git rev-list fails to verify ssh-signed commits (but git log works)

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Max Gautier <max.gautier@redhat.com>
To: git@vger.kernel.org
Subject: git rev-list fails to verify ssh-signed commits (but git log works)
Date: Wed, 8 Feb 2023 16:56:53 +0100	[thread overview]
Message-ID: <Y+PGRaiTTaZ/DtlJ@work-laptop-max> (raw)

Hi.

I was trying to implement a pre-push hook to verify my commits are
properly signed before pushing them, and stumbled upon the following
output (which looks like a bug to me):

$ git rev-list @{u}..HEAD --format='%G? %H'
commit 9497d347b048dbea7f527624f815f7926594c4bc
error: gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification
N 9497d347b048dbea7f527624f815f7926594c4bc
commit 2466c5b3c0f2053b3cdadf4af299aab35e74aa0c
error: gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification
N 2466c5b3c0f2053b3cdadf4af299aab35e74aa0c
commit ded83bc7f31df14b2e9a8d7bdfa1e95eee2bf5c1
error: gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification
N ded83bc7f31df14b2e9a8d7bdfa1e95eee2bf5c1
commit 16d17277c608d995ad4d0b495d029c753509930c
error: gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification
N 16d17277c608d995ad4d0b495d029c753509930c

While git log works and is able to retrieve the signatures

$ git log @{u}..HEAD --format='%G? %H'
G 9497d347b048dbea7f527624f815f7926594c4bc
G 2466c5b3c0f2053b3cdadf4af299aab35e74aa0c
G ded83bc7f31df14b2e9a8d7bdfa1e95eee2bf5c1
G 16d17277c608d995ad4d0b495d029c753509930c

I get the error even though I have the following config :
$ git config --list | grep 'allowed'
gpg.ssh.allowedsignersfile=~/.config/git/MY_SIGNER_KEYS
# by the way the actual config entry in ~/.config/git/config is
# 
#[gpg "ssh"]
#	allowedSignersFile = ~/.config/git/MY_SIGNER_KEYS

$ cat ~/.config/git/MY_SIGNER_KEYS
mg@max.gautier.name,max.gautier@redhat.com sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIL3W2Y4eAF92ySEW6ZE7d8Q+GXvP2G5quvN0zM+f1jGUAAAAB3NzaDphbGw=
mg@max.gautier.name,max.gautier@redhat.com sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGBP0XfpNXRoFBIW9uEgfnCrrjgvzxr0taOYy0A03DtKAAAABHNzaDo=

Am I missing something obvious ? Or is it git rev-list running in such a
context than it can't find the allowedSignersFile ?

Thanks

-- 
Max Gautier
Software Engineer, Open Services Group, Emerging Technologies
Red Hat
max.gautier@redhat.com

next             reply	other threads:[~2023-02-08 15:58 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-08 15:56 Max Gautier [this message]
2023-02-08 16:43 ` git rev-list fails to verify ssh-signed commits (but git log works) Jeff King
2023-02-08 17:56   ` Junio C Hamano
2023-02-08 18:20     ` Junio C Hamano
2023-02-08 20:31       ` [PATCH] gpg-interface: lazily initialize and read the configuration Junio C Hamano
2023-02-09  0:17         ` Ævar Arnfjörð Bjarmason
2023-02-09  2:05           ` Junio C Hamano
2023-02-09  2:24             ` Ævar Arnfjörð Bjarmason
2023-02-09 12:49         ` Jeff King
2023-02-09 16:38           ` Junio C Hamano
2023-02-09 20:24             ` [PATCH v2] " Junio C Hamano
2023-02-26 22:40               ` Jeff King
2023-02-27 16:00                 ` Junio C Hamano
2023-03-08  8:34                 ` Ævar Arnfjörð Bjarmason
2023-03-09  3:28                   ` Jeff King
2023-03-09 17:03                     ` Junio C Hamano
2023-03-10  9:01                       ` Jeff King
2023-02-09 12:41     ` git rev-list fails to verify ssh-signed commits (but git log works) Jeff King
2023-02-09 16:44       ` Junio C Hamano
2023-02-08 17:00 ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y+PGRaiTTaZ/DtlJ@work-laptop-max \
    --to=max.gautier@redhat.com \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).