diff options
Diffstat (limited to 'Documentation/config')
| -rw-r--r-- | Documentation/config/gpg.txt | 9 | ||||
| -rw-r--r-- | Documentation/config/grep.txt | 3 | ||||
| -rw-r--r-- | Documentation/config/user.txt | 17 |
3 files changed, 19 insertions, 10 deletions
diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt index 4f30c7dbdd..0cb189a077 100644 --- a/Documentation/config/gpg.txt +++ b/Documentation/config/gpg.txt @@ -34,7 +34,7 @@ gpg.minTrustLevel:: * `fully` * `ultimate` -gpg.ssh.defaultKeyCommand: +gpg.ssh.defaultKeyCommand:: This command that will be run when user.signingkey is not set and a ssh signature is requested. On successful exit a valid ssh public key is expected in the first line of its output. To automatically use the first @@ -44,7 +44,7 @@ gpg.ssh.allowedSignersFile:: A file containing ssh public keys which you are willing to trust. The file consists of one or more lines of principals followed by an ssh public key. - e.g.: user1@example.com,user2@example.com ssh-rsa AAAAX1... + e.g.: `user1@example.com,user2@example.com ssh-rsa AAAAX1...` See ssh-keygen(1) "ALLOWED SIGNERS" for details. The principal is only used to identify the key and is available when verifying a signature. @@ -64,6 +64,11 @@ A repository that only allows signed commits can store the file in the repository itself using a path relative to the top-level of the working tree. This way only committers with an already valid key can add or change keys in the keyring. + +Since OpensSSH 8.8 this file allows specifying a key lifetime using valid-after & +valid-before options. Git will mark signatures as valid if the signing key was +valid at the time of the signatures creation. This allows users to change a +signing key without invalidating all previously made signatures. ++ Using a SSH CA key with the cert-authority option (see ssh-keygen(1) "CERTIFICATES") is also valid. diff --git a/Documentation/config/grep.txt b/Documentation/config/grep.txt index 44abe45a7c..182edd813a 100644 --- a/Documentation/config/grep.txt +++ b/Documentation/config/grep.txt @@ -8,7 +8,8 @@ grep.patternType:: Set the default matching behavior. Using a value of 'basic', 'extended', 'fixed', or 'perl' will enable the `--basic-regexp`, `--extended-regexp`, `--fixed-strings`, or `--perl-regexp` option accordingly, while the - value 'default' will return to the default matching behavior. + value 'default' will use the `grep.extendedRegexp` option to choose + between 'basic' and 'extended'. grep.extendedRegexp:: If set to true, enable `--extended-regexp` option by default. This diff --git a/Documentation/config/user.txt b/Documentation/config/user.txt index ad78dce9ec..ec9233b060 100644 --- a/Documentation/config/user.txt +++ b/Documentation/config/user.txt @@ -36,10 +36,13 @@ user.signingKey:: commit, you can override the default selection with this variable. This option is passed unchanged to gpg's --local-user parameter, so you may specify a key using any method that gpg supports. - If gpg.format is set to "ssh" this can contain the literal ssh public - key (e.g.: "ssh-rsa XXXXXX identifier") or a file which contains it and - corresponds to the private key used for signing. The private key - needs to be available via ssh-agent. Alternatively it can be set to - a file containing a private key directly. If not set git will call - gpg.ssh.defaultKeyCommand (e.g.: "ssh-add -L") and try to use the first - key available. + If gpg.format is set to `ssh` this can contain the path to either + your private ssh key or the public key when ssh-agent is used. + Alternatively it can contain a public key prefixed with `key::` + directly (e.g.: "key::ssh-rsa XXXXXX identifier"). The private key + needs to be available via ssh-agent. If not set git will call + gpg.ssh.defaultKeyCommand (e.g.: "ssh-add -L") and try to use the + first key available. For backward compatibility, a raw key which + begins with "ssh-", such as "ssh-rsa XXXXXX identifier", is treated + as "key::ssh-rsa XXXXXX identifier", but this form is deprecated; + use the `key::` form instead. |