* [PATCH] commit-tree: do not pay attention to commit.gpgsign
@ 2016-05-02 21:58 Junio C Hamano
2016-05-03 4:12 ` Jeff King
0 siblings, 1 reply; 4+ messages in thread
From: Junio C Hamano @ 2016-05-02 21:58 UTC (permalink / raw)
To: git
ba3c69a9 (commit: teach --gpg-sign option, 2011-10-05) introduced a
"signed commit" by teaching --[no-gpg-sign option and commit.gpgsign
configuration variable to various commands that create commits.
Teaching these to "git commit" and "git merge", both of which are
end-user facing Porcelain commands, was perfectly fine. Allowing
the plumbing "git commit-tree" to suddenly change the behaviour to
surprise the scripts by paying attention to commit.gpgsign was not.
Among the in-tree scripts, filter-branch, quiltimport, rebase and
stash are the commands that run "commit-tree". If any of these
wants to allow users to always sign every single commit, they should
offer their own configuration (e.g. "filterBranch..gpgsign") with an
option to disable (e.g. "git filter-branch --no-gpgsign").
Ignoring commit.gpgsign option _obviously_ breaks the backward
compatibility, but I seriously doubt anybody sane is depending on
this misfeature that commit-tree blindly follows commit.gpgsign in
any third-party script that calls it.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
* This is an simpler alternative that forces commit-tree callers
that want to honor commit.gpgsign to do so themselves.
builtin/commit-tree.c | 15 +--------------
1 file changed, 1 insertion(+), 14 deletions(-)
diff --git a/builtin/commit-tree.c b/builtin/commit-tree.c
index 3feeffe..e4ba0d8 100644
--- a/builtin/commit-tree.c
+++ b/builtin/commit-tree.c
@@ -8,7 +8,6 @@
#include "tree.h"
#include "builtin.h"
#include "utf8.h"
-#include "gpg-interface.h"
static const char commit_tree_usage[] = "git commit-tree [(-p <sha1>)...] [-S[<keyid>]] [-m <message>] [-F <file>] <sha1>";
@@ -28,18 +27,6 @@ static void new_parent(struct commit *parent, struct commit_list **parents_p)
commit_list_insert(parent, parents_p);
}
-static int commit_tree_config(const char *var, const char *value, void *cb)
-{
- int status = git_gpg_config(var, value, NULL);
- if (status)
- return status;
- if (!strcmp(var, "commit.gpgsign")) {
- sign_commit = git_config_bool(var, value) ? "" : NULL;
- return 0;
- }
- return git_default_config(var, value, cb);
-}
-
int cmd_commit_tree(int argc, const char **argv, const char *prefix)
{
int i, got_tree = 0;
@@ -48,7 +35,7 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix)
unsigned char commit_sha1[20];
struct strbuf buffer = STRBUF_INIT;
- git_config(commit_tree_config, NULL);
+ git_config(git_default_config, NULL);
if (argc < 2 || !strcmp(argv[1], "-h"))
usage(commit_tree_usage);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] commit-tree: do not pay attention to commit.gpgsign
@ 2016-05-02 21:59 Junio C Hamano
2016-05-03 4:20 ` Eric Sunshine
0 siblings, 1 reply; 4+ messages in thread
From: Junio C Hamano @ 2016-05-02 21:59 UTC (permalink / raw)
To: git
ba3c69a9 (commit: teach --gpg-sign option, 2011-10-05) introduced a
"signed commit" by teaching --[no-gpg-sign option and commit.gpgsign
configuration variable to various commands that create commits.
Teaching these to "git commit" and "git merge", both of which are
end-user facing Porcelain commands, was perfectly fine. Allowing
the plumbing "git commit-tree" to suddenly change the behaviour to
surprise the scripts by paying attention to commit.gpgsign was not.
Among the in-tree scripts, filter-branch, quiltimport, rebase and
stash are the commands that run "commit-tree". If any of these
wants to allow users to always sign every single commit, they should
offer their own configuration (e.g. "filterBranch..gpgsign") with an
option to disable (e.g. "git filter-branch --no-gpgsign").
Ignoring commit.gpgsign option _obviously_ breaks the backward
compatibility, and I seriously doubt anybody sane is depending on
this misfeature that commit-tree blindly follows commit.gpgsign in
any third-party script that calls it, but following the "be careful
when removing (mis)features" tradition, let's give these scripts an
escape hatch. Passing the new --use-commit-gpgsign-config option to
makes it pay attention to the commit.gpgsign configuration again.
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
builtin/commit-tree.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/builtin/commit-tree.c b/builtin/commit-tree.c
index 3feeffe..b023a6b 100644
--- a/builtin/commit-tree.c
+++ b/builtin/commit-tree.c
@@ -10,9 +10,10 @@
#include "utf8.h"
#include "gpg-interface.h"
-static const char commit_tree_usage[] = "git commit-tree [(-p <sha1>)...] [-S[<keyid>]] [-m <message>] [-F <file>] <sha1>";
+static const char commit_tree_usage[] = "git commit-tree [(-p <sha1>)...] [-S[<keyid>]] [--use-commit-gpgsign-config] [-m <message>] [-F <file>] <sha1>";
static const char *sign_commit;
+static const char *config_sign_commit;
static void new_parent(struct commit *parent, struct commit_list **parents_p)
{
@@ -34,7 +35,7 @@ static int commit_tree_config(const char *var, const char *value, void *cb)
if (status)
return status;
if (!strcmp(var, "commit.gpgsign")) {
- sign_commit = git_config_bool(var, value) ? "" : NULL;
+ config_sign_commit = git_config_bool(var, value) ? "" : NULL;
return 0;
}
return git_default_config(var, value, cb);
@@ -42,7 +43,7 @@ static int commit_tree_config(const char *var, const char *value, void *cb)
int cmd_commit_tree(int argc, const char **argv, const char *prefix)
{
- int i, got_tree = 0;
+ int i, got_tree = 0, use_commit_gpgsign_config = 0;
struct commit_list *parents = NULL;
unsigned char tree_sha1[20];
unsigned char commit_sha1[20];
@@ -84,6 +85,11 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix)
continue;
}
+ if (!strcmp(arg, "--use-commit-gpgsign-config")) {
+ use_commit_gpgsign_config = 1;
+ continue;
+ }
+
if (!strcmp(arg, "-F")) {
int fd;
@@ -121,6 +127,9 @@ int cmd_commit_tree(int argc, const char **argv, const char *prefix)
die_errno("git commit-tree: failed to read");
}
+ if (!sign_commit && use_commit_gpgsign_config)
+ sign_commit = config_sign_commit;
+
if (commit_tree(buffer.buf, buffer.len, tree_sha1, parents,
commit_sha1, NULL, sign_commit)) {
strbuf_release(&buffer);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] commit-tree: do not pay attention to commit.gpgsign
2016-05-02 21:58 Junio C Hamano
@ 2016-05-03 4:12 ` Jeff King
0 siblings, 0 replies; 4+ messages in thread
From: Jeff King @ 2016-05-03 4:12 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
On Mon, May 02, 2016 at 02:58:45PM -0700, Junio C Hamano wrote:
> ba3c69a9 (commit: teach --gpg-sign option, 2011-10-05) introduced a
> "signed commit" by teaching --[no-gpg-sign option and commit.gpgsign
> configuration variable to various commands that create commits.
>
> Teaching these to "git commit" and "git merge", both of which are
> end-user facing Porcelain commands, was perfectly fine. Allowing
> the plumbing "git commit-tree" to suddenly change the behaviour to
> surprise the scripts by paying attention to commit.gpgsign was not.
>
> Among the in-tree scripts, filter-branch, quiltimport, rebase and
> stash are the commands that run "commit-tree". If any of these
> wants to allow users to always sign every single commit, they should
> offer their own configuration (e.g. "filterBranch..gpgsign") with an
> option to disable (e.g. "git filter-branch --no-gpgsign").
>
> Ignoring commit.gpgsign option _obviously_ breaks the backward
> compatibility, but I seriously doubt anybody sane is depending on
> this misfeature that commit-tree blindly follows commit.gpgsign in
> any third-party script that calls it.
>
> Signed-off-by: Junio C Hamano <gitster@pobox.com>
> ---
>
> * This is an simpler alternative that forces commit-tree callers
> that want to honor commit.gpgsign to do so themselves.
I don't have any such scripts myself (aside from git-stash, whose
signing behavior is moderately annoying), but I think this simpler form
is fine. There is already an escape hatch for scripts, and it is:
if test "$(git config --bool commit.gpgsign)" = "true"; then
sign=-S
else
sign=
fi
git commit-tree $sign ...
That is a few more lines than "--use-commit-gpgsign-config", but it's
simple enough to be acceptable, and matches the same technique that
other config options need when used with plumbing.
So I think the motivation and premise are good, but...
> -static int commit_tree_config(const char *var, const char *value, void *cb)
> -{
> - int status = git_gpg_config(var, value, NULL);
> - if (status)
> - return status;
> - if (!strcmp(var, "commit.gpgsign")) {
> - sign_commit = git_config_bool(var, value) ? "" : NULL;
> - return 0;
> - }
> - return git_default_config(var, value, cb);
> -}
> -
I think this may be going too far. If I do "git commit-tree -S", I'd
expect it to use gpg.program, but here you are dropping the call to
git_gpg_config. Likewise for user.signingkey.
So I think you just want to drop the commit.gpgsign block here, and keep
the rest.
-Peff
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] commit-tree: do not pay attention to commit.gpgsign
2016-05-02 21:59 [PATCH] commit-tree: do not pay attention to commit.gpgsign Junio C Hamano
@ 2016-05-03 4:20 ` Eric Sunshine
0 siblings, 0 replies; 4+ messages in thread
From: Eric Sunshine @ 2016-05-03 4:20 UTC (permalink / raw)
To: Junio C Hamano; +Cc: Git List
On Mon, May 2, 2016 at 5:59 PM, Junio C Hamano <gitster@pobox.com> wrote:
> ba3c69a9 (commit: teach --gpg-sign option, 2011-10-05) introduced a
> "signed commit" by teaching --[no-gpg-sign option and commit.gpgsign
s/\[no/[no]/
(ditto in the "simpler" patch)
> configuration variable to various commands that create commits.
>
> Teaching these to "git commit" and "git merge", both of which are
> end-user facing Porcelain commands, was perfectly fine. Allowing
> the plumbing "git commit-tree" to suddenly change the behaviour to
> surprise the scripts by paying attention to commit.gpgsign was not.
>
> Among the in-tree scripts, filter-branch, quiltimport, rebase and
> stash are the commands that run "commit-tree". If any of these
> wants to allow users to always sign every single commit, they should
> offer their own configuration (e.g. "filterBranch..gpgsign") with an
> option to disable (e.g. "git filter-branch --no-gpgsign").
>
> Ignoring commit.gpgsign option _obviously_ breaks the backward
> compatibility, and I seriously doubt anybody sane is depending on
> this misfeature that commit-tree blindly follows commit.gpgsign in
> any third-party script that calls it, but following the "be careful
> when removing (mis)features" tradition, let's give these scripts an
> escape hatch. Passing the new --use-commit-gpgsign-config option to
s/to$//
> makes it pay attention to the commit.gpgsign configuration again.
>
> Signed-off-by: Junio C Hamano <gitster@pobox.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-05-03 4:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-02 21:59 [PATCH] commit-tree: do not pay attention to commit.gpgsign Junio C Hamano
2016-05-03 4:20 ` Eric Sunshine
-- strict thread matches above, loose matches on Subject: below --
2016-05-02 21:58 Junio C Hamano
2016-05-03 4:12 ` Jeff King
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).