#!/bin/bash # gentoo-infra: infra/githooks.git:update-05-manifest # Copyright 2017-2021 Michał Górny and others # Distributed under the terms of the GNU General Public License v2 or later # Author: Michał Górny refname=$1 oldrev=$2 newrev=$3 export LC_MESSAGES=C # enforce only on master branch [[ ${refname} == refs/heads/master ]] || exit 0 # special cases zeros=0000000000000000000000000000000000000000 # branch removal [[ ${newrev} == "${zeros}" ]] && exit 0 # no need to check for new branch because we skip non-master commits above ret=0 while read commithash; do # check for any Manifest changes while read fname; do if [[ ${fname} == */Manifest ]]; then # check the resulting Manifest line-by-line while read tag mfile size hashes; do if [[ ${tag} != DIST ]]; then echo "Thin Manifests can contain only DIST lines!" echo " commit: ${commithash}" echo " file: ${fname}" echo " entry: ${tag} ${mfile} ${size} ${hashes}" ret=1 break fi case ${hashes} in *SHA256*WHIRLPOOL*) echo "Disallowed hash set in Manifest!" echo " commit: ${commithash}" echo " file: ${fname}" echo " entry: ${tag} ${mfile} ${size} ${hashes}" ret=1 break ;; *BLAKE2B*SHA512*) ;; *) echo "Disallowed hash set in Manifest!" echo " commit: ${commithash}" echo " file: ${fname}" echo " entry: ${tag} ${mfile} ${size} ${hashes}" ret=1 break ;; esac done < <(git cat-file -p "${commithash}:${fname}") fi done < <(git diff --diff-filter=d --name-only "${commithash}^".."${commithash}") done < <(git rev-list "${oldrev}..${newrev}") exit ${ret}