Add script to verify all merge commits are signed

2025-07-01 03:01:09 +02:00 · 2014-10-27 00:07:25 -07:00
parent 13c077c7cf
commit adaa568722
6 changed files with 91 additions and 0 deletions
--- a/contrib/verify-commits/gpg.sh
+++ b/contrib/verify-commits/gpg.sh
@ -0,0 +1,15 @@
+#!/bin/sh
+INPUT=$(</dev/stdin)
+VALID=false
+IFS=$'\n'
+for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
+	case "$LINE" in "[GNUPG:] VALIDSIG"*)
+		while read KEY; do
+			case "$LINE" in "[GNUPG:] VALIDSIG $KEY "*) VALID=true;; esac
+		done < ./contrib/verify-commits/trusted-keys
+	esac
+done
+if ! $VALID; then
+	exit 1
+fi
+echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null