dn42/registry
1
0
Fork 0
mirror of https://git.dn42.dev/dn42/registry.git synced 2025-07-19 00:46:59 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Various fixes to sign-my-commit:

Browse source 
- more consistent use of quotes
 - add additional feedback when signature is already detected
 - add --force option
 - only select latest signature if multiple signature headers found

Fix squash-my-commit when signature not requested
This commit is contained in:
Simon Marsh 2025-05-04 09:13:28 +01:00
parent 90e85ae9cf
commit 21ed480098
No known key found for this signature in database
GPG key ID: E9B4156C1659C079
2 changed files with 129 additions and 94 deletions
Download patch file Download diff file Expand all files Collapse all files

213
sign-my-commit
View file

@ -16,7 +16,7 @@ usage()
{ {
cat <<EOF cat <<EOF
This script can automatically sign commits using supported SSH or PGP This script can automatically sign commits using supported SSH or PGP
authentication methods. Remember to push the new signature to the server authentication methods. Remember to push the new signature to the server
after signing (using 'git push --force' or the --push option). after signing (using 'git push --force' or the --push option).
@ -34,10 +34,11 @@ Generic options:
--push, force push the result after signature and verification --push, force push the result after signature and verification
--verify, check an existing signature on the latest commit --verify, check an existing signature on the latest commit
--commit <hash>, check the signature on a specific commit --commit <hash>, check the signature on a specific commit
--force, override some checks and continue on errors
--help, display this message --help, display this message
PGP specific options: PGP specific options:
--print <fprint>, specify fingerprint of GPG key to use if you --print <fprint>, specify fingerprint of GPG key to use if you
don't want to use the first available key don't want to use the first available key
SSH specific options: SSH specific options:
@ -47,6 +48,9 @@ SSH specific options:
--method <type>, either 'git' or 'comment' to force SSH signatures --method <type>, either 'git' or 'comment' to force SSH signatures
to use a specific method, defaults to 'git' to use a specific method, defaults to 'git'
Some parameters can also be set via environment variables,
see the defaults section in the script for more details.
EOF EOF
} }
@ -54,15 +58,16 @@ EOF
########################################################################## ##########################################################################
# defaults # defaults
DO_PUSH=0 DO_PUSH=${DO_PUSH:-0}
DO_SQUASH=1 DO_SQUASH=${DO_SQUASH:-1}
AUTH_METHOD='' AUTH_METHOD=${AUTH_METHOD:-''}
MNTNER='' MNTNER=${MNTNER:-''}
SSH_KEYFILE='' SSH_KEYFILE=${SSH_KEYFILE:-''}
SSH_METHOD='git' SSH_METHOD=${SSH_METHOD:-'git'}
GPG_PRINT='' GPG_PRINT=${GPG_PRINT:-''}
VERIFY_ONLY=0 VERIFY_ONLY=${VERIFY_ONLY:-0}
COMMIT_SHA='' COMMIT_SHA=${COMMIT_SHA:-''}
FORCE=${FORCE:-0}
########################################################################## ##########################################################################
# parse arguments # parse arguments
@ -103,6 +108,9 @@ do
shift shift
GPG_PRINT="$1" GPG_PRINT="$1"
;; ;;
--force)
FORCE=1
;;
--help) --help)
usage usage
exit 0 exit 0
@ -110,14 +118,14 @@ do
*) *)
if [ -z "$MNTNER" ] if [ -z "$MNTNER" ]
then then
MNTNER=$1 MNTNER="$1"
else else
>&2 echo "ERROR: Unknown option: $1" >&2 echo "ERROR: Unknown option: $1"
>&2 usage >&2 usage
exit 1 exit 1
fi fi
;; ;;
esac esac
shift shift
@ -129,7 +137,7 @@ done
# check working directory # check working directory
if [ ! -d '.git' ] && [ ! -d 'data/mntner' ] if [ ! -d '.git' ] && [ ! -d 'data/mntner' ]
then then
>&2 echo "ERROR: This script must be run in the root directory of a registry clone" >&2 echo 'ERROR: This script must be run in the root directory of a registry clone'
exit 1 exit 1
fi fi
@ -151,7 +159,7 @@ then
then then
MNTNER=$(git log "$COMMIT_SHA" -n 1 --format=format:%B | \ MNTNER=$(git log "$COMMIT_SHA" -n 1 --format=format:%B | \
