2020-09-18 13:29:02 +00:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
|
#
|
|
|
|
|
# check-dco.py: validate all commits are signed off
|
|
|
|
|
#
|
|
|
|
|
# Copyright (C) 2020 Red Hat, Inc.
|
|
|
|
|
#
|
|
|
|
|
# SPDX-License-Identifier: GPL-2.0-or-later
|
|
|
|
|
|
|
|
|
|
import os
|
|
|
|
|
import os.path
|
|
|
|
|
import sys
|
|
|
|
|
import subprocess
|
|
|
|
|
|
|
|
|
|
namespace = "qemu-project"
|
|
|
|
|
if len(sys.argv) >= 2:
|
|
|
|
|
namespace = sys.argv[1]
|
|
|
|
|
|
|
|
|
|
cwd = os.getcwd()
|
|
|
|
|
reponame = os.path.basename(cwd)
|
|
|
|
|
repourl = "https://gitlab.com/%s/%s.git" % (namespace, reponame)
|
|
|
|
|
|
2024-10-23 11:33:58 +00:00
|
|
|
print(f"adding upstream git repo @ {repourl}")
|
2020-09-18 13:29:02 +00:00
|
|
|
subprocess.check_call(["git", "remote", "add", "check-dco", repourl])
|
2024-10-23 11:33:58 +00:00
|
|
|
subprocess.check_call(["git", "fetch", "check-dco", "master"])
|
2020-09-18 13:29:02 +00:00
|
|
|
|
|
|
|
|
ancestor = subprocess.check_output(["git", "merge-base",
|
|
|
|
|
"check-dco/master", "HEAD"],
|
|
|
|
|
universal_newlines=True)
|
|
|
|
|
|
|
|
|
|
ancestor = ancestor.strip()
|
|
|
|
|
|
|
|
|
|
subprocess.check_call(["git", "remote", "rm", "check-dco"])
|
|
|
|
|
|
|
|
|
|
errors = False
|
|
|
|
|
|
|
|
|
|
print("\nChecking for 'Signed-off-by: NAME <EMAIL>' " +
|
|
|
|
|
"on all commits since %s...\n" % ancestor)
|
|
|
|
|
|
|
|
|
|
log = subprocess.check_output(["git", "log", "--format=%H %s",
|
|
|
|
|
ancestor + "..."],
|
|
|
|
|
universal_newlines=True)
|
|
|
|
|
|
|
|
|
|
if log == "":
|
|
|
|
|
commits = []
|
|
|
|
|
else:
|
|
|
|
|
commits = [[c[0:40], c[41:]] for c in log.strip().split("\n")]
|
|
|
|
|
|
|
|
|
|
for sha, subject in commits:
|
|
|
|
|
|
|
|
|
|
msg = subprocess.check_output(["git", "show", "-s", sha],
|
|
|
|
|
universal_newlines=True)
|
|
|
|
|
lines = msg.strip().split("\n")
|
|
|
|
|
|
|
|
|
|
print("🔍 %s %s" % (sha, subject))
|
|
|
|
|
sob = False
|
|
|
|
|
for line in lines:
|
|
|
|
|
if "Signed-off-by:" in line:
|
|
|
|
|
sob = True
|
|
|
|
|
if "localhost" in line:
|
|
|
|
|
print(" ❌ FAIL: bad email in %s" % line)
|
|
|
|
|
errors = True
|
|
|
|
|
|
|
|
|
|
if not sob:
|
|
|
|
|
print(" ❌ FAIL missing Signed-off-by tag")
|
|
|
|
|
errors = True
|
|
|
|
|
|
|
|
|
|
if errors:
|
|
|
|
|
print("""
|
|
|
|
|
|
|
|
|
|
❌ ERROR: One or more commits are missing a valid Signed-off-By tag.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This project requires all contributors to assert that their contributions
|
|
|
|
|
are provided in compliance with the terms of the Developer's Certificate
|
|
|
|
|
of Origin 1.1 (DCO):
|
|
|
|
|
|
|
|
|
|
https://developercertificate.org/
|
|
|
|
|
|
|
|
|
|
To indicate acceptance of the DCO every commit must have a tag
|
|
|
|
|
|
docs: explicitly permit a "commonly known identity" with SoB
The docs for submitting a patch describe using your "Real Name" with
the Signed-off-by line. Although somewhat ambiguous, this has often
been interpreted to mean someone's legal name.
In recent times, there's been a general push back[1] against the notion
that use of Signed-off-by in a project automatically requires / implies
the use of legal ("real") names and greater awareness of the downsides.
Full discussion of the problems of such policies is beyond the scope of
this commit message, but at a high level they are liable to marginalize,
disadvantage, and potentially result in harm, to contributors.
TL;DR: there are compelling reasons for a person to choose distinct
identities in different contexts & a decision to override that choice
should not be taken lightly.
A number of key projects have responded to the issues raised by making
it clear that a contributor is free to determine the identity used in
SoB lines:
* Linux has clarified[2] that they merely expect use of the
contributor's "known identity", removing the previous explicit
rejection of pseudonyms.
* CNCF has clarified[3] that the real name is simply the identity
the contributor chooses to use in the context of the community
and does not have to be a legal name, nor birth name, nor appear
on any government ID.
Since we have no intention of ever routinely checking any form of ID
documents for contributors[4], realistically we have no way of knowing
anything about the name they are using, except through chance, or
through the contributor volunteering the information. IOW, we almost
certainly already have people using pseudonyms for contributions.
This proposes to accept that reality and eliminate unnecessary friction,
by following Linux & the CNCF in merely asking that a contributors'
commonly known identity, of their choosing, be used with the SoB line.
[1] Raised in many contexts at many times, but a decent overall summary
can be read at https://drewdevault.com/2023/10/31/On-real-names.html
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d4563201f33a022fc0353033d9dfeb1606a88330
[3] https://github.com/cncf/foundation/blob/659fd32c86dc/dco-guidelines.md
[4] Excluding the rare GPG key signing parties for regular maintainers
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20241021190939.1482466-1-berrange@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-40-alex.bennee@linaro.org>
2024-11-21 16:58:06 +00:00
|
|
|
Signed-off-by: YOUR NAME <EMAIL>
|
|
|
|
|
|
|
|
|
|
where "YOUR NAME" is your commonly known identity in the context
|
|
|
|
|
of the community.
|
2020-09-18 13:29:02 +00:00
|
|
|
|
|
|
|
|
This can be achieved by passing the "-s" flag to the "git commit" command.
|
|
|
|
|
|
|
|
|
|
To bulk update all commits on current branch "git rebase" can be used:
|
|
|
|
|
|
|
|
|
|
git rebase -i master -x 'git commit --amend --no-edit -s'
|
|
|
|
|
|
|
|
|
|
""")
|
|
|
|
|
|
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
|
|
sys.exit(0)
|