git@vger.kernel.org mailing list mirror (one of many)
 help / Atom feed
From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: "NELSON, JOSHUA Y" <jynelson@email.sc.edu>
Cc: "git@vger.kernel.org" <git@vger.kernel.org>
Subject: Re: [Feature request] Add config option to gpgsign IFF key is present
Date: Sun, 11 Mar 2018 17:21:42 +0000
Message-ID: <20180311172142.GA249931@genre.crustytoothpaste.net> (raw)
In-Reply-To: <CY1PR02MB13991271133B3A6BD334328DF4DD0@CY1PR02MB1399.namprd02.prod.outlook.com>

[-- Attachment #1: Type: text/plain, Size: 1586 bytes --]

On Sat, Mar 10, 2018 at 03:28:43PM +0000, NELSON, JOSHUA Y wrote:
> Currently, `commit.gpgsign` allows you to give either 'true' or 'false' as a value. If the key is not present, commits will fail:
> 
> ```sh
> $ git commit -m "example"
> error: gpg failed to sign the data
> fatal: failed to write commit object
> ```
> 
> I like to reuse my config file across several machines, some of which do not have my GPG key. Would it be possible to add an option to sign the commit only if the private key for `user.signingkey` is present? It could be named something like `commit.gpgsign=default-yes`.

Unfortunately, this isn't always possible.  You can forward the Unix
socket for the agent over an SSH connection, at which point the remote
machine has the ability to sign, but the gpg client doesn't list those
as existing secret keys in its output (because technically, those keys
don't exist on the remote system).  I use this technique at work, for
example, to sign things on my development VM.

It might be possible to make the failure of the signing operation not be
fatal in this case, although that could cause people to fail to sign due
to transient failures even when the key is present on the system.

I usually handle this by storing my main configuration in ~/.gitconfig
and on machines where I have a key, additionally having a
~/.config/git/config file that contains the commit.gpgsign entry.
-- 
brian m. carlson / brian with sandals: Houston, Texas, US
https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 867 bytes --]

  reply index

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-10 15:28 NELSON, JOSHUA Y
2018-03-11 17:21 ` brian m. carlson [this message]
2018-03-11 23:46   ` Joshua Nelson

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180311172142.GA249931@genre.crustytoothpaste.net \
    --to=sandals@crustytoothpaste.net \
    --cc=git@vger.kernel.org \
    --cc=jynelson@email.sc.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

git@vger.kernel.org mailing list mirror (one of many)

Archives are clonable:
	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://ou63pmih66umazou.onion/inbox.comp.version-control.git
	nntp://czquwvybam4bgbro.onion/inbox.comp.version-control.git
	nntp://hjrcffqmbrq6wope.onion/inbox.comp.version-control.git
	nntp://news.gmane.org/gmane.comp.version-control.git

 note: .onion URLs require Tor: https://www.torproject.org/
       or Tor2web: https://www.tor2web.org/

AGPL code for this site: git clone https://public-inbox.org/ public-inbox