blob: 24801104fe15ab56239340683595f98a1b56a9ef (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
#!/bin/sh
#
# This hook checks that all local sources specified in the staged APKBUILDs
# are staged too or already committed and that checksums are correct.
#
set -eu
# Maximal allowed size (in bytes) of a file.
FILE_SIZE_LIMIT=262144 # 256 kiB
if ! command -v sha512sum >/dev/null; then
# macOS / BSDs (?) don't have sha512sum, but shasum.
alias sha512sum='shasum -a 512'
fi
error() {
printf '\033[0;31mpre-commit:\033[0m %s\n' "$1" >&2 # red
}
# Prints paths of created or modified files being committed.
changed_files() {
git diff-index \
--name-only \
--cached \
--diff-filter=ACMR HEAD \
-- "$@"
}
# Prints file names and checksums (in format <SHA-512>:<filename>) of local
# sources specified in the APKBUILD ($1).
abuild_local_sources() {
apkbuild="$1"
set +eu
. "$apkbuild" || {
error "$apkbuild is invalid"
return 1
}
set -eu
status=0
: ${source:=""}
for src in $source; do
# Skip remote sources.
case "$src" in */*) continue;; esac
echo "$sha512sums" | awk -v src="$src" '
{ if ($2 == src) { ok=1; print($2 ":" $1) } }
END { if (ok != 1) exit 1 }' || {
status=1
error "${apkbuild%/*}: file \"$src\" is missing in \$sha512sums (hint: run abuild checksum)"
}
done
return $status
}
# check if given object is a symlink
is_symlink() {
test "$(git ls-files --stage "$1" | awk '{print $1}')" = "120000"
}
# Checks that all local sources specified in the APKBUILD file ($1) are
# available in git tree and checksums are correct.
check_local_sources() {
local apkbuild="$1"
local startdir="${apkbuild%/*}"
local status=0
local checksum_act checksum_exp content filename line sources
sources=$(abuild_local_sources "$apkbuild")
for line in $sources; do
filename=${line%%:*}
checksum_exp=${line#*:}
if ! git cat-file -e ":$startdir/$filename" 2>/dev/null; then
error "$startdir: missing file \"$filename\""
status=1
continue
fi
if is_symlink ":$startdir/$filename"; then
continue
fi
checksum_act=$(git show ":$startdir/$filename" | sha512sum)
if [ "$checksum_act" != "$checksum_exp -" ]; then
error "$startdir: bad checksum for file \"$filename\" (hint: run abuild checksum)"
status=1
fi
done
return $status
}
# Checks if the file ($1) being committed is not bigger than FILE_SIZE_LIMIT.
check_file_size() {
local path="$1"
local size
size=$(git cat-file -s ":$path")
if [ $size -gt $FILE_SIZE_LIMIT ]; then
local size_kb=$(( size / 1024 ))
error "file \"$path\" is quite big ($(( size / 1024 )) kiB), better to upload it to dev.alpinelinux.org"
return 1
fi
}
for apkbuild in $(changed_files '**/APKBUILD'); do
check_local_sources "$apkbuild"
done
for path in $(changed_files); do
check_file_size "$path"
done
|
