From: Jacob Sarvis<jsar...@openspan.com> log: Read gpg settings for signed commit verification
Commit signature verification fails when alternative gpg.program
signs the commit, but gpg attempts to verify the signature.
"show --show-signature" and "log --show-signature" do not read
the gpg.program setting from git config.
Commit signing, tag signing, and tag verification use this setting
properly.
Make log and show commands pass through settings to gpg interface.
Signed-off-by: Hans Brigman <hbrig...@openspan.com>
---
builtin/log.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/builtin/log.c b/builtin/log.c
index 8f0b2e8..31f5a9e 100644
--- a/builtin/log.c
+++ b/builtin/log.c
@@ -23,6 +23,7 @@
#include "streaming.h"
#include "version.h"
#include "mailmap.h"
+#include "gpg-interface.h"
/* Set a default date-time format for git log ("log.date" config variable) */
static const char *default_date_mode = NULL;
@@ -364,7 +365,8 @@ static int git_log_config(const char *var, const char
*value, void *cb)
use_mailmap_config = git_config_bool(var, value);
return 0;
}
-
+ if (git_gpg_config(var, value, cb) < 0)
+ return -1;
if (grep_config(var, value, cb) < 0)
return -1;
return git_diff_ui_config(var, value, cb);
--
1.7.11.msysgit.0
On Mon, Mar 25, 2013 at 01:03:52PM -0500, Hans Brigman wrote:
> "show --show-signature" doesn't currently use the gpg.program setting.
> Commit signing, tag signing, and tag verification currently use this setting
> properly, so the logic has been added to handle it here as well.
Please wrap your commit messages at something reasonable (70 is probably as
high as you want to go, given that log output is often shown indented).
> @@ -364,7 +365,8 @@ static int git_log_config(const char *var, const char
> *value, void *cb)
> use_mailmap_config = git_config_bool(var, value);
> return 0;
> }
> -
> + if (!prefixcmp(var, "gpg."))
> + return git_gpg_config(var, value, NULL);
> if (grep_config(var, value, cb) < 0)
> return -1;
The gpg config can also be other places than "gpg.*". Right now it is just
user.signingkey, which log would not care about, but it feels like we are
depending an unnecessary detail here. We also don't know whether it would care
about the callback data. Is there a reason not to do:
if (git_gpg_config(var, value, cb) < 0)
return -1;
just like the grep_config call below?
-Peff
0001-log-Read-gpg-settings-for-signed-commit-verification.patch
Description: 0001-log-Read-gpg-settings-for-signed-commit-verification.patch
