From: Justin Tobler <jltobler@gmail.com>
To: git@vger.kernel.org
Cc: christian.couder@gmail.com, gitster@pobox.com,
Justin Tobler <jltobler@gmail.com>
Subject: [PATCH v2 0/5] fast-import: extend signed object handling modes
Date: Thu, 26 Mar 2026 14:14:09 -0500 [thread overview]
Message-ID: <20260326191414.3783974-1-jltobler@gmail.com> (raw)
Greetings,
The '--signed-{commits,tags}=<mode>' options for git-fast-import(1)
allow users to configure how signed objects should be handled at time of
import. With c20f112e51 (fast-import: add 'strip-if-invalid' mode to
--signed-commits=<mode>, 2025-11-17) and ee66c793f8 (fast-import: add
mode to sign commits with invalid signatures, 2026-03-12), the
'strip-if-invalid' and 'sign-if-invalid' modes were added for the
'--signed-commits' option only.
This series extends '--signed-commits' by adding an 'abort-if-invalid'
mode which aborts the entire import operation when a commit signature
fails verification. Additionally, the '--signed-tags' option is brought
into parity with '--signed-commits' by supporting equivalent,
'strip-if-invalid', 'sign-if-invalid', and 'abort-if-invalid' modes.
This series is built on top of 1080981ddb (The 19th batch, 2026-03-23)
with ee66c793f8 (fast-import: add mode to sign commits with invalid
signatures, 2026-03-12) merged into it.
Changes since V1:
- Added a prepatory patch which unifies how unsupported signing modes
are handled for git-fast-export(1). Now they are treated like any
other unknown signing mode. Unsupported signing modes for
'--signed-tags' in git-fast-import(1) are left alone because this
series progressively adds support for all these currently unsupported
modes.
Thanks,
-Justin
Justin Tobler (5):
fast-export: check for unsupported signing modes earlier
fast-import: add 'abort-if-invalid' mode to '--signed-commits=<mode>'
fast-import: add 'strip-if-invalid' mode to '--signed-tags=<mode>'
fast-import: add 'sign-if-invalid' mode to '--signed-tags=<mode>'
fast-import: add 'abort-if-invalid' mode to '--signed-tags=<mode>'
Documentation/git-fast-import.adoc | 9 ++-
builtin/fast-export.c | 15 +---
builtin/fast-import.c | 71 ++++++++++++++---
gpg-interface.c | 2 +
gpg-interface.h | 1 +
t/t9305-fast-import-signatures.sh | 10 ++-
t/t9306-fast-import-signed-tags.sh | 118 +++++++++++++++++++++++++++++
7 files changed, 197 insertions(+), 29 deletions(-)
Range-diff against v1:
-: ---------- > 1: 1dd316e66c fast-export: check for unsupported signing modes earlier
1: 0e9721fa57 ! 2: 7f34a4ccd5 fast-import: add 'abort-if-invalid' mode to '--signed-commits=<mode>'
@@ Documentation/git-fast-import.adoc: already trusted to run their own code.
~~~~~~~~~~~~~~~~~~~~~
## builtin/fast-export.c ##
-@@ builtin/fast-export.c: static void handle_commit(struct commit *commit, struct rev_info *rev,
- die(_("encountered signed commit %s; use "
- "--signed-commits=<mode> to handle it"),
- oid_to_hex(&commit->object.oid));
-+ case SIGN_ABORT_IF_INVALID:
-+ die(_("'abort-if-invalid' is not a valid mode for "
-+ "git fast-export with --signed-commits=<mode>"));
- case SIGN_STRIP_IF_INVALID:
- die(_("'strip-if-invalid' is not a valid mode for "
- "git fast-export with --signed-commits=<mode>"));
-@@ builtin/fast-export.c: static void handle_tag(const char *name, struct tag *tag)
- die(_("encountered signed tag %s; use "
- "--signed-tags=<mode> to handle it"),
- oid_to_hex(&tag->object.oid));
-+ case SIGN_ABORT_IF_INVALID:
-+ die(_("'abort-if-invalid' is not a valid mode for "
-+ "git fast-export with --signed-tags=<mode>"));
- case SIGN_STRIP_IF_INVALID:
- die(_("'strip-if-invalid' is not a valid mode for "
- "git fast-export with --signed-tags=<mode>"));
+@@ builtin/fast-export.c: static int parse_opt_sign_mode(const struct option *opt,
+ return 0;
+
+ if (parse_sign_mode(arg, val, NULL) || (*val == SIGN_STRIP_IF_INVALID) ||
+- (*val == SIGN_SIGN_IF_INVALID))
++ (*val == SIGN_SIGN_IF_INVALID) || (*val == SIGN_ABORT_IF_INVALID))
+ return error(_("unknown %s mode: %s"), opt->long_name, arg);
+
+ return 0;
## builtin/fast-import.c ##
@@ builtin/fast-import.c: static void handle_signature_if_invalid(struct strbuf *new_data,
2: 18c145c630 = 3: adc7289213 fast-import: add 'strip-if-invalid' mode to '--signed-tags=<mode>'
3: 58a8216447 = 4: 47ff0060a8 fast-import: add 'sign-if-invalid' mode to '--signed-tags=<mode>'
4: 83476b8971 = 5: 552fea76ca fast-import: add 'abort-if-invalid' mode to '--signed-tags=<mode>'
--
2.53.0.381.g628a66ccf6
next reply other threads:[~2026-03-26 19:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 19:14 Justin Tobler [this message]
2026-03-26 19:14 ` [PATCH v2 1/5] fast-export: check for unsupported signing modes earlier Justin Tobler
2026-03-26 19:14 ` [PATCH v2 2/5] fast-import: add 'abort-if-invalid' mode to '--signed-commits=<mode>' Justin Tobler
2026-03-26 19:14 ` [PATCH v2 3/5] fast-import: add 'strip-if-invalid' mode to '--signed-tags=<mode>' Justin Tobler
2026-03-26 19:14 ` [PATCH v2 4/5] fast-import: add 'sign-if-invalid' " Justin Tobler
2026-03-26 19:14 ` [PATCH v2 5/5] fast-import: add 'abort-if-invalid' " Justin Tobler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260326191414.3783974-1-jltobler@gmail.com \
--to=jltobler@gmail.com \
--cc=christian.couder@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox