From: Patrick Steinhardt <ps@pks.im>
To: Justin Tobler <jltobler@gmail.com>
Cc: git@vger.kernel.org, sandals@crustytoothpaste.net,
christian.couder@gmail.com, gitster@pobox.com
Subject: Re: [PATCH v4 3/3] fast-import: add mode to sign commits with invalid signatures
Date: Thu, 12 Mar 2026 11:23:01 +0100 [thread overview]
Message-ID: <abKUBRRgRmbJ1hRA@pks.im> (raw)
In-Reply-To: <20260311173147.2336432-4-jltobler@gmail.com>
On Wed, Mar 11, 2026 at 12:31:47PM -0500, Justin Tobler wrote:
> diff --git a/builtin/fast-import.c b/builtin/fast-import.c
> index b8a7757cfd..d6281ff119 100644
> --- a/builtin/fast-import.c
> +++ b/builtin/fast-import.c
> @@ -2865,6 +2855,66 @@ static void handle_strip_if_invalid(struct strbuf *new_data,
> else
> warning(_("stripping invalid signature for commit\n"
> " allegedly by %s"), signer);
> + break;
> + case SIGN_SIGN_IF_INVALID:
> + if (subject_len > 100)
> + warning(_("signing commit with invalid signature for '%.100s...'\n"
> + " allegedly by %s"), subject, signer);
> + else if (subject_len > 0)
> + warning(_("signing commit with invalid signature for '%.*s'\n"
> + " allegedly by %s"), subject_len, subject, signer);
> + else
> + warning(_("signing commit with invalid signature\n"
> + " allegedly by %s"), signer);
> + break;
> + default:
> + BUG("unsupported signing mode");
> + }
> +}
I'm still not convinced that it makes sense to warn about this case.
After all the user has asked us to re-sign such commits, so they
probably expect such cases. These warnings would thus result in a ton of
noise in a repository where most commits are signed, drowning out the
potentially-useful warnings.
Anyway, I won't insist on a change here.
> +static void handle_signature_if_invalid(struct strbuf *new_data,
> + struct signature_data *sig_sha1,
> + struct signature_data *sig_sha256,
> + struct strbuf *msg,
> + enum sign_mode mode)
> +{
> + struct strbuf tmp_buf = STRBUF_INIT;
> + struct signature_check signature_check = { 0 };
> + int ret;
> +
> + /* Check signature in a temporary commit buffer */
> + strbuf_addbuf(&tmp_buf, new_data);
> + finalize_commit_buffer(&tmp_buf, sig_sha1, sig_sha256, msg);
> + ret = verify_commit_buffer(tmp_buf.buf, tmp_buf.len, &signature_check);
> +
> + if (ret) {
> + warn_invalid_signature(&signature_check, msg->buf, mode);
> +
> + if (mode == SIGN_SIGN_IF_INVALID) {
> + struct strbuf signature = STRBUF_INIT;
> + struct strbuf payload = STRBUF_INIT;
> +
> + /*
> + * NEEDSWORK: To properly support interoperability mode
> + * when signing commit signatures, the commit buffer
> + * must be provided in both the repository and
> + * compatibility object formats. As currently
> + * implemented, only the repository object format is
> + * considered meaning compatibility signatures cannot be
> + * generated. Thus, attempting to sign commit signatures
> + * in interoperability mode is currently unsupported.
> + */
> + if (the_repository->compat_hash_algo)
> + die(_("signing signatures in interoperability mode is unsupported"));
"signing signatures"? You probably meant "signing commits"?
