summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog2
-rw-r--r--src/Propellor/CmdLine.hs7
2 files changed, 6 insertions, 3 deletions
diff --git a/debian/changelog b/debian/changelog
index b7303cb3..58ab7ba7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ propellor (0.7.0) UNRELEASED; urgency=medium
failure.
* Attr is renamed to Info.
* Renamed wrapper to propellor to make cabal installation of propellor work.
+ * When git gpg signature of a fetched git branch cannot be verified,
+ propellor will now continue running, but without merging in that branch.
-- Joey Hess <joeyh@debian.org> Sat, 07 Jun 2014 00:12:44 -0400
diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs
index 06a5921d..32e97316 100644
--- a/src/Propellor/CmdLine.hs
+++ b/src/Propellor/CmdLine.hs
@@ -132,6 +132,8 @@ updateFirst cmdline next = do
void $ actionMessage "Git fetch" $ boolSystem "git" [Param "fetch"]
+ oldsha <- getCurrentGitSha1 branchref
+
whenM (doesFileExist keyring) $ do
{- To verify origin branch commit's signature, have to
- convince gpg to use our keyring. While running git log.
@@ -153,10 +155,9 @@ updateFirst cmdline next = do
then do
putStrLn $ "git branch " ++ originbranch ++ " gpg signature verified; merging"
hFlush stdout
- else errorMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it!"
+ void $ boolSystem "git" [Param "merge", Param originbranch]
+ else warningMessage $ "git branch " ++ originbranch ++ " is not signed with a trusted gpg key; refusing to deploy it! (Running with previous configuration instead.)"
- oldsha <- getCurrentGitSha1 branchref
- void $ boolSystem "git" [Param "merge", Param originbranch]
newsha <- getCurrentGitSha1 branchref
if oldsha == newsha