From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1C83C1580EB for ; Fri, 30 May 2025 15:24:48 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id 05AFB3431C1 for ; Fri, 30 May 2025 15:24:48 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 8F10D1104B0; Fri, 30 May 2025 15:24:03 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id DBD4411047D for ; Fri, 30 May 2025 15:24:02 +0000 (UTC) Received: from [192.168.9.100] (dynamic-adsl-84-221-16-119.clienti.tiscali.it [84.221.16.119]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: lu_zero) by smtp.gentoo.org (Postfix) with ESMTPSA id 5C0C73430C8 for ; Fri, 30 May 2025 15:24:02 +0000 (UTC) Message-ID: <3936b0a2-eb06-49af-8d94-37794ec5b391@gentoo.org> Date: Fri, 30 May 2025 17:23:58 +0200 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Beta Subject: Re: [gentoo-dev] verifying commits via server-side git pre-receive hook To: gentoo-dev@lists.gentoo.org References: Content-Language: en-US From: Luca Barbato In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: d42aa2b6-8848-4a24-8b49-4da797da8b21 X-Archives-Hash: 1d831ad20ece16f081f938d8cf68e5ee On 30/05/25 10:46, Tim Harder wrote: > For anyone interested, > > I've hacked up an initial, rough implementation of a pkgcruft-git > service that enables verifying ebuild commits during git's pre-receive > hook phase. > > Currently it comes with a simple script that runs a local demo instance > targeting the gentoo repo by default. > > You can find the code and demo instructions in the pkgcruft-git crate > directory of the pkgcraft repo [1]. > > If I can find the time, I'll try to write up a dev blog post about the > service design in more detail as well as next steps if there is interest > in trying to use it in any official fashion in the future. > > Thanks, > Tim > > [1]: https://github.com/pkgcraft/pkgcraft/tree/main/crates/pkgcruft-git > It would be very nice to have it run over the PRs we are already receiving on github, personally I prefer a rebase-only workflow so merge queue that imply actual git merges with all the problems they bring on bisecting and reading the history are an hard no for me. lu