stop stowing git hooks into $HOME

No use for those symlinks.

9 files changed, 140 insertions, 0 deletions

diff --git a/hooks/git/dgit/pre-push b/hooks/git/dgit/pre-push
new file mode 120000
index 00000000..9ba9f82a
--- /dev/null
+++ b/hooks/git/dgit/pre-push
@@ -0,0 +1 @@
+../pre-push_signed-off-by
\ No newline at end of file
diff --git a/hooks/git/dotfiles/post-checkout b/hooks/git/dotfiles/post-checkout
new file mode 100755
index 00000000..21b007cc
--- /dev/null
+++ b/hooks/git/dotfiles/post-checkout
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+branch="$(git symbolic-ref --quiet --short HEAD)"
+if ! [ $? = 0 ]; then           # detached HEAD
+    git config commit.gpgsign false
+    exit 0
+fi
+
+# Check that signing is likely to succeed before setting
+# commit.gpgsign, by looking for presence of a secret key with the
+# signing capability.
+#
+# The reason this is needed is that this post-checkout hook will get
+# called during a rebase onto master, and I want to do that on hosts
+# which don't have access to my secret key.  If commit.gpgsign gets
+# set to true on those hosts, the rebase will be interrupted
+if [ "$branch" = "master" ] \
+       && gpg --list-secret-keys $(git config user.signingKey) 2>/dev/null \
+           | grep -Eq '^(ssb|sec)[^#].*\[[A-Z]*S[A-Z]*\]$'; then
+    git config commit.gpgsign true
+else
+    git config commit.gpgsign false
+fi
diff --git a/hooks/git/dotfiles/pre-push b/hooks/git/dotfiles/pre-push
new file mode 100755
index 00000000..a3f048dc
--- /dev/null
+++ b/hooks/git/dotfiles/pre-push
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+remote="$1"
+url="$2"
+
+z40=0000000000000000000000000000000000000000
+
+while read local_ref local_sha remote_ref remote_sha; do
+    if [ "$local_sha" = $z40 ]; then
+        # Permit deletion of branches
+        :
+    else
+        if [ "$remote_ref" = "refs/heads/master" ]; then
+            if git verify-commit-by-fp \
+                   8DC2487E51ABDD90B5C4753F0F56D0553B6D411B "$local_sha"
+            then
+                echo "Proposed new master has been signed by Sean"
+            else
+                echo >&2 "Proposed new master has not been PGP-signed by Sean"
+                exit 1
+            fi
+        fi
+    fi
+done
+
+exit 0
diff --git a/hooks/git/git-remote-gcrypt/pre-push b/hooks/git/git-remote-gcrypt/pre-push
new file mode 120000
index 00000000..9ba9f82a
--- /dev/null
+++ b/hooks/git/git-remote-gcrypt/pre-push
@@ -0,0 +1 @@
+../pre-push_signed-off-by
\ No newline at end of file
diff --git a/hooks/git/mailscripts/pre-push b/hooks/git/mailscripts/pre-push
new file mode 120000
index 00000000..9ba9f82a
--- /dev/null
+++ b/hooks/git/mailscripts/pre-push
@@ -0,0 +1 @@
+../pre-push_signed-off-by
\ No newline at end of file
diff --git a/hooks/git/org-d20/pre-push b/hooks/git/org-d20/pre-push
new file mode 120000
index 00000000..9ba9f82a
--- /dev/null
+++ b/hooks/git/org-d20/pre-push
@@ -0,0 +1 @@
+../pre-push_signed-off-by
\ No newline at end of file
diff --git a/hooks/git/pandoc-citeproc-preamble/pre-push b/hooks/git/pandoc-citeproc-preamble/pre-push
new file mode 120000
index 00000000..9ba9f82a
--- /dev/null
+++ b/hooks/git/pandoc-citeproc-preamble/pre-push
@@ -0,0 +1 @@
+../pre-push_signed-off-by
\ No newline at end of file
diff --git a/hooks/git/pre-push_signed-off-by b/hooks/git/pre-push_signed-off-by
new file mode 100755
index 00000000..775f505c
--- /dev/null
+++ b/hooks/git/pre-push_signed-off-by
@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# some of this is from
+# https://lubomir.github.io/en/2016-05-04-signoff-hooks.html
+
+remote="$1"
+url="$2"
+
+z40=0000000000000000000000000000000000000000
+
+while read local_ref local_sha remote_ref remote_sha; do
+    if [ "$local_sha" = $z40 ]; then
+        # Permit deletion of branches
+        :
+    elif echo "$remote_ref" | grep -Eq "^refs/heads/(wip|tmp)/"; then
+        # wip/ branches may contain commits which are not signed off
+        :
+    else
+        if [ "$remote_sha" = $z40 ]
+        then
+            # New branch, examine all commits
+            range="$local_sha"
+        else
+            # Update to existing branch, examine new commits
+            range="$remote_sha..$local_sha"
+        fi
+
+        # Check for WIP commit
+        commit=$(git rev-list -n 1 --grep '^WIP' "$range")
+        if [ -n "$commit" ]
+        then
+            echo >&2 "Found WIP commit in $local_ref, not pushing"
+            exit 1
+        fi
+
+        # Check for commits without sign-off
+        if [ "$remote_sha" = $z40 ]; then
+            # New branch is pushed, we only want to check commits that are not
+            # on master.
+            range="$(git merge-base master "$local_sha")..$local_sha"
+        fi
+        while read ref; do
+            msg=$(git log -n 1 --format=%B "$ref")
+            if ! grep -q '^Signed-off-by: ' <<<"$msg"; then
+                # allow merge commits through
+                if [ -z "$(git rev-list -1 --merges $ref~1..$ref)" ]; then
+                   echo >&2 "Unsigned-off non-merge commit $ref"
+                   exit 1
+                fi
+            fi
+        done < <(git rev-list "$range")
+        # The process substitution above is a hack to make sure loop runs in
+        # the same shell and can actually exit the whole script.
+    fi
+done
+
+exit 0
diff --git a/hooks/git/propellor/post-checkout b/hooks/git/propellor/post-checkout
new file mode 100755
index 00000000..5118e81a
--- /dev/null
+++ b/hooks/git/propellor/post-checkout
@@ -0,0 +1,29 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Path::Class;
+use autodie;
+
+(undef, my $head, my $flag) = @ARGV;
+my $branch = `git name-rev --name-only $head`;
+chomp $branch;
+
+if ( $flag && "$branch" ne "debian" ) {
+    # We create a cabal sandbox so that Emacs' haskell-mode ignores
+    # stack.yaml.  We don't need to use stack because Propellor's deps
+    # are always installed as system packages
+    unless ( -d ".cabal-sandbox" ) {
+        system "cabal sandbox init";
+    }
+    open my $fh, ">", ".dir-locals.el";
+    print $fh <<'END';
+((nil . ((indent-tabs-mode . t)
+         (tab-width . 8)
+         (fill-column . 80)))
+         ;; Warn about spaces used for indentation:
+         (haskell-mode . ((eval . (highlight-regexp "^ +")))))
+END
+    close $fh;
+}