hook-update

#!/bin/bash -x

ref=$1
rev_old=$2
rev_new=$3

zero="0000000000000000000000000000000000000000"

. ../scripts/functions

gpg=$(findGPG);

if [ "$rev_old" = "$zero" ]; then
    span=$(git rev-list $rev_new --not --branches='*')
else
    span=$(git rev-list ^$rev_old $rev_new)
fi

if [ -z "$span" ]; then
    type=$(git cat-file -t $rev_new)
    case $type in
        commit)
            ;;
        tag)
            echo "Rejecting tag push"
            exit 1
            ;;
        *)
            echo "*** No new commits, but the pushed ref $ref is a \"$type\" instead of a tag? I'm confused." >&2
            exit 1
            ;;
    esac
fi

# Extract the local key ID so we can push to our own repository!
local_keyid=$($gpg --with-colons --with-fingerprint < ../data/key.gpg \
                  | grep fpr \
                  | cut -d ':' -f 10 \
                  | tr -d ' ')
echo "Local key ID: " $local_keyid >&2

if [ -z "$local_keyid" ]; then
    exit 1
fi

for commit in $span; do
    verify_sig=$(git verify-commit --raw "$commit" 2>&1)

    if [[ -z "$verify_sig" ]]; then
        if [[ -f "../data/insecure" ]]; then
            echo "Commit $commit is unsigned but accepting anyway, as directed ('data/insecure' exists.)"
            continue
        else
            echo "Commit $commit is unsigned. Not accepting unsigned commits."
            exit 1
        fi
    fi

    signing_keyid=$($gpg --with-colons --with-fingerprint --list-public-keys \
                        $(git show --no-patch --format=%GK "$commit") \
                        | grep fpr \
                        | head -1 \
                        | cut -d ':' -f 10 \
                        | tr -d ' ')

    echo "Signing key ID: " $signing_keyid >&2

    # Check if it's the local keyid.
    # The local key id is allowed to do anything.
    if [ "$signing_keyid" = "$local_keyid" ]; then
        continue
    fi

    if [ ! -z "$signing_keyid" ]; then
        # Look for the signing key in data/followers
        grep $signing_keyid ../data/followers 2> /dev/null
        if [ $? != 0 ]; then
            echo "$signing_keyid not local key nor in followers"
            exit 1
        fi

        # Validate the path the follower is trying to modify.
        new_commits=$(git rev-list ${rev_old}..${rev_new})
        for new_commit in $new_commits; do
            files_modified=$(git log -1 --name-only --pretty=format:'' $new_commit)

            for file_modified in $files_modified; do
                # Check that it's inside a 'comments' directory under
                # the 'posts' directory.
                if [[ $file_modified != posts/*/comments/* ]]; then
                    echo "Followers not allowed to modify files outside the 'comments' directory inside a post."
                    exit 1
                fi

                # The file modified must be in the 'posts' hierarchy
                # and must exists.
                if [[ $(git ls-tree -r master $(dirname $(dirname $file_modified)) | wc -l) == 0 ]]; then
                    echo "Followers not allowed to create $(dirname $(dirname $file_modified))"
                    exit 1
                fi
            done
        done

        exit 0
    fi
done

exit 0