[PATCH] Add the commit.gpgsign option to sign all commits

[PATCH] Add the commit.gpgsign option to sign all commits

[Nicolas Vigier]

If you want to GPG sign all your commits, you have to add the -S option
all the time. The commit.gpgsign config option allows to sign all
commits automatically.

Signed-off-by: Nicolas Vigier <boklm@mars-attacks.org>
---
 Documentation/config.txt | 3 +++
 builtin/commit-tree.c    | 7 ++++++-
 builtin/commit.c         | 4 ++++
 builtin/merge.c          | 3 +++
 4 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/Documentation/config.txt b/Documentation/config.txt
index ab26963d6187..4cfa557375a2 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -988,6 +988,9 @@ commit.cleanup::
 	have to remove the help lines that begin with `#` in the commit log
 	template yourself, if you do this).
 
+commit.gpgsign::
+	A boolean to specify whether all commits should be GPG signed.
+
 commit.status::
 	A boolean to enable/disable inclusion of status information in the
 	commit message template when using an editor to prepare the commit
diff --git a/builtin/commit-tree.c b/builtin/commit-tree.c
index f641ff2a898c..1646d5b25e4f 100644
--- a/builtin/commit-tree.c
+++ b/builtin/commit-tree.c
@@ -12,6 +12,8 @@
 
 static const char commit_tree_usage[] = "git commit-tree [(-p <sha1>)...] [-S[<keyid>]] [-m <message>] [-F <file>] <sha1> <changelog";
 
+static const char *sign_commit;
+
 static void new_parent(struct commit *parent, struct commit_list **parents_p)
 {
 	unsigned char *sha1 = parent->object.sha1;
@@ -31,6 +33,10 @@ static int commit_tree_config(const char *var, const char *value, void *cb)
 	int status = git_gpg_config(var, value, NULL);
 	if (status)
 		return status;
+	if (!strcmp(var, "commit.gpgsign")) {
+		sign_commit = git_config_bool(var, value) ? "" : NULL;
+		return 0;
+	}
 	return git_default_config(var, value, cb);
 }
 
@@ -41,7 +47,6 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix)
 	unsigned char tree_sha1[20];
 	unsigned char commit_sha1[20];
 	struct strbuf buffer = STRBUF_INIT;
-	const char *sign_commit = NULL;
 
 	git_config(commit_tree_config, NULL);
 
diff --git a/builtin/commit.c b/builtin/commit.c
index 6ab4605cf5c2..cffddf210807 100644
--- a/builtin/commit.c
+++ b/builtin/commit.c
@@ -1406,6 +1406,10 @@ static int git_commit_config(const char *k, const char *v, void *cb)
 	}
 	if (!strcmp(k, "commit.cleanup"))
 		return git_config_string(&cleanup_arg, k, v);
+	if (!strcmp(k, "commit.gpgsign")) {
+		sign_commit = git_config_bool(k, v) ? "" : NULL;
+		return 0;
+	}
 
 	status = git_gpg_config(k, v, NULL);
 	if (status)
diff --git a/builtin/merge.c b/builtin/merge.c
index 02a69c14e6ab..fea27244557d 100644
--- a/builtin/merge.c
+++ b/builtin/merge.c
@@ -604,6 +604,9 @@ static int git_merge_config(const char *k, const char *v, void *cb)
 	} else if (!strcmp(k, "merge.defaulttoupstream")) {
 		default_to_upstream = git_config_bool(k, v);
 		return 0;
+	} else if (!strcmp(k, "commit.gpgsign")) {
+		sign_commit = git_config_bool(k, v) ? "" : NULL;
+		return 0;
 	}
 
 	status = fmt_merge_msg_config(k, v, cb);
-- 
1.8.4.2

Re: [PATCH] Add the commit.gpgsign option to sign all commits

[Junio C Hamano]

Nicolas Vigier <boklm@mars-attacks.org> writes:

> If you want to GPG sign all your commits, you have to add the -S option
> all the time. The commit.gpgsign config option allows to sign all
> commits automatically.

I'm somewhat horrified to imagine the end-user experience this
"feature" adds to the system; if one sets htis configuration and
then runs "git rebase" or anything that internally creates or
recreates commits, does one have to sign each and every commit, even
if such a rebase was done merely as a trial run to see if a topic
can be rebased to an older codebase, or something?

