From d95bfb12b87a0be9666f806683e198df9738d0e7 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Tue, 5 Nov 2013 00:14:41 +0100 Subject: [PATCH 1/3] commit-tree: add the commit.gpgsign option to sign all commits If you want to GPG sign all your commits, you have to add the -S option all the time. The commit.gpgsign config option allows to sign all commits automatically. Signed-off-by: Nicolas Vigier Signed-off-by: Junio C Hamano --- Documentation/config.txt | 8 ++++++++ builtin/commit-tree.c | 7 ++++++- builtin/commit.c | 4 ++++ builtin/merge.c | 3 +++ 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/Documentation/config.txt b/Documentation/config.txt index ab26963d61..1672284746 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -988,6 +988,14 @@ commit.cleanup:: have to remove the help lines that begin with `#` in the commit log template yourself, if you do this). +commit.gpgsign:: + + A boolean to specify whether all commits should be GPG signed. + Use of this option when doing operations such as rebase can + result in a large number of commits being signed. It may be + convenient to use an agent to avoid typing your GPG passphrase + several times. + commit.status:: A boolean to enable/disable inclusion of status information in the commit message template when using an editor to prepare the commit diff --git a/builtin/commit-tree.c b/builtin/commit-tree.c index f641ff2a89..1646d5b25e 100644 --- a/builtin/commit-tree.c +++ b/builtin/commit-tree.c @@ -12,6 +12,8 @@ static const char commit_tree_usage[] = "git commit-tree [(-p )...] [-S[]] [-m ] [-F ] object.sha1; @@ -31,6 +33,10 @@ static int commit_tree_config(const char *var, const char *value, void *cb) int status = git_gpg_config(var, value, NULL); if (status) return status; + if (!strcmp(var, "commit.gpgsign")) { + sign_commit = git_config_bool(var, value) ? "" : NULL; + return 0; + } return git_default_config(var, value, cb); } @@ -41,7 +47,6 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix) unsigned char tree_sha1[20]; unsigned char commit_sha1[20]; struct strbuf buffer = STRBUF_INIT; - const char *sign_commit = NULL; git_config(commit_tree_config, NULL); diff --git a/builtin/commit.c b/builtin/commit.c index 6ab4605cf5..cffddf2108 100644 --- a/builtin/commit.c +++ b/builtin/commit.c @@ -1406,6 +1406,10 @@ static int git_commit_config(const char *k, const char *v, void *cb) } if (!strcmp(k, "commit.cleanup")) return git_config_string(&cleanup_arg, k, v); + if (!strcmp(k, "commit.gpgsign")) { + sign_commit = git_config_bool(k, v) ? "" : NULL; + return 0; + } status = git_gpg_config(k, v, NULL); if (status) diff --git a/builtin/merge.c b/builtin/merge.c index 02a69c14e6..fea2724455 100644 --- a/builtin/merge.c +++ b/builtin/merge.c @@ -604,6 +604,9 @@ static int git_merge_config(const char *k, const char *v, void *cb) } else if (!strcmp(k, "merge.defaulttoupstream")) { default_to_upstream = git_config_bool(k, v); return 0; + } else if (!strcmp(k, "commit.gpgsign")) { + sign_commit = git_config_bool(k, v) ? "" : NULL; + return 0; } status = fmt_merge_msg_config(k, v, cb); From 55ca3f99ae4895605a348322dd2fc50f2065f508 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 13 Dec 2013 15:40:35 -0800 Subject: [PATCH 2/3] commit-tree: add and document --no-gpg-sign Document how to override commit.gpgsign configuration that is set to true per "git commit" invocation (parse-options machinery lets us say "--no-gpg-sign" to do so). "git commit-tree" does not use parse-options, so manually add the corresponding option for now. Signed-off-by: Junio C Hamano --- Documentation/git-commit-tree.txt | 5 +++++ Documentation/git-commit.txt | 4 ++++ builtin/commit-tree.c | 5 +++++ 3 files changed, 14 insertions(+) diff --git a/Documentation/git-commit-tree.txt b/Documentation/git-commit-tree.txt index cafdc9642d..a469eab066 100644 --- a/Documentation/git-commit-tree.txt +++ b/Documentation/git-commit-tree.txt @@ -55,8 +55,13 @@ OPTIONS from the standard input. -S[]:: +--gpg-sign[=]:: GPG-sign commit. +--no-gpg-sign:: + Countermand `commit.gpgsign` configuration variable that is + set to force each and every commit to be signed. + Commit Information ------------------ diff --git a/Documentation/git-commit.txt b/Documentation/git-commit.txt index 1a7616c73a..7c42e9cabc 100644 --- a/Documentation/git-commit.txt +++ b/Documentation/git-commit.txt @@ -302,6 +302,10 @@ configuration variable documented in linkgit:git-config[1]. --gpg-sign[=]:: GPG-sign commit. +--no-gpg-sign:: + Countermand `commit.gpgsign` configuration variable that is + set to force each and every commit to be signed. + \--:: Do not interpret any more arguments as options. diff --git a/builtin/commit-tree.c b/builtin/commit-tree.c index 1646d5b25e..987a4c3d73 100644 --- a/builtin/commit-tree.c +++ b/builtin/commit-tree.c @@ -71,6 +71,11 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix) continue; } + if (!strcmp(arg, "--no-gpg-sign")) { + sign_commit = NULL; + continue; + } + if (!strcmp(arg, "-m")) { if (argc <= ++i) usage(commit_tree_usage); From 4b8d14b4c5d73dd4adb354d9689022d1b87828d5 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Mon, 16 Dec 2013 14:55:04 +0100 Subject: [PATCH 3/3] test the commit.gpgsign config option The tests are checking that : - when commit.gpgsign is true, "git commit" creates signed commits - when commit.gpgsign is false, "git commit" creates unsigned commits - when commit.gpgsign is true, "git commit --no-gpg-sign" creates unsigned commits - when commit.gpgsign is true, "git rebase -f" creates signed commits Signed-off-by: Nicolas Vigier Signed-off-by: Junio C Hamano --- t/t7510-signed-commit.sh | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh index 1d3c56fe61..5ddac1a9f7 100755 --- a/t/t7510-signed-commit.sh +++ b/t/t7510-signed-commit.sh @@ -5,6 +5,8 @@ test_description='signed commit tests' . "$TEST_DIRECTORY/lib-gpg.sh" test_expect_success GPG 'create signed commits' ' + test_when_finished "test_unconfig commit.gpgsign" && + echo 1 >file && git add file && test_tick && git commit -S -m initial && git tag initial && @@ -25,12 +27,27 @@ test_expect_success GPG 'create signed commits' ' git tag fourth-unsigned && test_tick && git commit --amend -S -m "fourth signed" && - git tag fourth-signed + git tag fourth-signed && + + git config commit.gpgsign true && + echo 5 >file && test_tick && git commit -a -m "fifth signed" && + git tag fifth-signed && + + git config commit.gpgsign false && + echo 6 >file && test_tick && git commit -a -m "sixth" && + git tag sixth-unsigned && + + git config commit.gpgsign true && + echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign && + git tag seventh-unsigned && + + test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ && + git tag seventh-signed ' test_expect_success GPG 'show signatures' ' ( - for commit in initial second merge master + for commit in initial second merge fourth-signed fifth-signed sixth-signed master do git show --pretty=short --show-signature $commit >actual && grep "Good signature from" actual || exit 1 @@ -39,7 +56,7 @@ test_expect_success GPG 'show signatures' ' done ) && ( - for commit in merge^2 fourth-unsigned + for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned do git show --pretty=short --show-signature $commit >actual && grep "Good signature from" actual && exit 1 @@ -52,7 +69,7 @@ test_expect_success GPG 'show signatures' ' test_expect_success GPG 'detect fudged signature' ' git cat-file commit master >raw && - sed -e "s/fourth signed/4th forged/" raw >forged1 && + sed -e "s/seventh/7th forged/" raw >forged1 && git hash-object -w -t commit forged1 >forged1.commit && git show --pretty=short --show-signature $(cat forged1.commit) >actual1 && grep "BAD signature from" actual1 &&