merge/pull: verify GPG signatures of commits being merged

When --verify-signatures is specified on the command-line of git-merge or git-pull, check whether the commits being merged have good gpg signatures and abort the merge in case they do not. This allows e.g. auto-deployment from untrusted repo hosts. Signed-off-by: Sebastian Götte <jaseg@physik-pool.tu-berlin.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Sebastian Götte <jaseg@physik.tu-berlin.de> 2013-03-31 18:02:24 +0200
committer: Junio C Hamano <gitster@pobox.com> 2013-03-31 19:23:59 -0700
commit: efed0022492b81bf59d29193c4ffe96492dd9e9b (patch)
tree: 51a16967d90213fc5746c590dbd49c4193d5b20d /Documentation
parent: commit.c/GPG signature verification: Also look at the first GPG status line (diff)
download: tgif-efed0022492b81bf59d29193c4ffe96492dd9e9b.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/Documentation/merge-options.txt b/Documentation/merge-options.txt
index 0bcbe0ac3c..31f1067521 100644
--- a/Documentation/merge-options.txt
+++ b/Documentation/merge-options.txt
@@ -83,6 +83,11 @@ option can be used to override --squash.
 	Pass merge strategy specific option through to the merge
 	strategy.
 
+--verify-signatures::
+--no-verify-signatures::
+	Verify that the commits being merged have good GPG signatures and abort the
+	merge in case they do not.
+
 --summary::
 --no-summary::
 	Synonyms to --stat and --no-stat; these are deprecated and will be
author	Sebastian Götte <jaseg@physik.tu-berlin.de>	2013-03-31 18:02:24 +0200
committer	Junio C Hamano <gitster@pobox.com>	2013-03-31 19:23:59 -0700
commit	efed0022492b81bf59d29193c4ffe96492dd9e9b (patch)
tree	51a16967d90213fc5746c590dbd49c4193d5b20d /Documentation
parent	commit.c/GPG signature verification: Also look at the first GPG status line (diff)
download	tgif-efed0022492b81bf59d29193c4ffe96492dd9e9b.tar.xz