>
> Signed-off-by: Nicolas Vigier <boklm@mars-attacks.org>
> ---
>  Documentation/config.txt | 3 +++
>  builtin/commit-tree.c    | 7 ++++++-
>  builtin/commit.c         | 4 ++++
>  builtin/merge.c          | 3 +++
>  4 files changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/config.txt b/Documentation/config.txt
> index ab26963d6187..4cfa557375a2 100644
> --- a/Documentation/config.txt
> +++ b/Documentation/config.txt
> @@ -988,6 +988,9 @@ commit.cleanup::
>  	have to remove the help lines that begin with `#` in the commit log
>  	template yourself, if you do this).
>  
> +commit.gpgsign::
> +	A boolean to specify whether all commits should be GPG signed.
> +
>  commit.status::
>  	A boolean to enable/disable inclusion of status information in the
>  	commit message template when using an editor to prepare the commit
> diff --git a/builtin/commit-tree.c b/builtin/commit-tree.c
> index f641ff2a898c..1646d5b25e4f 100644
> --- a/builtin/commit-tree.c
> +++ b/builtin/commit-tree.c
> @@ -12,6 +12,8 @@
>  
>  static const char commit_tree_usage[] = "git commit-tree [(-p <sha1>)...] [-S[<keyid>]] [-m <message>] [-F <file>] <sha1> <changelog";
>  
> +static const char *sign_commit;
> +
>  static void new_parent(struct commit *parent, struct commit_list **parents_p)
>  {
>  	unsigned char *sha1 = parent->object.sha1;
> @@ -31,6 +33,10 @@ static int commit_tree_config(const char *var, const char *value, void *cb)
>  	int status = git_gpg_config(var, value, NULL);
>  	if (status)
>  		return status;
> +	if (!strcmp(var, "commit.gpgsign")) {
> +		sign_commit = git_config_bool(var, value) ? "" : NULL;
> +		return 0;
> +	}
>  	return git_default_config(var, value, cb);
>  }
>  
> @@ -41,7 +47,6 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix)
>  	unsigned char tree_sha1[20];
>  	unsigned char commit_sha1[20];
>  	struct strbuf buffer = STRBUF_INIT;
> -	const char *sign_commit = NULL;
>  
>  	git_config(commit_tree_config, NULL);
>  
> diff --git a/builtin/commit.c b/builtin/commit.c
> index 6ab4605cf5c2..cffddf210807 100644
> --- a/builtin/commit.c
> +++ b/builtin/commit.c
> @@ -1406,6 +1406,10 @@ static int git_commit_config(const char *k, const char *v, void *cb)
>  	}
>  	if (!strcmp(k, "commit.cleanup"))
>  		return git_config_string(&cleanup_arg, k, v);
> +	if (!strcmp(k, "commit.gpgsign")) {
> +		sign_commit = git_config_bool(k, v) ? "" : NULL;
> +		return 0;
> +	}
>  
>  	status = git_gpg_config(k, v, NULL);
>  	if (status)
> diff --git a/builtin/merge.c b/builtin/merge.c
> index 02a69c14e6ab..fea27244557d 100644
> --- a/builtin/merge.c
> +++ b/builtin/merge.c
> @@ -604,6 +604,9 @@ static int git_merge_config(const char *k, const char *v, void *cb)
>  	} else if (!strcmp(k, "merge.defaulttoupstream")) {
>  		default_to_upstream = git_config_bool(k, v);
>  		return 0;
> +	} else if (!strcmp(k, "commit.gpgsign")) {
> +		sign_commit = git_config_bool(k, v) ? "" : NULL;
> +		return 0;
>  	}
>  
>  	status = fmt_merge_msg_config(k, v, cb);

Re: [PATCH] Add the commit.gpgsign option to sign all commits

[Nicolas Vigier]

On Mon, 04 Nov 2013, Junio C Hamano wrote:

> Nicolas Vigier <boklm@mars-attacks.org> writes:
> 
> > If you want to GPG sign all your commits, you have to add the -S option
> > all the time. The commit.gpgsign config option allows to sign all
> > commits automatically.
> 
> I'm somewhat horrified to imagine the end-user experience this
> "feature" adds to the system; if one sets htis configuration and
> then runs "git rebase" or anything that internally creates or
> recreates commits, does one have to sign each and every commit, even
> if such a rebase was done merely as a trial run to see if a topic
> can be rebased to an older codebase, or something?

Yes, all rebased commits will be signed, even if it was done as a trial
run. But I don't see this as a problem. The signature indicate who did
the rebase.

Re: [PATCH] Add the commit.gpgsign option to sign all commits

[brian m. carlson]

[-- Attachment #1: Type: text/plain, Size: 1037 bytes --]

On Mon, Nov 04, 2013 at 03:43:37PM -0800, Junio C Hamano wrote:
> Nicolas Vigier <boklm@mars-attacks.org> writes:
> 
> > If you want to GPG sign all your commits, you have to add the -S option
> > all the time. The commit.gpgsign config option allows to sign all
> > commits automatically.
> 
> I'm somewhat horrified to imagine the end-user experience this
> "feature" adds to the system; if one sets htis configuration and
> then runs "git rebase" or anything that internally creates or
> recreates commits, does one have to sign each and every commit, even
> if such a rebase was done merely as a trial run to see if a topic
> can be rebased to an older codebase, or something?

Probably so, but you can use an agent so this happens automatically.
It's not very useful for people who don't use an agent.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [PATCH] Add the commit.gpgsign option to sign all commits

[Nicolas Vigier]

On Mon, 04 Nov 2013, Junio C Hamano wrote:

> Nicolas Vigier <boklm@mars-attacks.org> writes:
> 
> > If you want to GPG sign all your commits, you have to add the -S option
> > all the time. The commit.gpgsign config option allows to sign all
> > commits automatically.
> 
> I'm somewhat horrified to imagine the end-user experience this
> "feature" adds to the system; if one sets htis configuration and
> then runs "git rebase" or anything that internally creates or
> recreates commits, does one have to sign each and every commit, even
> if such a rebase was done merely as a trial run to see if a topic
> can be rebased to an older codebase, or something?

