Skip to content

[WIP] Support GPG-signing commits#966

Closed
tommyip wants to merge 3 commits into
arxanas:masterfrom
tommyip:gpg-signing
Closed

[WIP] Support GPG-signing commits#966
tommyip wants to merge 3 commits into
arxanas:masterfrom
tommyip:gpg-signing

Conversation

@tommyip
Copy link
Copy Markdown

@tommyip tommyip commented Jun 14, 2023
edited
Loading

This is a work in progress, just wanted to publish it early to gather some feedback.

TODO:

  • git record (calls git commit directly so signing already works in master, added new flags to override keyid or disable signing)
  • git amend
  • git move
    • in-memory
    • on-disk
  • git sync
  • git restack
  • git reword
  • git test
    git branchless snapshot create

Also looking in ways to write integration tests for this. Generating keys through gpg and using them in tests seems a bit cumbersome.

Fixes #465

@arxanas
Copy link
Copy Markdown
Owner

arxanas commented Jun 19, 2023

Thanks for looking into it!

git branchless snapshot create

We shouldn't need/want to sign snapshot commits (although you can if it's easier). These are just meant to store the working copy state to either attach to a real commit later (which would be signed at that time) or to restore the working copy state (which doesn't need to be signed).

Also looking in ways to write integration tests for this. Generating keys through gpg and using them in tests seems a bit cumbersome.

Would you be able to generate a single key ahead of time and commit it to the repo? Although I don't know if that would remove the dependency on gpg at test-time.

arxanas
arxanas reviewed Jun 19, 2023
View reviewed changes
Comment thread git-branchless-lib/src/git/sign.rs Outdated
(_, Some("") | None) => {
let signer = git2_ext::ops::UserSign::from_config(&repo.inner, &config)
.map_err(RepoError::ReadConfig)?;
Box::new(signer) as Box<dyn git2_ext::ops::Sign>
Copy link
Copy Markdown
Owner

@arxanas arxanas Jun 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most likely you can ignore the warning about

using a potentially dangerous silent `as` conversion

here. That's meant for numeric types (like u32 <-> u64), but it looks like git2_ext::ops::Sign is not a numeric type, so I don't know why the warning is triggereing here.

@Abhijay
Copy link
Copy Markdown

Abhijay commented Feb 18, 2025

@arxanas @tommyip Has this been abandoned? I would like to pick this up and finish this PR.

For anyone else looking into this, here's a utility script I have under git sign-branch to fix any unsigned commits from git restack:

#!/bin/bash

# Default parent branch
PARENT_BRANCH="main"

# Parse options
while getopts "p:" opt; do
  case $opt in
    p)
      PARENT_BRANCH=$OPTARG
      ;;
    *)
      echo "Usage: git sign-branch [-p parent_branch]"
      exit 1
      ;;
  esac
done

# Retrieve the current branch name
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)

# Find the base commit
BASE_COMMIT=$(git merge-base "$CURRENT_BRANCH" "$PARENT_BRANCH")

# Rebase and sign commits
git rebase -i "$BASE_COMMIT" --exec "git commit --amend -S --no-edit"

@Abhijay Abhijay mentioned this pull request Apr 3, 2025
Open
mhammerly added a commit to mhammerly/git-branchless that referenced this pull request Apr 12, 2025
@mhammerly @tommyip
feat: support signing commits with gpg, ssh, x509
fda26cc 
Originally implemented by Thomas Ip in arxanas#966. Updated by Matt.

Co-authored-by: Matt Hammerly <1198161+mhammerly@users.noreply.github.com>
Co-authored-by: Thomas Ip <thomas@ipthomas.com>
mhammerly added a commit to mhammerly/git-branchless that referenced this pull request Apr 12, 2025
@mhammerly @tommyip
feat: support signing commits with gpg, ssh, x509
07666cf 
Originally implemented by Thomas Ip in arxanas#966. Updated by Matt.

Co-authored-by: Thomas Ip <thomas@ipthomas.com>
mhammerly added a commit to mhammerly/git-branchless that referenced this pull request Apr 12, 2025
@mhammerly @tommyip
feat: support signing commits with gpg, ssh, x509
ff824e2 
Originally implemented by Thomas Ip in arxanas#966. Updated by Matt.

Co-authored-by: Thomas Ip <thomas@ipthomas.com>
mhammerly added a commit to mhammerly/git-branchless that referenced this pull request Apr 12, 2025
@mhammerly @tommyip
feat: support signing commits with gpg, ssh, x509
4bdf7e1 
Originally implemented by Thomas Ip in arxanas#966. Updated by Matt.

Co-authored-by: Thomas Ip <thomas@ipthomas.com>
mhammerly added a commit to mhammerly/git-branchless that referenced this pull request Apr 12, 2025
@mhammerly @tommyip
feat: support signing commits with gpg, ssh, x509
0b9709f 
Originally implemented by Thomas Ip in arxanas#966. Updated by Matt.

Co-authored-by: Thomas Ip <thomas@ipthomas.com>
mhammerly added a commit to mhammerly/git-branchless that referenced this pull request Apr 15, 2025
@mhammerly @tommyip
feat: support signing commits with gpg, ssh, x509
66aa269 
Originally implemented by Thomas Ip in arxanas#966. Updated by Matt.

Co-authored-by: Thomas Ip <thomas@ipthomas.com>
@mhammerly mhammerly mentioned this pull request Apr 19, 2025
Draft
@claytonrcarter
Copy link
Copy Markdown
Collaborator

claytonrcarter commented Feb 2, 2026

Closing this in favor of #1538, which is based on this change, I believe.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arxanas arxanas arxanas left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support GPG-signing commits

4 participants

@tommyip @arxanas @Abhijay @claytonrcarter