Patrick
next prev parent reply other threads:[~2026-03-12 10:23 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-23 19:41 [PATCH 0/2] fast-import: add mode to re-sign invalid commit signatures Justin Tobler
2026-02-23 19:41 ` [PATCH 1/2] commit: remove unused forward declaration Justin Tobler
2026-02-24 9:35 ` Patrick Steinhardt
2026-02-23 19:41 ` [PATCH 2/2] fast-import: add mode to re-sign invalid commit signatures Justin Tobler
2026-02-24 9:33 ` Patrick Steinhardt
2026-02-24 18:33 ` Justin Tobler
2026-02-24 13:40 ` [PATCH 0/2] " Christian Couder
2026-02-24 22:41 ` brian m. carlson
2026-02-24 22:45 ` Junio C Hamano
2026-03-02 22:49 ` Justin Tobler
2026-03-06 20:53 ` [PATCH v2 0/3] " Justin Tobler
2026-03-06 20:53 ` [PATCH v2 1/3] commit: remove unused forward declaration Justin Tobler
2026-03-06 20:53 ` [PATCH v2 2/3] gpg-interface: introduce sign_buffer_with_key() Justin Tobler
2026-03-10 9:01 ` Christian Couder
2026-03-10 18:04 ` Justin Tobler
2026-03-06 20:53 ` [PATCH v2 3/3] fast-import: add mode to re-sign invalid commit signatures Justin Tobler
2026-03-10 9:27 ` Christian Couder
2026-03-10 18:09 ` Justin Tobler
2026-03-10 20:11 ` [PATCH v3 0/3] " Justin Tobler
2026-03-10 20:11 ` [PATCH v3 1/3] commit: remove unused forward declaration Justin Tobler
2026-03-10 22:29 ` Junio C Hamano
2026-03-10 20:11 ` [PATCH v3 2/3] gpg-interface: introduce sign_buffer_with_key() Justin Tobler
2026-03-10 22:33 ` Junio C Hamano
2026-03-10 20:11 ` [PATCH v3 3/3] fast-import: add mode to re-sign invalid commit signatures Justin Tobler
2026-03-10 20:49 ` [PATCH v3 0/3] " Junio C Hamano
2026-03-10 21:06 ` Justin Tobler
2026-03-10 21:20 ` Junio C Hamano
2026-03-10 22:13 ` Justin Tobler
2026-03-10 22:39 ` Junio C Hamano
2026-03-10 23:03 ` Justin Tobler
2026-03-11 17:31 ` [PATCH v4 " Justin Tobler
2026-03-11 17:31 ` [PATCH v4 1/3] commit: remove unused forward declaration Justin Tobler
2026-03-11 17:31 ` [PATCH v4 2/3] gpg-interface: introduce sign_buffer_with_key() Justin Tobler
2026-03-12 10:22 ` Patrick Steinhardt
2026-03-12 13:58 ` Justin Tobler
2026-03-11 17:31 ` [PATCH v4 3/3] fast-import: add mode to sign commits with invalid signatures Justin Tobler
2026-03-12 10:23 ` Patrick Steinhardt [this message]
2026-03-12 14:08 ` Justin Tobler
2026-03-12 14:22 ` Patrick Steinhardt
2026-03-12 17:21 ` Justin Tobler
2026-03-12 19:22 ` [PATCH v5 0/3] fast-import: add mode to re-sign invalid commit signatures Justin Tobler
2026-03-12 19:22 ` [PATCH v5 1/3] commit: remove unused forward declaration Justin Tobler
2026-03-12 19:22 ` [PATCH v5 2/3] gpg-interface: allow sign_buffer() to use default signing key Justin Tobler
2026-03-12 20:20 ` Junio C Hamano
2026-03-12 20:24 ` Justin Tobler
2026-03-12 19:22 ` [PATCH v5 3/3] fast-import: add mode to sign commits with invalid signatures Justin Tobler
2026-03-12 20:20 ` Junio C Hamano
2026-03-12 20:29 ` Justin Tobler
2026-03-12 23:58 ` Jeff King
2026-03-13 0:17 ` Justin Tobler
2026-03-12 20:20 ` [PATCH v5 0/3] fast-import: add mode to re-sign invalid commit signatures Junio C Hamano
2026-03-12 20:30 ` Justin Tobler
2026-03-13 1:39 ` [PATCH v6 " Justin Tobler
2026-03-13 1:39 ` [PATCH v6 1/3] commit: remove unused forward declaration Justin Tobler
2026-03-13 1:39 ` [PATCH v6 2/3] gpg-interface: allow sign_buffer() to use default signing key Justin Tobler
2026-03-13 6:31 ` Patrick Steinhardt
2026-03-13 1:39 ` [PATCH v6 3/3] fast-import: add mode to sign commits with invalid signatures Justin Tobler
2026-03-13 6:31 ` Patrick Steinhardt
2026-03-13 4:29 ` [PATCH v6 0/3] fast-import: add mode to re-sign invalid commit signatures Junio C Hamano
2026-03-13 6:31 ` Patrick Steinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abKUBRRgRmbJ1hRA@pks.im \
--to=ps@pks.im \
--cc=christian.couder@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jltobler@gmail.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox