From adaa568722e59cde510c5fe1997c49cbb9d7db12 Mon Sep 17 00:00:00 2001
From: Matt Corallo <git@bluematt.me>
Date: Mon, 27 Oct 2014 00:07:25 -0700
Subject: Add script to verify all merge commits are signed

---
 contrib/verify-commits/gpg.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100755 contrib/verify-commits/gpg.sh

(limited to 'contrib/verify-commits/gpg.sh')

diff --git a/contrib/verify-commits/gpg.sh b/contrib/verify-commits/gpg.sh
new file mode 100755
index 0000000000..6b5137e7b5
--- /dev/null
+++ b/contrib/verify-commits/gpg.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+INPUT=$(</dev/stdin)
+VALID=false
+IFS=$'\n'
+for LINE in $(echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null); do
+	case "$LINE" in "[GNUPG:] VALIDSIG"*)
+		while read KEY; do
+			case "$LINE" in "[GNUPG:] VALIDSIG $KEY "*) VALID=true;; esac
+		done < ./contrib/verify-commits/trusted-keys
+	esac
+done
+if ! $VALID; then
+	exit 1
+fi
+echo "$INPUT" | gpg --trust-model always "$@" 2>/dev/null
-- 
cgit v1.2.3