadata field added by
6363
github-merge.
64+
65+
signoff
66+
----------
67+
68+
This is an utility to manually add a treehash to the HEAD commit and then
69+
gpg-sign it. This is useful when there is the need to manually add a commit.
70+
71+
Usage:
72+
73+
```bash
74+
signoff.py
75+
```
76+
(no command line arguments)
77+
78+
When there is already a treehash on the HEAD commit, it is compared against
79+
what is computed. If this matches, it continues. If the treehash mismatches an
80+
error is thrown. If there is no treehash it adds the "Tree-SHA512:" header with
81+
the computed hash to the commit message.
82+
83+
After making sure the treehash is correct it verifies whether the commit is
84+
signed. If so it just displays the signature, if not, it is signed.

signoff.py

+38
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
#!/usr/bin/python3
2+
'''
3+
This is an utility to manually add a treehash to the top commit and
4+
then gpg-sign it.
5+
'''
6+
from treehash512 import tree_sha512sum, GIT
7+
import subprocess, sys
8+
HDR = b'Tree-SHA512'
9+
def main():
10+
commit = 'HEAD'
11+
h = tree_sha512sum(commit).encode()
12+
msg = subprocess.check_output([GIT, 'show', '-s', '--format=%B', commit]).rstrip()
13+
14+
curh = None
15+
for line in msg.splitlines():
16+
if line.startswith(HDR+b':'):
17+
assert(curh is None) # no multiple treehashes
18+
curh = line[len(HDR)+1:].strip()
19+
20+
if curh == h:
21+
print('Warning: already has a (valid) treehash')
22+
if subprocess.call([GIT, 'verify-commit', commit]) == 0:
23+
# already signed, too, just exit
24+
sys.exit(0)
25+
elif curh is not None:
26+
print('Error: already has a treehash, which mismatches. Something is wrong. Remove it first.')
27+
sys.exit(1)
28+
else: # no treehash
29+
msg += b'\n\n' + HDR + b': ' + h
30+
31+
print(msg.decode())
32+
33+
subprocess.check_call([GIT, 'commit', '--amend', '--gpg-sign', '-m', msg, '--no-edit'])
34+
rv = subprocess.call([GIT, 'verify-commit', commit])
35+
sys.exit(rv)
36+
37+
if __name__ == '__main__':
38+
main()

0 commit comments

Comments
 (0)