blob: 61a04dd6db9771158b572ea92d600498e2673aed (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
#!/usr/bin/env sh
# full paths from the repo root separated by newlines
MUST_NOT_CHANGE='hardware-configuration.nix
key2.json'
z40=0000000000000000000000000000000000000000
while read old_value new_value ref_name
do
if [ "$old_value" = $z40 ]; then
# New branch: diff against an empty tree object
against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
else
against=$old_value
fi
if git diff --name-only $against..$new_value |
grep --quiet --line-regexp --fixed-strings "$MUST_NOT_CHANGE"
then
echo "$ref_name" may commit key, rejected ... >&2
exit 1
fi
done
|
