[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Updating the “pre-push” Git hook

From: Ludovic Courtès
Subject: Re: Updating the “pre-push” Git hook
Date: Mon, 25 May 2020 23:37:24 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)


Vagrant Cascadian <address@hidden> skribis:

> On 2020-05-24, Ludovic Courtès wrote:
>> Efraim Flashner <address@hidden> skribis:
>>> On Fri, May 22, 2020 at 10:44:48PM +0200, Ludovic Courtès wrote:
>>>> Hello Guix!
>>>> I think we should change our pre-push hook as shown below.
>>>> Thoughts?
> ...
>>> (ins)efraim@E5400 ~$ type -P make
>>> (ins)efraim@E5400 ~$ command -v make
>>> I'd need to run 'guix environment --ad-hoc make -- git push'
>> You’d need to run ‘git push’ from a full Guix development environment.
>> Do you think it could be a problem?
> Wait a minute... you're saying this is something that needs to be
> configured on each committer's machine(s)?
> Shouldn't it be on the server-side recieve hooks instead, otherwise
> someone might accidentally (or intentially) push commits not
> appropriately signed to the repository or validated by this check...
> Or is this an optional check for recommended for committers? Have I been
> missing something all along that I was supposed to be doing?

It should be a server-side check so we don’t shoot ourselves in the foot.

However, it’s not done yet (but hey, the code is not even a month old
:-)), so in the meantime, this hook will be very strongly recommended.

Making this a server-side hook on Savannah will be challenging since
“we” don’t have direct access to Savannah.  That makes me wonder if we
should have a push server say on berlin, and make Savannah mirror it or

Help welcome!

> For my own workflow, I usually do not (yet) sign or push commits from a
> machine with guix installed... it's a bit awkward, admittedly, but I
> don't yet have any SSH or OpenPGP keys I trust guix with directly
> (ironically, "make authenticate" is working towards addressing exactly
> that trust issue).

Heh.  :-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]