Nico Huber has submitted this change and it was merged. ( https://review.coreboot.org/21834 )

Change subject: fixup! Convert flashrom to git ......................................................................

fixup! Convert flashrom to git

refine the pre-push hook: - get rid of the concept of precious brances - all of them on the upstream repos are precious (this is a change in the face of using gerrit instead of a native git repository for staging purposes) - likewise, only allow new versioned stable branches and no feature branches there

Change-Id: I1d4b4a7ef2673cabee980ec4a7d7d5fbebdcaed1 Signed-off-by: Stefan Tauner stefan.tauner@gmx.at Reviewed-on: https://review.coreboot.org/21834 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Nico Huber nico.h@gmx.de --- M util/git-hooks/pre-push 1 file changed, 20 insertions(+), 19 deletions(-)

Approvals: build bot (Jenkins): Verified Nico Huber: Looks good to me, approved

diff --git a/util/git-hooks/pre-push b/util/git-hooks/pre-push index 5bae8d2..b5f4620 100755 --- a/util/git-hooks/pre-push +++ b/util/git-hooks/pre-push @@ -22,15 +22,21 @@ zero=0000000000000000000000000000000000000000

upstream_pattern="github.com.flashrom/flashrom(.git)?|flashrom.org.git/flashrom(.git)?" -precious_branches="stable staging"

-# Only care about the upstream repository +# Only care about the upstream repositories if echo "$url" | grep -q -v -E "$upstream_pattern" ; then exit 0 fi

while read local_ref local_sha remote_ref remote_sha ; do - if [ "$remote_ref" != "refs/heads/staging" -a "$remote_ref" != "refs/heads/stable" ]; then + + # Only allow the stable and staging branches as well as versioned stable branches (e.g., 0.0.x). + # The matching expression's RE is always anchored to the first character (^ is undefined). + # The outer parentheses are needed to print out the whole matched string. + version=$(expr ${remote_ref#*refs/heads/} : '(([0-9]+.){2,}x)$') + if [ "$remote_ref" != "refs/heads/staging" ] && \ + [ "$remote_ref" != "refs/heads/stable" ] && \ + [ -z "$version" ]; then echo "Feature branches not allowed ($remote_ref)." >&2 exit 1 fi @@ -40,14 +46,10 @@ exit 1 fi

- if [ "$remote_sha" = "$zero" ]; then - echo "No new branches allowed." >&2 - exit 1 - fi - # Check for Signed-off-by and Acked-by commit=$(git rev-list -n 1 --all-match --invert-grep -E \ - --grep '^Signed-off-by: .+ <.+@.+..+>$' --grep '^Acked-by: .+ <.+@.+..+>$' \ + --grep '^Signed-off-by: .+ <.+@.+..+>$' \ + --grep '^Acked-by: .+ <.+@.+..+>$' \ "$remote_sha..$local_sha") if [ -n "$commit" ]; then echo "Commit $local_sha in $local_ref is missing either "Signed-off-by"" \ @@ -55,17 +57,16 @@ exit 1 fi

- # Make _really_ sure we do not rewrite precious history - for lbranch in $precious_branches ; do - if [ "$remote_ref" = "refs/heads/$lbranch" ]; then - nonreachable=$(git rev-list $remote_sha ^$local_sha | head -1) - if [ -n "$nonreachable" ]; then - echo "Only fast-forward pushes are allowed on $lbranch." >&2 - echo "$nonreachable is not included in $remote_sha while pushing to $remote_ref" >&2 - exit 1 - fi + # Make _really_ sure we do not rewrite history of any head/branch + if [ "${remote_ref#*refs/heads/}" != "$remote_ref" ]; then + nonreachable=$(git rev-list $remote_sha ^$local_sha | head -1) + if [ -n "$nonreachable" ]; then + echo "Only fast-forward pushes are allowed on branches." >&2 + echo "At least $nonreachable is not included in $remote_sha while pushing to " \ + "$remote_ref" >&2 + exit 1 fi - done + fi

# FIXME: check commit log format (subject without full stop at the end etc). # FIXME: do buildbot checks if authorized?