From: Junio C Hamano <gitster@pobox.com>
To: git@vger.kernel.org
Subject: [PATCH 00/10] Pulling signed tag
Date: Fri, 4 Nov 2011 23:01:30 -0700 [thread overview]
Message-ID: <1320472900-6601-1-git-send-email-gitster@pobox.com> (raw)
This is my fourth iteration to solve the "how can we allow authenticity of
work by contributors to be validated by the integrator and leave enough
information for later audit by third parties" topic. What is unusual is
that this is not a fourth re-roll of one approach re-re-re-polished, but
these four are all based on different design.
This round is based on Linus's "let the integrator pull signed tag from
the contributor" design.
The first patch is the same as the one at the bottom of the third
iteration which was jc/signed-commit topic. The rest are new.
1. Split GPG interface into its own helper library
2. fetch: do not store peeled tag object names in FETCH_HEAD
3. merge: notice local merging of tags and keep it unwrapped
4. fetch: allow "git fetch $there v1.0" to fetch a tag
5. tests: distinguish merges of tags and commits
"git fetch" used to peel tags too early when storing in FETCH_HEAD (the
input to fmt-merge-msg), and "git merge" did the same when internally
preparing the list of what are merged to feed the internal fmt-merge-msg.
The above four stops doing so, whose effect can be seen in the changes to
the test vector in the fifth patch.
6. refs DWIMmery: use the same rule for both "git fetch" and others
You can pull a tag with "git pull $there tags/for-linus", but this allows
you to say "git pull $there for-linus".
7. fmt-merge-msg: avoid early returns
8. fmt-merge-msg: package options into a structure
9. fmt-merge-msg: Add contents of merged tag in the merge message
The first two of this segment are small clean-ups to make the third one
possible. When merging signed tag(s), the merge message is prepared with
the contents of the tag object for later independent audit at the end, and
also contains the output from the GPG verification process as the comment
to help the integrator verify it.
10. merge: force edit mode when merging a tag object
And in order to _show_ that comment, we would need to show it in the
editor before the commit happens, hence this conclusion patch.
Makefile | 2 +
builtin.h | 8 +-
builtin/fetch.c | 3 +-
builtin/fmt-merge-msg.c | 126 +++++++++++++++----
builtin/merge.c | 28 +++-
builtin/tag.c | 76 +----------
builtin/verify-tag.c | 35 +-----
cache.h | 2 +-
gpg-interface.c | 138 ++++++++++++++++++++
gpg-interface.h | 10 ++
refs.c | 7 -
t/t4202-log.sh | 4 +-
t/t5510-fetch.sh | 5 +-
t/t5515/fetch.br-branches-default | 6 +-
t/t5515/fetch.br-branches-default-merge | 6 +-
...etch.br-branches-default-merge_branches-default | 6 +-
t/t5515/fetch.br-branches-default-octopus | 6 +-
...ch.br-branches-default-octopus_branches-default | 6 +-
t/t5515/fetch.br-branches-default_branches-default | 6 +-
t/t5515/fetch.br-branches-one | 6 +-
t/t5515/fetch.br-branches-one-merge | 6 +-
t/t5515/fetch.br-branches-one-merge_branches-one | 6 +-
t/t5515/fetch.br-branches-one-octopus | 6 +-
t/t5515/fetch.br-branches-one-octopus_branches-one | 6 +-
t/t5515/fetch.br-branches-one_branches-one | 6 +-
t/t5515/fetch.br-config-explicit | 6 +-
t/t5515/fetch.br-config-explicit-merge | 6 +-
.../fetch.br-config-explicit-merge_config-explicit | 6 +-
t/t5515/fetch.br-config-explicit-octopus | 6 +-
...etch.br-config-explicit-octopus_config-explicit | 6 +-
t/t5515/fetch.br-config-explicit_config-explicit | 6 +-
t/t5515/fetch.br-config-glob | 6 +-
t/t5515/fetch.br-config-glob-merge | 6 +-
t/t5515/fetch.br-config-glob-merge_config-glob | 6 +-
t/t5515/fetch.br-config-glob-octopus | 6 +-
t/t5515/fetch.br-config-glob-octopus_config-glob | 6 +-
t/t5515/fetch.br-config-glob_config-glob | 6 +-
t/t5515/fetch.br-remote-explicit | 6 +-
t/t5515/fetch.br-remote-explicit-merge | 6 +-
.../fetch.br-remote-explicit-merge_remote-explicit | 6 +-
t/t5515/fetch.br-remote-explicit-octopus | 6 +-
...etch.br-remote-explicit-octopus_remote-explicit | 6 +-
t/t5515/fetch.br-remote-explicit_remote-explicit | 6 +-
t/t5515/fetch.br-remote-glob | 6 +-
t/t5515/fetch.br-remote-glob-merge | 6 +-
t/t5515/fetch.br-remote-glob-merge_remote-glob | 6 +-
t/t5515/fetch.br-remote-glob-octopus | 6 +-
t/t5515/fetch.br-remote-glob-octopus_remote-glob | 6 +-
t/t5515/fetch.br-remote-glob_remote-glob | 6 +-
