Merge branch 'nv/commit-gpgsign-config'

Introduce commit.gpgsign configuration variable to force every
commit to be GPG signed.  The variable cannot be overriden from the
command line of some of the commands that create commits except for
"git commit" and "git commit-tree", but I am not convinced that it
is a good idea to sprinkle support for --no-gpg-sign everywhere,
which in turn means that this configuration variable may not be
such a good idea.

* nv/commit-gpgsign-config:
  test the commit.gpgsign config option
  commit-tree: add and document --no-gpg-sign
  commit-tree: add the commit.gpgsign option to sign all commits
This commit is contained in:
Junio C Hamano 2014-02-27 14:01:03 -08:00
Родитель 5f95c9f850 4b8d14b4c5
Коммит 810273bc33
7 изменённых файлов: 56 добавлений и 5 удалений

Просмотреть файл

@ -992,6 +992,14 @@ commit.cleanup::
have to remove the help lines that begin with `#` in the commit log
template yourself, if you do this).
commit.gpgsign::
A boolean to specify whether all commits should be GPG signed.
Use of this option when doing operations such as rebase can
result in a large number of commits being signed. It may be
convenient to use an agent to avoid typing your GPG passphrase
several times.
commit.status::
A boolean to enable/disable inclusion of status information in the
commit message template when using an editor to prepare the commit

Просмотреть файл

@ -55,8 +55,13 @@ OPTIONS
from the standard input.
-S[<keyid>]::
--gpg-sign[=<keyid>]::
GPG-sign commit.
--no-gpg-sign::
Countermand `commit.gpgsign` configuration variable that is
set to force each and every commit to be signed.
Commit Information
------------------

Просмотреть файл

@ -302,6 +302,10 @@ configuration variable documented in linkgit:git-config[1].
--gpg-sign[=<keyid>]::
GPG-sign commit.
--no-gpg-sign::
Countermand `commit.gpgsign` configuration variable that is
set to force each and every commit to be signed.
\--::
Do not interpret any more arguments as options.

Просмотреть файл

@ -12,6 +12,8 @@
static const char commit_tree_usage[] = "git commit-tree [(-p <sha1>)...] [-S[<keyid>]] [-m <message>] [-F <file>] <sha1> <changelog";
static const char *sign_commit;
static void new_parent(struct commit *parent, struct commit_list **parents_p)
{
unsigned char *sha1 = parent->object.sha1;
@ -31,6 +33,10 @@ static int commit_tree_config(const char *var, const char *value, void *cb)
int status = git_gpg_config(var, value, NULL);
if (status)
return status;
if (!strcmp(var, "commit.gpgsign")) {
sign_commit = git_config_bool(var, value) ? "" : NULL;
return 0;
}
return git_default_config(var, value, cb);
}
@ -41,7 +47,6 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix)
unsigned char tree_sha1[20];
unsigned char commit_sha1[20];
struct strbuf buffer = STRBUF_INIT;
const char *sign_commit = NULL;
git_config(commit_tree_config, NULL);
@ -66,6 +71,11 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix)
continue;
}
if (!strcmp(arg, "--no-gpg-sign")) {
sign_commit = NULL;
continue;
}
if (!strcmp(arg, "-m")) {
if (argc <= ++i)
usage(commit_tree_usage);

Просмотреть файл

@ -1406,6 +1406,10 @@ static int git_commit_config(const char *k, const char *v, void *cb)
}
if (!strcmp(k, "commit.cleanup"))
return git_config_string(&cleanup_arg, k, v);
if (!strcmp(k, "commit.gpgsign")) {
sign_commit = git_config_bool(k, v) ? "" : NULL;
return 0;
}
status = git_gpg_config(k, v, NULL);
if (status)

Просмотреть файл

@ -597,6 +597,9 @@ static int git_merge_config(const char *k, const char *v, void *cb)
} else if (!strcmp(k, "merge.defaulttoupstream")) {
default_to_upstream = git_config_bool(k, v);
return 0;
} else if (!strcmp(k, "commit.gpgsign")) {
sign_commit = git_config_bool(k, v) ? "" : NULL;
return 0;
}
status = fmt_merge_msg_config(k, v, cb);

Просмотреть файл

@ -5,6 +5,8 @@ test_description='signed commit tests'
. "$TEST_DIRECTORY/lib-gpg.sh"
test_expect_success GPG 'create signed commits' '
test_when_finished "test_unconfig commit.gpgsign" &&
echo 1 >file && git add file &&
test_tick && git commit -S -m initial &&
git tag initial &&
@ -25,12 +27,27 @@ test_expect_success GPG 'create signed commits' '
git tag fourth-unsigned &&
test_tick && git commit --amend -S -m "fourth signed" &&
git tag fourth-signed
git tag fourth-signed &&
git config commit.gpgsign true &&
echo 5 >file && test_tick && git commit -a -m "fifth signed" &&
git tag fifth-signed &&
git config commit.gpgsign false &&
echo 6 >file && test_tick && git commit -a -m "sixth" &&
git tag sixth-unsigned &&
git config commit.gpgsign true &&
echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign &&
git tag seventh-unsigned &&
test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
git tag seventh-signed
'
test_expect_success GPG 'show signatures' '
(
for commit in initial second merge master
for commit in initial second merge fourth-signed fifth-signed sixth-signed master
do
git show --pretty=short --show-signature $commit >actual &&
grep "Good signature from" actual || exit 1
@ -39,7 +56,7 @@ test_expect_success GPG 'show signatures' '
done
) &&
(
for commit in merge^2 fourth-unsigned
for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
do
git show --pretty=short --show-signature $commit >actual &&
grep "Good signature from" actual && exit 1
@ -52,7 +69,7 @@ test_expect_success GPG 'show signatures' '
test_expect_success GPG 'detect fudged signature' '
git cat-file commit master >raw &&
sed -e "s/fourth signed/4th forged/" raw >forged1 &&
sed -e "s/seventh/7th forged/" raw >forged1 &&
git hash-object -w -t commit forged1 >forged1.commit &&
git show --pretty=short --show-signature $(cat forged1.commit) >actual1 &&
grep "BAD signature from" actual1 &&