grep '^### mntner:' | \ grep '^### mntner:' | \
cut -d':' -f2 | tr -d ' ') cut -d':' -f2 | tr -d ' ' | tail -n 1)
if [ -n "$MNTNER" ] if [ -n "$MNTNER" ]
then then
echo "Found mntner $MNTNER from signature" echo "Found mntner $MNTNER from signature"
@ -162,7 +170,7 @@ then
then then
AUTH_METHOD=$(git log "$COMMIT_SHA" -n 1 --format=format:%B | \ AUTH_METHOD=$(git log "$COMMIT_SHA" -n 1 --format=format:%B | \
grep '^### method:' | \ grep '^### method:' | \
cut -d':' -f2 | tr -d ' ') cut -d':' -f2 | tr -d ' ' | tail -n 1)
if [ -n "$AUTH_METHOD" ] if [ -n "$AUTH_METHOD" ]
then then
echo "Using $AUTH_METHOD auth method from signature" echo "Using $AUTH_METHOD auth method from signature"
@ -191,8 +199,8 @@ gitv_minor=$(git --version | cut -d'.' -f2)
if { [ "$gitv_major" -eq 2 ] && [ "$gitv_minor" -lt 5 ]; } || \ if { [ "$gitv_major" -eq 2 ] && [ "$gitv_minor" -lt 5 ]; } || \
[ "$gitv_major" -lt 2 ] [ "$gitv_major" -lt 2 ]
then then
>&2 echo "ERROR: This script requires a git version 2.5" >&2 echo 'ERROR: This script requires a git version 2.5'
>&2 echo "---" >&2 echo '---'
>&2 git --version >&2 git --version
exit 1 exit 1
fi fi
@ -204,37 +212,48 @@ then
# check for untracked or uncommitted changes # check for untracked or uncommitted changes
if [ -n "$(git status --porcelain)" ] if [ -n "$(git status --porcelain)" ]
then then
>&2 echo "ERROR: git worktree has unstaged or uncommitted changes" >&2 echo 'ERROR: git worktree has unstaged or uncommitted changes'
>&2 echo "This script can only be run once your commit is completed" >&2 echo 'This script can only be run once your commit is completed'
>&2 echo "---" >&2 echo '---'
>&2 git status >&2 git status
exit 1 exit 1
fi fi
# check that the commit has been squashed # check that the commit has been squashed
if [ "$DO_SQUASH" -eq 1 ] if [ "$DO_SQUASH" -eq 1 ]
then then
if ! ./squash-my-commits --verify if ! ./squash-my-commits --verify
then then
>&2 echo "ERROR: Ensure your commits are squashed before signing" >&2 echo 'ERROR: Ensure your commits are squashed before signing'
>&2 echo "Run the included script: ./squash-my-commits" >&2 echo 'Run the included script: ./squash-my-commits'
exit 1 exit 1
fi fi
fi fi
# check for an existing signature # check for an existing signature
if git log -n 1 --format=format:%B 2>&1 | grep '^### DN42 Signature' > /dev/null if git log -n 1 --format=format:%B 2>&1 | grep '^### DN42 Signature' > /dev/null
then then
>&2 echo "ERROR: The last commit appears to already be signed" >&2 echo 'ERROR: Detected ### DN42 Signature header in commit comment'
>&2 echo "---" >&2 echo 'ERROR: The commit appears to be signed already'
>&2 git log -n 1 --show-signature if [ "$FORCE" -ne 0 ]
exit 1 then
>&2 echo '!!! ignoring errors, continuing'
else
>&2 echo '---'
>&2 git log -n 1 --show-signature
>&2 echo '---'
>&2 echo 'If you want to re-try signing the commit then you must either'
>&2 echo 're-run this script again using the --force option, or'
>&2 echo 'manually remove the "### DN42 Signature" header from the commit'
>&2 echo 'comment (e.g. using git commit --amend)'
exit 1
fi
fi fi
fi fi
########################################################################## ##########################################################################
# helper functions # helper functions
# guess a signature method based on the first auth attribute in a MNTNER # guess a signature method based on the first auth attribute in a MNTNER
guess_mntner_method() guess_mntner_method()
@ -289,7 +308,7 @@ get_pgp_prints()
rm "$pgp_prints" rm "$pgp_prints"
exit 1 exit 1
fi fi
# get the fingerprint from key-cert file # get the fingerprint from key-cert file
grep '^fingerpr:' "data/key-cert/$auth_method" | \ grep '^fingerpr:' "data/key-cert/$auth_method" | \
cut -c21- | tr -d ' ' | \ cut -c21- | tr -d ' ' | \
@ -316,10 +335,18 @@ sign_pgp()
# check first if there is already a signature # check first if there is already a signature
if git log -n 1 --show-signature | grep "^gpg" > /dev/null 2>&1 if git log -n 1 --show-signature | grep "^gpg" > /dev/null 2>&1
