* [PATCH] gpg-interface: Look up signing keys with only email address
@ 2024-03-05 2:08 Marco Sirabella
2024-03-05 5:20 ` Junio C Hamano
0 siblings, 1 reply; 3+ messages in thread
From: Marco Sirabella @ 2024-03-05 2:08 UTC (permalink / raw)
To: git; +Cc: Marco Sirabella
Sometimes gpg signing key UIDs include a comment between the name and
parenthesis in the form of:
John Smith (example) jsmith@example.com
There's no way for git to find signing keys associated with just these
UIDs, so look up a partial match on the email only.
Signed-off-by: Marco Sirabella <marco@sirabella.org>
---
gpg-interface.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gpg-interface.c b/gpg-interface.c
index 95e764acb1..3c303e05bd 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -922,7 +922,7 @@ const char *get_signing_key(void)
return use_format->get_default_key();
}
- return git_committer_info(IDENT_STRICT | IDENT_NO_DATE);
+ return git_committer_info(IDENT_NO_NAME | IDENT_STRICT | IDENT_NO_DATE);
}
const char *gpg_trust_level_to_str(enum signature_trust_level level)
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] gpg-interface: Look up signing keys with only email address
2024-03-05 2:08 [PATCH] gpg-interface: Look up signing keys with only email address Marco Sirabella
@ 2024-03-05 5:20 ` Junio C Hamano
2024-03-05 7:53 ` Marco Sirabella
0 siblings, 1 reply; 3+ messages in thread
From: Junio C Hamano @ 2024-03-05 5:20 UTC (permalink / raw)
To: Marco Sirabella; +Cc: git
Marco Sirabella <marco@sirabella.org> writes:
> Sometimes gpg signing key UIDs include a comment between the name and
> parenthesis in the form of:
>
> John Smith (example) jsmith@example.com
>
> There's no way for git to find signing keys associated with just these
> UIDs, so look up a partial match on the email only.
This codepath is about finding the key for the current user who is
in control of what committer is found by the git_committer_info()
call, no? It is not like we are finding the key that corresponds to
a random name and e-mail address on "From:" line, right?
Assuming that it is the case, it is unclear where the claim "There's
no way for git to find" comes from. It isn't a statement that is so
obviously true, at least to me, without some explanation.
> - return git_committer_info(IDENT_STRICT | IDENT_NO_DATE);
> + return git_committer_info(IDENT_NO_NAME | IDENT_STRICT | IDENT_NO_DATE);
With this change, those who use more than one identities associated
with the same e-mail address, but different human-readable names,
will get their workflow broken, won't they?
They may be using "Will <a@dd.re.ss>" when they work on a project,
while using "Bill <a@dd.re.ss>" for another project, configured via
their .git/config in the repositories used for these two projects.
And each name+address combination they have may map to a distinct
GPG key, used to sign for each project. With this change, since the
call no longer returns the name they were using to differentiate the
two keys, one of the projects they manage would lose out, no?
In general, there may be more than one signing keys that correspond
to a given human user, and the user may choose a specific key based
on what project the signatures are made for, and in such a case,
with or without the proposed change, the fallback code based on the
git_committer_info() is an unreliable way to specify the key to be
used, especially for an action as important as cryptographic
signing. I have always assumed that people use something like this
in practice:
$ git config user.signingkey = 955980DA!
that can be used to more reliably identify a specific key in their
keyring, among the ones associated with similar identifiers meant
for human consumption such as name/e-mail pairs.
So, I am not convinced that the patch is trying to address the right
problem, and I have a mild suspicion that the proposed solution to
tweak NO_NAME may simply be robbing Peter to pay Paul. If you have
named your GPG key in your keyring with a name-email pair that is
different from how you configured your committer identity, the right
solution for such a case already exists in the form of user.signingkey
configuration variable already.
Thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] gpg-interface: Look up signing keys with only email address
2024-03-05 5:20 ` Junio C Hamano
@ 2024-03-05 7:53 ` Marco Sirabella
0 siblings, 0 replies; 3+ messages in thread
From: Marco Sirabella @ 2024-03-05 7:53 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
> > Sometimes gpg signing key UIDs include a comment between the name and
> > parenthesis in the form of:
> >
> > John Smith (example) jsmith@example.com
> >
> > There's no way for git to find signing keys associated with just these
> > UIDs, so look up a partial match on the email only.
>
> This codepath is about finding the key for the current user who is
> in control of what committer is found by the git_committer_info()
> call, no? It is not like we are finding the key that corresponds to
> a random name and e-mail address on "From:" line, right?
>
> Assuming that it is the case, it is unclear where the claim "There's
> no way for git to find" comes from. It isn't a statement that is so
> obviously true, at least to me, without some explanation.
Hi, yeah. This statement was in referral to specifically gpg UIDs with
comments, the parenthetical that finds itself between the full name &
email.
A workaround could be to set the committer name to "Full Name (comment)"
but that would end up being embedded in the git committer info too.
> > - return git_committer_info(IDENT_STRICT | IDENT_NO_DATE);
> > + return git_committer_info(IDENT_NO_NAME | IDENT_STRICT | IDENT_NO_DATE);
>
> With this change, those who use more than one identities associated
> with the same e-mail address, but different human-readable names,
> will get their workflow broken, won't they?
>
> They may be using "Will <a@dd.re.ss>" when they work on a project,
> while using "Bill <a@dd.re.ss>" for another project, configured via
> their .git/config in the repositories used for these two projects.
> And each name+address combination they have may map to a distinct
> GPG key, used to sign for each project. With this change, since the
> call no longer returns the name they were using to differentiate the
> two keys, one of the projects they manage would lose out, no?
This is true, yes. This is a backwards incompatible change and if you
think there's a reasonable / used use case for multiple GPG keys with
the same emails but different names then yeah, this commit breaks that
workflow.
But also as you've mentioned user.signingkey is a very easy workaround
to resolve this.
> So, I am not convinced that the patch is trying to address the right
> problem, and I have a mild suspicion that the proposed solution to
> tweak NO_NAME may simply be robbing Peter to pay Paul. If you have
> named your GPG key in your keyring with a name-email pair that is
> different from how you configured your committer identity, the right
> solution for such a case already exists in the form of user.signingkey
> configuration variable already.
I currently have a GPG key in my keyring with an identical name-email
pair to my git committer info, but it has an *additional* gpg UID
comment that introdues text within parenthesis that falls between the
owner full name & email and results in git's key lookup not working.
I appreciate the swift response!
--
Marco Sirabella
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-03-05 7:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-03-05 2:08 [PATCH] gpg-interface: Look up signing keys with only email address Marco Sirabella
2024-03-05 5:20 ` Junio C Hamano
2024-03-05 7:53 ` Marco Sirabella
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox