From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 338191580EB for ; Fri, 30 May 2025 08:47:06 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id 17A3D343196 for ; Fri, 30 May 2025 08:47:06 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 5CAB11104B0; Fri, 30 May 2025 08:46:22 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id 7E14511047D for ; Fri, 30 May 2025 08:46:21 +0000 (UTC) Received: from localhost (unknown [IPv6:2600:3c00::f03c:92ff:fe12:74e1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: radhermit) by smtp.gentoo.org (Postfix) with ESMTPSA id 3729034300B for ; Fri, 30 May 2025 08:46:21 +0000 (UTC) Date: Fri, 30 May 2025 02:46:18 -0600 From: Tim Harder To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] verifying commits via server-side git pre-receive hook Message-ID: Mail-Followup-To: gentoo-dev@lists.gentoo.org References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline In-Reply-To: X-Archives-Salt: d8dad996-ab3f-40f8-91af-8f9f60210f95 X-Archives-Hash: e41fc903c7553cd20b556cd91c372861 For anyone interested, I've hacked up an initial, rough implementation of a pkgcruft-git service that enables verifying ebuild commits during git's pre-receive hook phase. Currently it comes with a simple script that runs a local demo instance targeting the gentoo repo by default. You can find the code and demo instructions in the pkgcruft-git crate directory of the pkgcraft repo [1]. If I can find the time, I'll try to write up a dev blog post about the service design in more detail as well as next steps if there is interest in trying to use it in any official fashion in the future. Thanks, Tim [1]: https://github.com/pkgcraft/pkgcraft/tree/main/crates/pkgcruft-git