summary refs log tree commit diff
path: root/lib/hooks/pre-receive
diff options
context:
space:
mode:
Diffstat (limited to 'lib/hooks/pre-receive')
-rw-r--r--lib/hooks/pre-receive24
1 files changed, 24 insertions, 0 deletions
diff --git a/lib/hooks/pre-receive b/lib/hooks/pre-receive
new file mode 100644
index 0000000..61a04dd
--- /dev/null
+++ b/lib/hooks/pre-receive
@@ -0,0 +1,24 @@
+#!/usr/bin/env sh
+
+# full paths from the repo root separated by newlines
+MUST_NOT_CHANGE='hardware-configuration.nix
+key2.json'
+
+z40=0000000000000000000000000000000000000000
+
+while read old_value new_value ref_name
+do
+  if [ "$old_value" = $z40 ]; then
+    # New branch: diff against an empty tree object
+    against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+  else
+    against=$old_value
+  fi
+
+  if git diff --name-only $against..$new_value |
+     grep --quiet --line-regexp --fixed-strings "$MUST_NOT_CHANGE"
+  then
+    echo "$ref_name" may commit key, rejected ... >&2
+    exit 1
+  fi
+done
\ No newline at end of file
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-03 17:15:44 +0000