From ba3c69a9ee1894de397b60d3b548383e13ef49e3 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Wed, 5 Oct 2011 17:23:20 -0700 Subject: commit: teach --gpg-sign option This uses the gpg-interface.[ch] to allow signing the commit, i.e. $ git commit --gpg-sign -m foo You need a passphrase to unlock the secret key for user: "Junio C Hamano " 4096-bit RSA key, ID 96AFE6CB, created 2011-10-03 (main key ID 713660A7) [master 8457d13] foo 1 files changed, 1 insertions(+), 0 deletions(-) The lines of GPG detached signature are placed in a new multi-line header field, instead of tucking the signature block at the end of the commit log message text (similar to how signed tag is done), for multiple reasons: - The signature won't clutter output from "git log" and friends if it is in the extra header. If we place it at the end of the log message, we would need to teach "git log" and friends to strip the signature block with an option. - Teaching new versions of "git log" and "gitk" to optionally verify and show signatures is cleaner if we structurally know where the signature block is (instead of scanning in the commit log message). - The signature needs to be stripped upon various commit rewriting operations, e.g. rebase, filter-branch, etc. They all already ignore unknown headers, but if we place signature in the log message, all of these tools (and third-party tools) also need to learn how a signature block would look like. - When we added the optional encoding header, all the tools (both in tree and third-party) that acts on the raw commit object should have been fixed to ignore headers they do not understand, so it is not like that new header would be more likely to break than extra text in the commit. A commit made with the above sample sequence would look like this: $ git cat-file commit HEAD tree 3cd71d90e3db4136e5260ab54599791c4f883b9d parent b87755351a47b09cb27d6913e6e0e17e6254a4d4 author Junio C Hamano 1317862251 -0700 committer Junio C Hamano 1317862251 -0700 gpgsig -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJOjPtrAAoJELC16IaWr+bL4TMP/RSe2Y/jYnCkds9unO5JEnfG ... =dt98 -----END PGP SIGNATURE----- foo but "git log" (unless you ask for it with --pretty=raw) output is not cluttered with the signature information. Signed-off-by: Junio C Hamano --- commit.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'commit.h') diff --git a/commit.h b/commit.h index 3745f12099..d2c3e650b1 100644 --- a/commit.h +++ b/commit.h @@ -193,11 +193,11 @@ extern void append_merge_tag_headers(struct commit_list *parents, extern int commit_tree(const char *msg, unsigned char *tree, struct commit_list *parents, unsigned char *ret, - const char *author); + const char *author, const char *sign_commit); extern int commit_tree_extended(const char *msg, unsigned char *tree, struct commit_list *parents, unsigned char *ret, - const char *author, + const char *author, const char *sign_commit, struct commit_extra_header *); extern struct commit_extra_header *read_commit_extra_headers(struct commit *); -- cgit v1.2.3 From 0c37f1fce6cb7997dbb2703d35eef0dfd86c5070 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Tue, 18 Oct 2011 15:53:23 -0700 Subject: log: --show-signature This teaches the "log" family of commands to pass the GPG signature in the commit objects to "gpg --verify" via the verify_signed_buffer() interface used to verify signed tag objects. E.g. $ git show --show-signature -s HEAD shows GPG output in the header part of the output. Signed-off-by: Junio C Hamano --- commit.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'commit.h') diff --git a/commit.h b/commit.h index d2c3e650b1..61076486df 100644 --- a/commit.h +++ b/commit.h @@ -218,4 +218,6 @@ struct merge_remote_desc { */ struct commit *get_merge_parent(const char *name); +extern int parse_signed_commit(const unsigned char *sha1, + struct strbuf *message, struct strbuf *signature); #endif /* COMMIT_H */ -- cgit v1.2.3 From c871a1d17b8433d98df59b03da5538f10c4ae52c Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Thu, 5 Jan 2012 10:54:14 -0800 Subject: commit --amend -S: strip existing gpgsig headers Any existing commit signature was made against the contents of the old commit, including its committer date that is about to change, and will become invalid by amending it. Signed-off-by: Junio C Hamano --- commit.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'commit.h') diff --git a/commit.h b/commit.h index 61076486df..123aea3a7c 100644 --- a/commit.h +++ b/commit.h @@ -200,8 +200,8 @@ extern int commit_tree_extended(const char *msg, unsigned char *tree, const char *author, const char *sign_commit, struct commit_extra_header *); -extern struct commit_extra_header *read_commit_extra_headers(struct commit *); -extern struct commit_extra_header *read_commit_extra_header_lines(const char *buf, size_t len); +extern struct commit_extra_header *read_commit_extra_headers(struct commit *, const char **); +extern struct commit_extra_header *read_commit_extra_header_lines(const char *buf, size_t len, const char **); extern void free_commit_extra_headers(struct commit_extra_header *extra); -- cgit v1.2.3