diff options
| author | Joey Hess <joeyh@joeyh.name> | 2018-06-12 10:55:00 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2018-06-12 10:55:00 -0400 |
| commit | d1164739fb1844dd9a5c4e57c76ce1cd2dbddebc (patch) | |
| tree | 781c4133132251559bf7a647fd821f395f332e57 /src/Propellor/Git | |
| parent | 70f318e44d12500c62dd1ad1164fbf7fd9ca8726 (diff) | |
| parent | dca1c56e612757c4bb306fb45675337dc52eb201 (diff) | |
Merge branch 'joeyconfig'
Diffstat (limited to 'src/Propellor/Git')
| -rw-r--r-- | src/Propellor/Git/VerifiedBranch.hs | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/Propellor/Git/VerifiedBranch.hs b/src/Propellor/Git/VerifiedBranch.hs index df607bd2..61f5baa0 100644 --- a/src/Propellor/Git/VerifiedBranch.hs +++ b/src/Propellor/Git/VerifiedBranch.hs @@ -6,9 +6,8 @@ import Propellor.PrivData.Paths import Utility.FileMode {- To verify origin branch commit's signature, have to convince gpg - - to use our keyring. - - While running git log. Which has no way to pass options to gpg. - - Argh! + - to use our keyring while running git verify-tag. + - Which has no way to pass options to gpg. Argh! -} verifyOriginBranch :: String -> IO Bool verifyOriginBranch originbranch = do @@ -20,12 +19,12 @@ verifyOriginBranch originbranch = do ] -- gpg is picky about perms modifyFileMode privDataDir (removeModes otherGroupModes) - s <- readProcessEnv "git" ["log", "-n", "1", "--format=%G?", originbranch] + verified <- boolSystemEnv "git" [Param "verify-commit", Param originbranch] (Just [("GNUPGHOME", privDataDir)]) nukeFile $ privDataDir </> "trustdb.gpg" nukeFile $ privDataDir </> "pubring.gpg" nukeFile $ privDataDir </> "gpg.conf" - return (s == "U\n" || s == "G\n") + return verified -- Returns True if HEAD is changed by fetching and merging from origin. fetchOrigin :: IO Bool |