From 6f3ea5c43096dd49a3b9d69566c97e70a31745ab Mon Sep 17 00:00:00 2001 From: Wolfgang Müller Date: Sun, 16 May 2021 17:47:38 +0200 Subject: Initial import --- LICENSE | 21 +++++++++++++++++++++ README.md | 13 +++++++++++++ git-init-shared | 25 +++++++++++++++++++++++++ git-sign-for-cgit | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 113 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100755 git-init-shared create mode 100755 git-sign-for-cgit diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..2149bd8 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 Wolfgang Müller + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..01de724 --- /dev/null +++ b/README.md @@ -0,0 +1,13 @@ +# git-helpers + +This is a collection of miscellaneous helper scripts for anything that has to +do with [`git(1)`](https://git-scm.com/). These are first and foremost for +personal use. + +## Scripts + +- git-init-shared: Initialize a bare repo that multiple users have write access + to. This uses `setfacl(1)` and thereby relies on ACL support. +- git-sign-for-cgit: Generate a snapshot and store its signify signature for + [`cgit`](https://git.zx2c4.com/cgit/about/) using + [`git-notes(1)`](https://git-scm.com/docs/git-notes). diff --git a/git-init-shared b/git-init-shared new file mode 100755 index 0000000..ea18234 --- /dev/null +++ b/git-init-shared @@ -0,0 +1,25 @@ +#!/bin/sh + +set -e + +usage() { + printf "usage: git init-shared directory [user...]\n" >&2 + exit 1 +} + +add_to_acl() { + setfacl -m "d:u:$2:rwx" "$1" + setfacl -m "u:$2:rwx" "$1" +} + +test $# -ge 1 || usage +dir=$1 +shift + +mkdir "$dir" + +for user in "$(id -un)" "$@"; do + add_to_acl "$dir" "$user" +done + +exec git init --bare "$dir" diff --git a/git-sign-for-cgit b/git-sign-for-cgit new file mode 100755 index 0000000..fe127a8 --- /dev/null +++ b/git-sign-for-cgit @@ -0,0 +1,54 @@ +#!/bin/sh + +set -e + +errx() { + printf '%s\n' "$*" >&2 + exit 1 +} + +usage() { + errx 'usage: git sign-for-cgit [-f format] \n' +} + +seckey=${SIGNIFY_SECKEY:-$HOME/.signify/release.sec} + +format="$(git config --get package.format)" +: "${format:=tar.gz}" + +while getopts f: opt; do + case $opt in + f) format=$OPTARG;; + ?) usage;; + esac +done +shift $((OPTIND - 1)) +test $# -eq 1 || usage + +git archive -l | grep -Fqx "$format" || errx "fatal: unknown format" + +name=$(basename "$(git rev-parse --show-toplevel)") +object=$1 + +tmpdir=$(mktemp -d --suffix .sign-for-cgit) + +# We do want to expand tmpdir now rather than later, +# and mktemp should give us a path without spaces. +# shellcheck disable=SC2064 +trap "{ rm -r $tmpdir; }" EXIT + +archive_base=$name-$object.$format +archive_path=$tmpdir/$archive_base + +git archive --prefix="$name-$object/" -o "$archive_path" -- "$object" + +( + cd "$tmpdir" + sha256sum --tag "$archive_base" > "${archive_base}.SHA256" + signify -Ses "$seckey" -m "${archive_base}.SHA256" +) + +id=$(git hash-object -w "${archive_path}.SHA256.sig") + +# do not use exec here because otherwise the EXIT trap will not fire +git notes --ref="refs/notes/signatures/$format" add -C "$id" "$object" -- cgit v1.2.3-2-gb3c3