then then
>&2 echo "ERROR: The last commit appears to already be signed." >&2 echo 'ERROR: Found existing git signature'
>&2 echo "---" >&2 echo 'ERROR: The last commit appears to be signed already'
>&2 git log -n 1 --show-signature if [ "$FORCE" -ne 0 ]
exit 1 then
>&2 echo '!!! ignoring errors, continuing'
else
>&2 echo "---"
>&2 git log -n 1 --show-signature
>&2 echo "---"
>&2 echo "You can use the --force option for re-try signing"
exit 1
fi
fi fi
# if the fingerprint wasn't specified, obtain from the MNTNER # if the fingerprint wasn't specified, obtain from the MNTNER
@ -360,15 +387,15 @@ sign_pgp()
verify_pgp() verify_pgp()
{ {
echo "Verifying PGP signature" echo 'Verifying PGP signature'
# requires git 2.5 # requires git 2.5
if ! git verify-commit "$COMMIT_SHA" if ! git verify-commit "$COMMIT_SHA"
then then
>&2 echo "ERROR: failed to verify PGP signature" >&2 echo 'ERROR: failed to verify PGP signature'
exit 1 exit 1
fi fi
echo " - PGP signature verified ok" echo ' - PGP signature verified ok'
# create a list of authorised pgp fingerprints # create a list of authorised pgp fingerprints
valid_prints=$(get_pgp_prints) valid_prints=$(get_pgp_prints)
@ -381,14 +408,14 @@ verify_pgp()
if grep "$print" "$valid_prints" > /dev/null 2>&1 if grep "$print" "$valid_prints" > /dev/null 2>&1
then then
echo "Matched fingerprint with auth attribute for $MNTNER" echo "Matched fingerprint with auth attribute for $MNTNER"
echo "Successfully verified PGP signature" echo 'Successfully verified PGP signature'
rm "$valid_prints" rm "$valid_prints"
return return
fi fi
done done
>&2 echo "ERROR: unable to match key fingerprint with mntner: $MNTNER" >&2 echo "ERROR: unable to match key fingerprint with mntner: $MNTNER"
rm "$valid_prints" rm "$valid_prints"
exit 1 exit 1
} }
@ -411,7 +438,7 @@ filter_ssh_auths()
echo "$line" echo "$line"
;; ;;
esac esac
done done
} }
# create an allowed signers file using the mntner auth attributes # create an allowed signers file using the mntner auth attributes
@ -426,7 +453,7 @@ get_allowed_signers()
check_keyfile() check_keyfile()
{ {
pubkeyfile='' pubkeyfile=''
# guess the public key if a keyfile wasn't specified # guess the public key if a keyfile wasn't specified
if [ -z "$SSH_KEYFILE" ] if [ -z "$SSH_KEYFILE" ]
then then
@ -438,12 +465,12 @@ check_keyfile()
filter_ssh_auths | head -n 1 > "$pubkeyfile" filter_ssh_auths | head -n 1 > "$pubkeyfile"
if [ ! -s "$pubkeyfile" ] if [ ! -s "$pubkeyfile" ]
then then
>&2 echo "ERROR: Unable to auto determine SSH public key" >&2 echo 'ERROR: Unable to auto determine SSH public key'
>&2 echo "Try specifying the key directly using --key" >&2 echo 'Try specifying the key directly using --key'
rm "$pubkeyfile" rm "$pubkeyfile"
exit 1 exit 1
fi fi
# check if the pubkey is available in agent # check if the pubkey is available in agent
pubkey=$(tr -s ' ' < "$pubkeyfile" | cut -d' ' -f1,2) pubkey=$(tr -s ' ' < "$pubkeyfile" | cut -d' ' -f1,2)
if ssh-add -L | grep "^$pubkey" > /dev/null 2>&1 if ssh-add -L | grep "^$pubkey" > /dev/null 2>&1
@ -454,14 +481,14 @@ check_keyfile()
# no key found in agent, clean up the keyfile first # no key found in agent, clean up the keyfile first
rm "$pubkeyfile" rm "$pubkeyfile"
pubkeyfile='' pubkeyfile=''
if [ -d "${HOME}/.ssh" ] if [ -d "${HOME}/.ssh" ]
then then
# as a last resort, try scanning the 'usual' ssh # as a last resort, try scanning the 'usual' ssh
# directory to find the key in there # directory to find the key in there
SSH_KEYFILE=$(grep -l "^$pubkey" "${HOME}"/.ssh/*.pub) SSH_KEYFILE=$(grep -l "^$pubkey" "${HOME}"/.ssh/*.pub)
fi fi
if [ -n "$SSH_KEYFILE" ] if [ -n "$SSH_KEYFILE" ]
then then
@ -473,7 +500,7 @@ ERROR: Unable to identify public key in ssh-agent or home directory
- When auto detecting the public key from you mntner object it - When auto detecting the public key from you mntner object it
- is required that the private key is available in ssh-agent or - is required that the private key is available in ssh-agent or
- in your ${HOME}/.ssh/ directory. - in your ${HOME}/.ssh/ directory.