If the problem is users having to type their passphrase to sign each
commit, we can suggest using an agent in the option description :

  commit.gpgsign::
	A boolean to specify whether all commits should be GPG signed.
	Use of this option when doing operations such as rebase can
	result in a large number of commits being signed. It is therefore
	convenient to use an agent to avoid typing your gpg passphrase
	several times.


An example of why someone might want to use this option is :

You use git to store deployement scripts for some servers. Those
servers have a cron job that pull from the git repository and run the
scripts as root. Anyone with root access on the server hosting the git
repository can then gain root access to all your servers quite easily.
You want to avoid this, so you decide that all commits should be gpg
signed, and your servers will now do "git pull --verify-signatures".
People who work on this repository will want to set "commit.gpgsign"
so they don't have to add the -S option all the time.

Re: [PATCH] Add the commit.gpgsign option to sign all commits

[Junio C Hamano]

Nicolas Vigier <boklm@mars-attacks.org> writes:

> If the problem is users having to type their passphrase to sign each
> commit, we can suggest using an agent in the option description:

Yeah, that is probably a good idea.

[PATCH] Add the commit.gpgsign option to sign all commits

[Nicolas Vigier]

If you want to GPG sign all your commits, you have to add the -S option
all the time. The commit.gpgsign config option allows to sign all
commits automatically.

Signed-off-by: Nicolas Vigier <boklm@mars-attacks.org>
---
The option description now suggests using an agent.

 Documentation/config.txt | 7 +++++++
 builtin/commit-tree.c    | 7 ++++++-
 builtin/commit.c         | 4 ++++
 builtin/merge.c          | 3 +++
 4 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/Documentation/config.txt b/Documentation/config.txt
index ab26963d6187..ffaa37752a39 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -988,6 +988,13 @@ commit.cleanup::
 	have to remove the help lines that begin with `#` in the commit log
 	template yourself, if you do this).
 
+commit.gpgsign::
+	A boolean to specify whether all commits should be GPG signed.
+	Use of this option when doing operations such as rebase can
+	result in a large number of commits being signed. It is therefore
+	convenient to use an agent to avoid typing your gpg passphrase
+	several times.
+
 commit.status::
 	A boolean to enable/disable inclusion of status information in the
 	commit message template when using an editor to prepare the commit
diff --git a/builtin/commit-tree.c b/builtin/commit-tree.c
index f641ff2a898c..1646d5b25e4f 100644
--- a/builtin/commit-tree.c
+++ b/builtin/commit-tree.c
@@ -12,6 +12,8 @@
 
 static const char commit_tree_usage[] = "git commit-tree [(-p <sha1>)...] [-S[<keyid>]] [-m <message>] [-F <file>] <sha1> <changelog";
 
+static const char *sign_commit;
+
 static void new_parent(struct commit *parent, struct commit_list **parents_p)
 {
 	unsigned char *sha1 = parent->object.sha1;
@@ -31,6 +33,10 @@ static int commit_tree_config(const char *var, const char *value, void *cb)
 	int status = git_gpg_config(var, value, NULL);
 	if (status)
 		return status;
+	if (!strcmp(var, "commit.gpgsign")) {
+		sign_commit = git_config_bool(var, value) ? "" : NULL;
+		return 0;
+	}
 	return git_default_config(var, value, cb);
 }
 
@@ -41,7 +47,6 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix)
 	unsigned char tree_sha1[20];
 	unsigned char commit_sha1[20];
 	struct strbuf buffer = STRBUF_INIT;
-	const char *sign_commit = NULL;
 
 	git_config(commit_tree_config, NULL);
 
diff --git a/builtin/commit.c b/builtin/commit.c
index 6ab4605cf5c2..cffddf210807 100644
--- a/builtin/commit.c
+++ b/builtin/commit.c
@@ -1406,6 +1406,10 @@ static int git_commit_config(const char *k, const char *v, void *cb)
 	}
 	if (!strcmp(k, "commit.cleanup"))
 		return git_config_string(&cleanup_arg, k, v);
+	if (!strcmp(k, "commit.gpgsign")) {
+		sign_commit = git_config_bool(k, v) ? "" : NULL;
+		return 0;
+	}
 
 	status = git_gpg_config(k, v, NULL);
 	if (status)
diff --git a/builtin/merge.c b/builtin/merge.c
index 02a69c14e6ab..fea27244557d 100644
--- a/builtin/merge.c
+++ b/builtin/merge.c
@@ -604,6 +604,9 @@ static int git_merge_config(const char *k, const char *v, void *cb)
 	} else if (!strcmp(k, "merge.defaulttoupstream")) {
 		default_to_upstream = git_config_bool(k, v);
 		return 0;
+	} else if (!strcmp(k, "commit.gpgsign")) {
+		sign_commit = git_config_bool(k, v) ? "" : NULL;
+		return 0;
 	}
 
 	status = fmt_merge_msg_config(k, v, cb);
-- 
1.8.4.2