diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2014-02-27 14:01:03 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-02-27 14:01:03 -0800 |
| commit | 810273bc33b1f50191f90deef74277ee84174efd (patch) | |
| tree | c6295f6cd956f71be4044032f077e75f0d9b7237 | |
| parent | Git 1.9.0 (diff) | |
| parent | test the commit.gpgsign config option (diff) | |
| download | tgif-810273bc33b1f50191f90deef74277ee84174efd.tar.xz | |
Merge branch 'nv/commit-gpgsign-config'
Introduce commit.gpgsign configuration variable to force every
commit to be GPG signed. The variable cannot be overriden from the
command line of some of the commands that create commits except for
"git commit" and "git commit-tree", but I am not convinced that it
is a good idea to sprinkle support for --no-gpg-sign everywhere,
which in turn means that this configuration variable may not be
such a good idea.
* nv/commit-gpgsign-config:
test the commit.gpgsign config option
commit-tree: add and document --no-gpg-sign
commit-tree: add the commit.gpgsign option to sign all commits
| -rw-r--r-- | Documentation/config.txt | 8 | ||||
| -rw-r--r-- | Documentation/git-commit-tree.txt | 5 | ||||
| -rw-r--r-- | Documentation/git-commit.txt | 4 | ||||
| -rw-r--r-- | builtin/commit-tree.c | 12 | ||||
| -rw-r--r-- | builtin/commit.c | 4 | ||||
| -rw-r--r-- | builtin/merge.c | 3 | ||||
| -rwxr-xr-x | t/t7510-signed-commit.sh | 25 |
7 files changed, 56 insertions, 5 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt index 5f4d7939ed..a23392ca6a 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -992,6 +992,14 @@ commit.cleanup:: have to remove the help lines that begin with `#` in the commit log template yourself, if you do this). +commit.gpgsign:: + + A boolean to specify whether all commits should be GPG signed. + Use of this option when doing operations such as rebase can + result in a large number of commits being signed. It may be + convenient to use an agent to avoid typing your GPG passphrase + several times. + commit.status:: A boolean to enable/disable inclusion of status information in the commit message template when using an editor to prepare the commit diff --git a/Documentation/git-commit-tree.txt b/Documentation/git-commit-tree.txt index cafdc9642d..a469eab066 100644 --- a/Documentation/git-commit-tree.txt +++ b/Documentation/git-commit-tree.txt @@ -55,8 +55,13 @@ OPTIONS from the standard input. -S[<keyid>]:: +--gpg-sign[=<keyid>]:: GPG-sign commit. +--no-gpg-sign:: + Countermand `commit.gpgsign` configuration variable that is + set to force each and every commit to be signed. + Commit Information ------------------ diff --git a/Documentation/git-commit.txt b/Documentation/git-commit.txt index 1a7616c73a..7c42e9cabc 100644 --- a/Documentation/git-commit.txt +++ b/Documentation/git-commit.txt @@ -302,6 +302,10 @@ configuration variable documented in linkgit:git-config[1]. --gpg-sign[=<keyid>]:: GPG-sign commit. +--no-gpg-sign:: + Countermand `commit.gpgsign` configuration variable that is + set to force each and every commit to be signed. + \--:: Do not interpret any more arguments as options. diff --git a/builtin/commit-tree.c b/builtin/commit-tree.c index f641ff2a89..987a4c3d73 100644 --- a/builtin/commit-tree.c +++ b/builtin/commit-tree.c @@ -12,6 +12,8 @@ static const char commit_tree_usage[] = "git commit-tree [(-p <sha1>)...] [-S[<keyid>]] [-m <message>] [-F <file>] <sha1> <changelog"; +static const char *sign_commit; + static void new_parent(struct commit *parent, struct commit_list **parents_p) { unsigned char *sha1 = parent->object.sha1; @@ -31,6 +33,10 @@ static int commit_tree_config(const char *var, const char *value, void *cb) int status = git_gpg_config(var, value, NULL); if (status) return status; + if (!strcmp(var, "commit.gpgsign")) { + sign_commit = git_config_bool(var, value) ? "" : NULL; + return 0; + } return git_default_config(var, value, cb); } @@ -41,7 +47,6 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix) unsigned char tree_sha1[20]; unsigned char commit_sha1[20]; struct strbuf buffer = STRBUF_INIT; - const char *sign_commit = NULL; git_config(commit_tree_config, NULL); @@ -66,6 +71,11 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix) continue; } + if (!strcmp(arg, "--no-gpg-sign")) { + sign_commit = NULL; + continue; + } + if (!strcmp(arg, "-m")) { if (argc <= ++i) usage(commit_tree_usage); diff --git a/builtin/commit.c b/builtin/commit.c index 3767478c6d..9c51b129e8 100644 --- a/builtin/commit.c +++ b/builtin/commit.c @@ -1406,6 +1406,10 @@ static int git_commit_config(const char *k, const char *v, void *cb) } if (!strcmp(k, "commit.cleanup")) return git_config_string(&cleanup_arg, k, v); + if (!strcmp(k, "commit.gpgsign")) { + sign_commit = git_config_bool(k, v) ? "" : NULL; + return 0; + } status = git_gpg_config(k, v, NULL); if (status) diff --git a/builtin/merge.c b/builtin/merge.c index e576a7fdc6..f0cf1205fa 100644 --- a/builtin/merge.c +++ b/builtin/merge.c @@ -597,6 +597,9 @@ static int git_merge_config(const char *k, const char *v, void *cb) } else if (!strcmp(k, "merge.defaulttoupstream")) { default_to_upstream = git_config_bool(k, v); return 0; + } else if (!strcmp(k, "commit.gpgsign")) { + sign_commit = git_config_bool(k, v) ? "" : NULL; + return 0; } status = fmt_merge_msg_config(k, v, cb); diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh index 1d3c56fe61..5ddac1a9f7 100755 --- a/t/t7510-signed-commit.sh +++ b/t/t7510-signed-commit.sh @@ -5,6 +5,8 @@ test_description='signed commit tests' . "$TEST_DIRECTORY/lib-gpg.sh" test_expect_success GPG 'create signed commits' ' + test_when_finished "test_unconfig commit.gpgsign" && + echo 1 >file && git add file && test_tick && git commit -S -m initial && git tag initial && @@ -25,12 +27,27 @@ test_expect_success GPG 'create signed commits' ' git tag fourth-unsigned && test_tick && git commit --amend -S -m "fourth signed" && - git tag fourth-signed + git tag fourth-signed && + + git config commit.gpgsign true && + echo 5 >file && test_tick && git commit -a -m "fifth signed" && + git tag fifth-signed && + + git config commit.gpgsign false && + echo 6 >file && test_tick && git commit -a -m "sixth" && + git tag sixth-unsigned && + + git config commit.gpgsign true && + echo 7 >file && test_tick && git commit -a -m "seventh" --no-gpg-sign && + git tag seventh-unsigned && + + test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ && + git tag seventh-signed ' test_expect_success GPG 'show signatures' ' ( - for commit in initial second merge master + for commit in initial second merge fourth-signed fifth-signed sixth-signed master do git show --pretty=short --show-signature $commit >actual && grep "Good signature from" actual || exit 1 @@ -39,7 +56,7 @@ test_expect_success GPG 'show signatures' ' done ) && ( - for commit in merge^2 fourth-unsigned + for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned do git show --pretty=short --show-signature $commit >actual && grep "Good signature from" actual && exit 1 @@ -52,7 +69,7 @@ test_expect_success GPG 'show signatures' ' test_expect_success GPG 'detect fudged signature' ' git cat-file commit master >raw && - sed -e "s/fourth signed/4th forged/" raw >forged1 && + sed -e "s/seventh/7th forged/" raw >forged1 && git hash-object -w -t commit forged1 >forged1.commit && git show --pretty=short --show-signature $(cat forged1.commit) >actual1 && grep "BAD signature from" actual1 && |