- Please add your key to ssh-agent or use the --key option to - Please add your key to ssh-agent or use the --key option to
- specify where the private key is directly. - specify where the private key is directly.
--- ---
Pubkey: $pubkey Pubkey: $pubkey
@ -487,14 +514,14 @@ EOF
if ! pubkey=$(ssh-keygen -l -f "$SSH_KEYFILE") if ! pubkey=$(ssh-keygen -l -f "$SSH_KEYFILE")
then then
>&2 echo "ERROR: $SSH_KEYFILE doesn't look like a valid SSH key" >&2 echo "ERROR: $SSH_KEYFILE doesn't look like a valid SSH key"
>&2 echo "Try specifying the public or private key directly using --key" >&2 echo 'Try specifying the public or private key directly using --key'
>&2 echo "File contents:" >&2 echo 'File contents:'
>&2 cat "$SSH_KEYFILE" >&2 cat "$SSH_KEYFILE"
if [ -n "$pubkeyfile" ]; then rm "$pubkeyfile"; fi if [ -n "$pubkeyfile" ]; then rm "$pubkeyfile"; fi
exit 1 exit 1
fi fi
echo "Using: $pubkey" echo "Using: $pubkey"
} }
########################################################################## ##########################################################################
@ -504,7 +531,7 @@ EOF
sign_ssh_git() sign_ssh_git()
{ {
check_keyfile check_keyfile
# configure local git signing # configure local git signing
git config --local gpg.format ssh git config --local gpg.format ssh
git config --local user.signingKey "$SSH_KEYFILE" git config --local user.signingKey "$SSH_KEYFILE"
@ -527,9 +554,9 @@ sign_ssh_git()
# was there an error ? # was there an error ?
if [ "$result" -ne 0 ] if [ "$result" -ne 0 ]
then then
>&2 echo "ERROR: failed to sign commit" >&2 echo 'ERROR: failed to sign commit'
>&2 echo " - Try specifying your key using --key" >&2 echo ' - Try specifying your key using --key'
>&2 echo " - or adding your key to ssh-agent" >&2 echo ' - or adding your key to ssh-agent'
exit 1 exit 1
fi fi
@ -542,7 +569,7 @@ sign_ssh_git()
sign_ssh_comment() sign_ssh_comment()
{ {
check_keyfile check_keyfile
# create the signature # create the signature
sig=$(echo "$COMMIT_SHA" | \ sig=$(echo "$COMMIT_SHA" | \
ssh-keygen -Y sign -n dn42 -f "$SSH_KEYFILE") ssh-keygen -Y sign -n dn42 -f "$SSH_KEYFILE")
@ -554,10 +581,10 @@ sign_ssh_comment()
# check for errors # check for errors
if [ "$result" -ne 0 ] if [ "$result" -ne 0 ]
then then
>&2 echo "ERROR: ssh-keygen signing failed" >&2 echo 'ERROR: ssh-keygen signing failed'
>&2 echo " - Try specifying your key using --key" >&2 echo ' - Try specifying your key using --key'
>&2 echo " - or adding the key to ssh-agent" >&2 echo ' - or adding the key to ssh-agent'
if [ -n "$pubkeyfile" ]; then rm "$pubkeyfile"; fi if [ -n "$pubkeyfile" ]; then rm "$pubkeyfile"; fi
exit 1 exit 1
fi fi
@ -584,7 +611,7 @@ sign_ssh()
if ! ssh-keygen -Y sign 2>&1 | grep 'missing namespace' > /dev/null if ! ssh-keygen -Y sign 2>&1 | grep 'missing namespace' > /dev/null
then then
>&2 cat <<EOF >&2 cat <<EOF
ERROR: This script requires the key signing capability from ERROR: This script requires the key signing capability from
OpenSSH ssh-keygen that was introduced in version 8. OpenSSH ssh-keygen that was introduced in version 8.
