* [Feature request] Add config option to gpgsign IFF key is present @ 2018-03-10 15:28 NELSON, JOSHUA Y 2018-03-11 17:21 ` brian m. carlson 0 siblings, 1 reply; 3+ messages in thread From: NELSON, JOSHUA Y @ 2018-03-10 15:28 UTC (permalink / raw) To: git@vger.kernel.org Currently, `commit.gpgsign` allows you to give either 'true' or 'false' as a value. If the key is not present, commits will fail: ```sh $ git commit -m "example" error: gpg failed to sign the data fatal: failed to write commit object ``` I like to reuse my config file across several machines, some of which do not have my GPG key. Would it be possible to add an option to sign the commit only if the private key for `user.signingkey` is present? It could be named something like `commit.gpgsign=default-yes`. Thank you for your time, Joshua Nelson ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Feature request] Add config option to gpgsign IFF key is present 2018-03-10 15:28 [Feature request] Add config option to gpgsign IFF key is present NELSON, JOSHUA Y @ 2018-03-11 17:21 ` brian m. carlson 2018-03-11 23:46 ` Joshua Nelson 0 siblings, 1 reply; 3+ messages in thread From: brian m. carlson @ 2018-03-11 17:21 UTC (permalink / raw) To: NELSON, JOSHUA Y; +Cc: git@vger.kernel.org [-- Attachment #1: Type: text/plain, Size: 1586 bytes --] On Sat, Mar 10, 2018 at 03:28:43PM +0000, NELSON, JOSHUA Y wrote: > Currently, `commit.gpgsign` allows you to give either 'true' or 'false' as a value. If the key is not present, commits will fail: > > ```sh > $ git commit -m "example" > error: gpg failed to sign the data > fatal: failed to write commit object > ``` > > I like to reuse my config file across several machines, some of which do not have my GPG key. Would it be possible to add an option to sign the commit only if the private key for `user.signingkey` is present? It could be named something like `commit.gpgsign=default-yes`. Unfortunately, this isn't always possible. You can forward the Unix socket for the agent over an SSH connection, at which point the remote machine has the ability to sign, but the gpg client doesn't list those as existing secret keys in its output (because technically, those keys don't exist on the remote system). I use this technique at work, for example, to sign things on my development VM. It might be possible to make the failure of the signing operation not be fatal in this case, although that could cause people to fail to sign due to transient failures even when the key is present on the system. I usually handle this by storing my main configuration in ~/.gitconfig and on machines where I have a key, additionally having a ~/.config/git/config file that contains the commit.gpgsign entry. -- brian m. carlson / brian with sandals: Houston, Texas, US https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 867 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Feature request] Add config option to gpgsign IFF key is present 2018-03-11 17:21 ` brian m. carlson @ 2018-03-11 23:46 ` Joshua Nelson 0 siblings, 0 replies; 3+ messages in thread From: Joshua Nelson @ 2018-03-11 23:46 UTC (permalink / raw) To: brian m. carlson; +Cc: git@vger.kernel.org [-- Attachment #1: Type: text/plain, Size: 1902 bytes --] I like having machine-specific config in ~/.config/git, I think I'll do that. I didn't realize you could forward gpg-agent over a connection, I may look further into that. Thanks for the help! Joshua Nelson On Sunday, March 11, 2018 17:21:42 EDT brian m. carlson wrote: > On Sat, Mar 10, 2018 at 03:28:43PM +0000, NELSON, JOSHUA Y wrote: > > Currently, `commit.gpgsign` allows you to give either 'true' or 'false' as > > a value. If the key is not present, commits will fail: > > > > ```sh > > $ git commit -m "example" > > error: gpg failed to sign the data > > fatal: failed to write commit object > > ``` > > > > I like to reuse my config file across several machines, some of which do > > not have my GPG key. Would it be possible to add an option to sign the > > commit only if the private key for `user.signingkey` is present? It could > > be named something like `commit.gpgsign=default-yes`. > Unfortunately, this isn't always possible. You can forward the Unix > socket for the agent over an SSH connection, at which point the remote > machine has the ability to sign, but the gpg client doesn't list those > as existing secret keys in its output (because technically, those keys > don't exist on the remote system). I use this technique at work, for > example, to sign things on my development VM. > > It might be possible to make the failure of the signing operation not be > fatal in this case, although that could cause people to fail to sign due > to transient failures even when the key is present on the system. > > I usually handle this by storing my main configuration in ~/.gitconfig > and on machines where I have a key, additionally having a > ~/.config/git/config file that contains the commit.gpgsign entry. > -- > brian m. carlson / brian with sandals: Houston, Texas, US > https://www.crustytoothpaste.net/~bmc | My opinion only > OpenPGP: https://keybase.io/bk2204 [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-03-11 23:47 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-03-10 15:28 [Feature request] Add config option to gpgsign IFF key is present NELSON, JOSHUA Y 2018-03-11 17:21 ` brian m. carlson 2018-03-11 23:46 ` Joshua Nelson
Code repositories for project(s) associated with this public inbox https://80x24.org/mirrors/git.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).