aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/dot_config/git
Commit message (Collapse)AuthorAgeFilesLines
* feat(git): pre-push also rejects coding-agent authorsLibravatar sommerfeld2026-05-131-14/+42
| | | | | | | | | | | | | | Block commits where the author name/email contains any of: copilot, claude, codex, chatgpt, cursor, aider, devin, [bot], @openai., @anthropic. Use plain index() substring matching in awk to dodge regex-escaping pitfalls (an earlier draft using regex turned \[bot\] into a char class via -v escape processing and false-matched 'o' in 'com'). Fix: rebase with --reset-author re-stamps you as author while keeping the agent as it was (or drop them entirely). Documented in the failure message.
* feat(git): pre-push also rejects commits with foreign committerLibravatar sommerfeld2026-05-131-8/+34
| | | | | | | | | | | | | Now flags any commit whose committer name+email doesn't match the local user.name / user.email (which respects the includeIf rules in ~/.config/git/config, so per-tree work/personal identities work). Author is left free: pulling someone else's commit and rebasing it locally re-stamps the committer to you, satisfies this gate, and the original author is preserved in the commit metadata. Both checks (signature + committer) run in one rev-list pass with tab-separated fields so awk parses unambiguously.
* feat(git): global pre-push hook rejecting unsigned commitsLibravatar sommerfeld2026-05-132-0/+60
| | | | | | | | | | | | | | Activated via core.hooksPath = ~/.config/git/hooks in the global git config. The hook walks each ref being pushed (range: remote..local or, for new branches, local --not --remotes) and checks %G? on every commit. Accepts G/U/X/Y (good signature variants), rejects N/B/E/R (no signature, bad, missing key, revoked). Bypass: git push --no-verify This repo overrides hooksPath to .githooks/ for its just-check pre-commit gate, so a thin .githooks/pre-push delegates to the global hook to keep the policy enforced here too.
* fix(git): allow self-signed cert for ProtonMail Bridge SMTPLibravatar sommerfeld2026-05-131-0/+1
| | | | | | | | | The Bridge presents a self-signed cert on its 127.0.0.1:1025 STARTTLS listener, so git send-email's default cert verification fails with SSL_verify_cert. Setting smtpSslCertPath to empty disables chain verification for this single, loopback-only endpoint. Per https://git-send-email.io/#step-2 (Proton Bridge note).
* feat(git): configure git send-email via ProtonMail BridgeLibravatar sommerfeld2026-05-131-0/+13
| | | | | | | | | | | Add a [sendemail] block targeting the local Bridge SMTP listener (127.0.0.1:1025, STARTTLS) and a credential helper scoped to that URL that fetches the password from pass (proton/bridge-smtp). The helper command is public; the secret stays in the password store. The bridge SMTP username (sensitive but not secret) goes in the per-identity private overlay (~/doxfiles), not here. Also pull in the Perl SMTP modules git send-email needs at runtime.
* refactor: restructure to chezmoi source stateLibravatar sommerfeld2026-04-213-0/+182
Rename home/ contents to chezmoi naming conventions: - dot_ prefix for dotfiles and dot-dirs - private_dot_ for .gnupg and .ssh directories - private_ for 0600 files (nym.pub) - executable_ for scripts in .local/bin and display-toggle.sh - symlink_ for mimeapps.list symlink
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-01 04:47:41 +0000