If you are unable to upgrade ssh-keygen you must use one of the If you are unable to upgrade ssh-keygen you must use one of the
@ -599,20 +626,20 @@ EOF
fi fi
# if we have git >= 2.34 the commit can be git signed # if we have git >= 2.34 the commit can be git signed
if [ "$SSH_METHOD" != "comment" ] if [ "$SSH_METHOD" != 'comment' ]
then then
if { [ "$gitv_major" -eq 2 ] && [ "$gitv_minor" -ge 34 ]; } || \ if { [ "$gitv_major" -eq 2 ] && [ "$gitv_minor" -ge 34 ]; } || \
[ "$gitv_major" -gt 2 ] [ "$gitv_major" -gt 2 ]
then then
echo "Detected git version >= 2.34, using git SSH signature" echo 'Detected git version >= 2.34, using git SSH signature'
sign_ssh_git sign_ssh_git
return return
else else
echo "Detected git version < 2.34, cannot sign using git" echo 'Detected git version < 2.34, cannot sign using git'
fi fi
fi fi
echo "Defaulting to comment based signature" echo 'Defaulting to comment based signature'
sign_ssh_comment sign_ssh_comment
} }
@ -628,8 +655,8 @@ verify_ssh_git()
if { [ "$gitv_major" -eq 2 ] && [ "$gitv_minor" -lt 34 ]; } || \ if { [ "$gitv_major" -eq 2 ] && [ "$gitv_minor" -lt 34 ]; } || \
[ "$gitv_major" -lt 2 ] [ "$gitv_major" -lt 2 ]
then then
>&2 echo "Detected git version < 2.34, unable to verify git signatures" >&2 echo 'Detected git version < 2.34, unable to verify git signatures'
>&2 echo "- Upgrade git to at least version 2.34" >&2 echo '- Upgrade git to at least version 2.34'
exit 1 exit 1
fi fi
@ -645,22 +672,22 @@ verify_ssh_git()
# clean up allowed signers file before doing anything else # clean up allowed signers file before doing anything else
git config --local --unset gpg.ssh.allowedSignersFile git config --local --unset gpg.ssh.allowedSignersFile
rm "$allowed" rm "$allowed"
# did the signature successfully validate ? # did the signature successfully validate ?
if [ "$result" -ne 0 ] if [ "$result" -ne 0 ]
then then
>&2 echo "ERROR: failed to verify SSH signature" >&2 echo 'ERROR: failed to verify SSH signature'
exit 1 exit 1
fi fi
echo "SSH signature verified ok" echo 'SSH signature verified ok'
} }
# verify a comment based SSH signature # verify a comment based SSH signature
verify_ssh_comment() verify_ssh_comment()
{ {
echo "Verifying SSH signature comment" echo 'Verifying SSH signature comment'
# create the allowed signers file # create the allowed signers file
allowed=$(get_allowed_signers) allowed=$(get_allowed_signers)
@ -671,11 +698,11 @@ verify_ssh_comment()
# also extract the SSH signature from the comment # also extract the SSH signature from the comment
signature=$(mktemp) signature=$(mktemp)
begin="-----BEGIN SSH SIGNATURE-----" begin='-----BEGIN SSH SIGNATURE-----'
end="-----END SSH SIGNATURE-----" end='-----END SSH SIGNATURE-----'
git log "$COMMIT_SHA" -n 1 --format=format:%B | \ git log "$COMMIT_SHA" -n 1 --format=format:%B | \
sed "/^$begin\$/,/^$end\$/!d" > "$signature" sed "/^$begin\$/,/^$end\$/!d" > "$signature"
# now we can verify the signature # now we can verify the signature
echo "$text" | ssh-keygen -Y verify -f "$allowed" \ echo "$text" | ssh-keygen -Y verify -f "$allowed" \
-n dn42 -I "$MNTNER" -s "$signature" -n dn42 -I "$MNTNER" -s "$signature"
@ -686,11 +713,11 @@ verify_ssh_comment()
