Re: git rev-list fails to verify ssh-signed commits (but git log works)

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jeff King <peff@peff.net>
To: Max Gautier <max.gautier@redhat.com>
Cc: git@vger.kernel.org
Subject: Re: git rev-list fails to verify ssh-signed commits (but git log works)
Date: Wed, 8 Feb 2023 11:43:57 -0500	[thread overview]
Message-ID: <Y+PRTYtFDoE73XEM@coredump.intra.peff.net> (raw)
In-Reply-To: <Y+PGRaiTTaZ/DtlJ@work-laptop-max>

On Wed, Feb 08, 2023 at 04:56:53PM +0100, Max Gautier wrote:

> I was trying to implement a pre-push hook to verify my commits are
> properly signed before pushing them, and stumbled upon the following
> output (which looks like a bug to me):
> 
> $ git rev-list @{u}..HEAD --format='%G? %H'
> commit 9497d347b048dbea7f527624f815f7926594c4bc
> error: gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification
>
> [...]
>
> While git log works and is able to retrieve the signatures

Yeah, I think this is a bug. The issue is that not every command loads
the config callback for every config option. This is how we
traditionally implemented the split between porcelain and plumbing
(e.g., user-facing "git diff" will parse and respect "color.diff", but
the scriptable "git diff-files" would not).

In this case, the gpg config has been pushed to its own handler, and a
few specific commands (like git-log) call it. I don't know if there is a
good reason to avoid loading the config in plumbing, or if it was simply
cargo-culted.

I didn't test, but I suspect the patch below would fix your problem:

diff --git a/config.c b/config.c
index 00090a32fc..7ac9f1f5bc 100644
--- a/config.c
+++ b/config.c
@@ -1881,6 +1881,14 @@ int git_default_config(const char *var, const char *value, void *cb)
 	if (starts_with(var, "core."))
 		return git_default_core_config(var, value, cb);
 
+	/*
+	 * yikes, this needs to come early in the function because it
+	 * also handles user.signingkey, which would otherwise get
+	 * shunted to git_ident_config() below
+	 */
+	if (git_gpg_config(var, value, cb) < 0)
+		return -1;
+
 	if (starts_with(var, "user.") ||
 	    starts_with(var, "author.") ||
 	    starts_with(var, "committer."))

but it would need a bit more work:

  1. Somebody would need to dig into the reasons, if any, for not
     calling git_gpg_config() everywhere. It might be fine, but there
     may be a good reason which we're now violating. Digging in the
     history and looking at the code might yield some hints.

  2. The individual calls to git_gpg_config() in other programs should
     go away.

  3. It's possible some refactoring may let us avoid the "yikes" comment
     above (e.g., should user.signingkey just go into the normal ident
     config handler?).

-Peff

next prev parent reply	other threads:[~2023-02-08 16:44 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-08 15:56 git rev-list fails to verify ssh-signed commits (but git log works) Max Gautier
2023-02-08 16:43 ` Jeff King [this message]
2023-02-08 17:56   ` Junio C Hamano
2023-02-08 18:20     ` Junio C Hamano
2023-02-08 20:31       ` [PATCH] gpg-interface: lazily initialize and read the configuration Junio C Hamano
2023-02-09  0:17         ` Ævar Arnfjörð Bjarmason
2023-02-09  2:05           ` Junio C Hamano
2023-02-09  2:24             ` Ævar Arnfjörð Bjarmason
2023-02-09 12:49         ` Jeff King
2023-02-09 16:38           ` Junio C Hamano
2023-02-09 20:24             ` [PATCH v2] " Junio C Hamano
2023-02-26 22:40               ` Jeff King
2023-02-27 16:00                 ` Junio C Hamano
2023-03-08  8:34                 ` Ævar Arnfjörð Bjarmason
2023-03-09  3:28                   ` Jeff King
2023-03-09 17:03                     ` Junio C Hamano
2023-03-10  9:01                       ` Jeff King
2023-02-09 12:41     ` git rev-list fails to verify ssh-signed commits (but git log works) Jeff King
2023-02-09 16:44       ` Junio C Hamano
2023-02-08 17:00 ` Junio C Hamano

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:00090a32f dfblob:7ac9f1f5b )
 OR (
bs:"Re: git rev-list fails to verify ssh-signed commits (but git log works)" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y+PRTYtFDoE73XEM@coredump.intra.peff.net \
    --to=peff@peff.net \
    --cc=git@vger.kernel.org \
    --cc=max.gautier@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).