t/t5515/fetch.br-unconfig | 6 +-
t/t5515/fetch.br-unconfig_--tags_.._.git | 6 +-
...nfig_.._.git_one_tag_tag-one_tag_tag-three-file | 6 +-
...fig_.._.git_tag_tag-one-tree_tag_tag-three-file | 6 +-
...h.br-unconfig_.._.git_tag_tag-one_tag_tag-three | 6 +-
t/t5515/fetch.br-unconfig_branches-default | 6 +-
t/t5515/fetch.br-unconfig_branches-one | 6 +-
t/t5515/fetch.br-unconfig_config-explicit | 6 +-
t/t5515/fetch.br-unconfig_config-glob | 6 +-
t/t5515/fetch.br-unconfig_remote-explicit | 6 +-
t/t5515/fetch.br-unconfig_remote-glob | 6 +-
t/t5515/fetch.master | 6 +-
t/t5515/fetch.master_--tags_.._.git | 6 +-
...ster_.._.git_one_tag_tag-one_tag_tag-three-file | 6 +-
...ter_.._.git_tag_tag-one-tree_tag_tag-three-file | 6 +-
.../fetch.master_.._.git_tag_tag-one_tag_tag-three | 6 +-
t/t5515/fetch.master_branches-default | 6 +-
t/t5515/fetch.master_branches-one | 6 +-
t/t5515/fetch.master_config-explicit | 6 +-
t/t5515/fetch.master_config-glob | 6 +-
t/t5515/fetch.master_remote-explicit | 6 +-
t/t5515/fetch.master_remote-glob | 6 +-
t/t7600-merge.sh | 6 +-
t/t7604-merge-custom-message.sh | 2 +-
t/t7608-merge-messages.sh | 4 +-
tag.c | 5 +
75 files changed, 482 insertions(+), 327 deletions(-)
create mode 100644 gpg-interface.c
create mode 100644 gpg-interface.h
--
1.7.8.rc0.108.g71b5ec
next reply other threads:[~2011-11-05 6:02 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-05 6:01 Junio C Hamano [this message]
2011-11-05 6:01 ` [PATCH 01/10] Split GPG interface into its own helper library Junio C Hamano
2011-11-05 6:01 ` [PATCH 02/10] fetch: do not store peeled tag object names in FETCH_HEAD Junio C Hamano
2011-11-05 6:01 ` [PATCH 03/10] merge: notice local merging of tags and keep it unwrapped Junio C Hamano
2011-11-05 6:01 ` [PATCH 04/10] fetch: allow "git fetch $there v1.0" to fetch a tag Junio C Hamano
2011-11-05 6:01 ` [PATCH 05/10] tests: distinguish merges of tags and commits Junio C Hamano
2011-11-05 6:01 ` [PATCH 06/10] refs DWIMmery: use the same rule for both "git fetch" and others Junio C Hamano
2011-11-05 6:01 ` [PATCH 07/10] fmt-merge-msg: avoid early returns Junio C Hamano
2011-11-05 6:01 ` [PATCH 08/10] fmt-merge-msg: package options into a structure Junio C Hamano
2011-11-05 6:01 ` [PATCH 09/10] fmt-merge-msg: Add contents of merged tag in the merge message Junio C Hamano
2011-11-05 8:43 ` Johannes Sixt
2011-11-06 6:03 ` Junio C Hamano
2011-11-05 6:01 ` [PATCH 10/10] merge: force edit mode when merging a tag object Junio C Hamano
2011-11-05 9:27 ` [PATCH 00/10] Pulling signed tag Nguyen Thai Ngoc Duy
2011-11-08 3:00 ` [PATCH v2 00/12] Pulling signed/annotated tags Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 01/12] Split GPG interface into its own helper library Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 02/12] fetch: do not store peeled tag object names in FETCH_HEAD Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 03/12] merge: notice local merging of tags and keep it unwrapped Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 04/12] fetch: allow "git fetch $there v1.0" to fetch a tag Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 05/12] refs DWIMmery: use the same rule for both "git fetch" and others Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 06/12] fmt-merge-msg: avoid early returns Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 07/12] fmt-merge-msg: package options into a structure Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 08/12] fmt-merge-msg: Add contents of merged tag in the merge message Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 09/12] merge: make usage of commit->util more extensible Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 10/12] merge: record tag objects without peeling in MERGE_HEAD Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 11/12] commit: copy merged signed tags to headers of merge commit Junio C Hamano
2011-11-08 3:00 ` [PATCH v2 12/12] merge: force edit mode when merging a tag object Junio C Hamano
2011-11-08 4:20 ` [PATCH v2 00/12] Pulling signed/annotated tags Linus Torvalds
2011-11-08 5:10 ` Junio C Hamano
2011-11-08 5:31 ` Linus Torvalds
2011-11-08 5:37 ` Junio C Hamano
2011-11-08 21:45 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1320472900-6601-1-git-send-email-gitster@pobox.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).