# did it work ? # did it work ?
if [ "$result" -eq 0 ] if [ "$result" -eq 0 ]
then then
echo "Successfully verified SSH sigature" echo 'Successfully verified SSH sigature'
else else
>&2 echo "ERROR: signature verification failed" >&2 echo 'ERROR: signature verification failed'
exit 1 exit 1
fi fi
} }
# SSH verify wrapper # SSH verify wrapper
@ -698,7 +725,7 @@ verify_ssh()
{ {
# determine signature type from log comment # determine signature type from log comment
method=$(git log "$COMMIT_SHA" -n 1 --format=format:%B | \ method=$(git log "$COMMIT_SHA" -n 1 --format=format:%B | \
grep '^### method:' | cut -d':' -f2 | tr -d ' ') grep '^### method:' | cut -d':' -f2 | tr -d ' ' | tail -n 1)
case "$method" in case "$method" in
'ssh') 'ssh')
verify_ssh_comment verify_ssh_comment
@ -707,16 +734,16 @@ verify_ssh()
verify_ssh_git verify_ssh_git
;; ;;
'') '')
echo "WARNING: No dn42 signature found, attempting git based verification" echo 'WARNING: No dn42 signature found, attempting git based verification'
verify_ssh_git verify_ssh_git
;; ;;
*) *)
>&2 echo "ERROR: commit does not appear to be signed by SSH" >&2 echo 'ERROR: commit does not appear to be signed by SSH'
>&2 echo "Found signature method: $method" >&2 echo "Found signature method: $method"
exit 1 exit 1
;; ;;
esac esac
} }
########################################################################## ##########################################################################
# #
@ -728,7 +755,7 @@ if [ -z "$AUTH_METHOD" ]
then then
if [ "$VERIFY_ONLY" -ne 1 ] if [ "$VERIFY_ONLY" -ne 1 ]
then then
echo "Attempting to guess signature method from mntner object" echo 'Attempting to guess signature method from mntner object'
AUTH_METHOD=$(guess_mntner_method) AUTH_METHOD=$(guess_mntner_method)
fi fi
fi fi
@ -738,27 +765,29 @@ case "$AUTH_METHOD" in
pgp) pgp)
if [ "$VERIFY_ONLY" -ne 1 ] if [ "$VERIFY_ONLY" -ne 1 ]
then then
echo "Signing using PGP key" echo 'Signing using PGP key'
sign_pgp sign_pgp
fi fi
echo '---'
verify_pgp verify_pgp
;; ;;
ssh|ssh-git) ssh|ssh-git)
if [ "$VERIFY_ONLY" -ne 1 ] if [ "$VERIFY_ONLY" -ne 1 ]
then then
echo "Signing using SSH key" echo 'Signing using SSH key'
sign_ssh sign_ssh
fi fi
echo '---'
verify_ssh verify_ssh
;; ;;
'') '')
>&2 echo "ERROR: Unable to automatically determine signing method" >&2 echo 'ERROR: Unable to automatically determine signing method'
>&2 echo "Use the --ssh or --pgp options to force a particular method" >&2 echo 'Use the --ssh or --pgp options to force a particular method'
exit 1 exit 1
;; ;;
*) *)
>&2 echo "ERROR: Unknown or unimplemented auth method: $AUTH_METHOD" >&2 echo "ERROR: Unknown or unimplemented auth method: $AUTH_METHOD"
>&2 echo "Use the --ssh or --pgp options to force a particular method" >&2 echo 'Use the --ssh or --pgp options to force a particular method'
exit 1 exit 1
;; ;;
esac esac
@ -779,7 +808,7 @@ then
else else
echo '---' echo '---'
echo 'Remember to push your changes using: git push --force' echo 'Remember to push your changes using: git push --force'
echo '---' echo '---'
fi fi
exit 0 exit 0

10
squash-my-commits
View file

@ -30,13 +30,14 @@ usage()
do_push=0 do_push=0
verify_only=0 verify_only=0
do_sign=0
for arg for arg
do do
case "$arg" in case "$arg" in
-S) -S)
do_sign='-S' do_sign=1
;; ;;
--push) --push)
do_push=1 do_push=1
@ -156,7 +157,12 @@ $(git log --oneline HEAD ^dn42registry/master)"
# and finally squash # and finally squash
git reset --soft dn42registry/master git reset --soft dn42registry/master
git commit "$do_sign" -m "$comment" if [ "$do_sign" -eq 1 ]
then
git commit -S -m "$comment"
else
git commit -m "$comment"
fi
# show what happened # show what happened
echo '---' echo '---'