This is my fourth iteration to solve the "how can we allow authenticity of work by contributors to be validated by the integrator and leave enough information for later audit by third parties" topic. What is unusual is that this is not a fourth re-roll of one approach re-re-re-polished, but these four are all based on different design. This round is based on Linus's "let the integrator pull signed tag from the contributor" design. The first patch is the same as the one at the bottom of the third iteration which was jc/signed-commit topic. The rest are new. 1. Split GPG interface into its own helper library 2. fetch: do not store peeled tag object names in FETCH_HEAD 3. merge: notice local merging of tags and keep it unwrapped 4. fetch: allow "git fetch $there v1.0" to fetch a tag 5. tests: distinguish merges of tags and commits "git fetch" used to peel tags too early when storing in FETCH_HEAD (the input to fmt-merge-msg), and "git merge" did the same when internally preparing the list of what are merged to feed the internal fmt-merge-msg. The above four stops doing so, whose effect can be seen in the changes to the test vector in the fifth patch. 6. refs DWIMmery: use the same rule for both "git fetch" and others You can pull a tag with "git pull $there tags/for-linus", but this allows you to say "git pull $there for-linus". 7. fmt-merge-msg: avoid early returns 8. fmt-merge-msg: package options into a structure 9. fmt-merge-msg: Add contents of merged tag in the merge message The first two of this segment are small clean-ups to make the third one possible. When merging signed tag(s), the merge message is prepared with the contents of the tag object for later independent audit at the end, and also contains the output from the GPG verification process as the comment to help the integrator verify it. 10. merge: force edit mode when merging a tag object And in order to _show_ that comment, we would need to show it in the editor before the commit happens, hence this conclusion patch. Makefile | 2 + builtin.h | 8 +- builtin/fetch.c | 3 +- builtin/fmt-merge-msg.c | 126 +++++++++++++++---- builtin/merge.c | 28 +++- builtin/tag.c | 76 +---------- builtin/verify-tag.c | 35 +----- cache.h | 2 +- gpg-interface.c | 138 ++++++++++++++++++++ gpg-interface.h | 10 ++ refs.c | 7 - t/t4202-log.sh | 4 +- t/t5510-fetch.sh | 5 +- t/t5515/fetch.br-branches-default | 6 +- t/t5515/fetch.br-branches-default-merge | 6 +- ...etch.br-branches-default-merge_branches-default | 6 +- t/t5515/fetch.br-branches-default-octopus | 6 +- ...ch.br-branches-default-octopus_branches-default | 6 +- t/t5515/fetch.br-branches-default_branches-default | 6 +- t/t5515/fetch.br-branches-one | 6 +- t/t5515/fetch.br-branches-one-merge | 6 +- t/t5515/fetch.br-branches-one-merge_branches-one | 6 +- t/t5515/fetch.br-branches-one-octopus | 6 +- t/t5515/fetch.br-branches-one-octopus_branches-one | 6 +- t/t5515/fetch.br-branches-one_branches-one | 6 +- t/t5515/fetch.br-config-explicit | 6 +- t/t5515/fetch.br-config-explicit-merge | 6 +- .../fetch.br-config-explicit-merge_config-explicit | 6 +- t/t5515/fetch.br-config-explicit-octopus | 6 +- ...etch.br-config-explicit-octopus_config-explicit | 6 +- t/t5515/fetch.br-config-explicit_config-explicit | 6 +- t/t5515/fetch.br-config-glob | 6 +- t/t5515/fetch.br-config-glob-merge | 6 +- t/t5515/fetch.br-config-glob-merge_config-glob | 6 +- t/t5515/fetch.br-config-glob-octopus | 6 +- t/t5515/fetch.br-config-glob-octopus_config-glob | 6 +- t/t5515/fetch.br-config-glob_config-glob | 6 +- t/t5515/fetch.br-remote-explicit | 6 +- t/t5515/fetch.br-remote-explicit-merge | 6 +- .../fetch.br-remote-explicit-merge_remote-explicit | 6 +- t/t5515/fetch.br-remote-explicit-octopus | 6 +- ...etch.br-remote-explicit-octopus_remote-explicit | 6 +- t/t5515/fetch.br-remote-explicit_remote-explicit | 6 +- t/t5515/fetch.br-remote-glob | 6 +- t/t5515/fetch.br-remote-glob-merge | 6 +- t/t5515/fetch.br-remote-glob-merge_remote-glob | 6 +- t/t5515/fetch.br-remote-glob-octopus | 6 +- t/t5515/fetch.br-remote-glob-octopus_remote-glob | 6 +- t/t5515/fetch.br-remote-glob_remote-glob | 6 +- t/t5515/fetch.br-unconfig | 6 +- t/t5515/fetch.br-unconfig_--tags_.._.git | 6 +- ...nfig_.._.git_one_tag_tag-one_tag_tag-three-file | 6 +- ...fig_.._.git_tag_tag-one-tree_tag_tag-three-file | 6 +- ...h.br-unconfig_.._.git_tag_tag-one_tag_tag-three | 6 +- t/t5515/fetch.br-unconfig_branches-default | 6 +- t/t5515/fetch.br-unconfig_branches-one | 6 +- t/t5515/fetch.br-unconfig_config-explicit | 6 +- t/t5515/fetch.br-unconfig_config-glob | 6 +- t/t5515/fetch.br-unconfig_remote-explicit | 6 +- t/t5515/fetch.br-unconfig_remote-glob | 6 +- t/t5515/fetch.master | 6 +- t/t5515/fetch.master_--tags_.._.git | 6 +- ...ster_.._.git_one_tag_tag-one_tag_tag-three-file | 6 +- ...ter_.._.git_tag_tag-one-tree_tag_tag-three-file | 6 +- .../fetch.master_.._.git_tag_tag-one_tag_tag-three | 6 +- t/t5515/fetch.master_branches-default | 6 +- t/t5515/fetch.master_branches-one | 6 +- t/t5515/fetch.master_config-explicit | 6 +- t/t5515/fetch.master_config-glob | 6 +- t/t5515/fetch.master_remote-explicit | 6 +- t/t5515/fetch.master_remote-glob | 6 +- t/t7600-merge.sh | 6 +- t/t7604-merge-custom-message.sh | 2 +- t/t7608-merge-messages.sh | 4 +- tag.c | 5 + 75 files changed, 482 insertions(+), 327 deletions(-) create mode 100644 gpg-interface.c create mode 100644 gpg-interface.h -- 1.7.8.rc0.108.g71b5ec -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html