Junio C Hamano <gitster@xxxxxxxxx> writes:
> A sample workflow with the command may look like this:
> ...
> $ git show -s --show-signature
With this, in the Linux kernel repository, you could do this.
$ git show -s --show-signature 2240a7bb47
commit 2240a7bb479c38434bd636da9ce6afbd3f49447a
parent #2, tagged 'tytso-for-linus-20111214'
gpg: Signature made Wed 14 Dec 2011 11:15:13 AM PST using RSA key ID C11804F0
gpg: Good signature from "Theodore Ts'o <tytso@xxxxxxx>"
gpg: aka "Theodore Ts'o <tytso@xxxxxxxxxx>"
gpg: aka "Theodore Ts'o <tytso@xxxxxxxxxx>"
Merge: 30aaca4 5a0dc73
Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Date: Wed Dec 14 18:25:58 2011 -0800
Merge tag 'tytso-for-linus-20111214' of git://git.kernel.org/pub/scm/linu...
* tag 'tytso-for-linus-20111214' of git://git.kernel.org/pub/scm/linux/ke...
8< snip 8<
.. using the new signed tag merge of git that now verifies the gpg
signature automatically. Yay. The branchname was just 'dev', which is
prettier. I'll tell Ted to use nicer tag names for future cases.
We might want to reword "parent #2", by the way. The code was designed to
apply even to an Octopus, but I suspect 99.9% of the mergetag will be on
the second parent of a two-parent commit. You will never see "parent #1"
(i.e. direct parent you pulled into) unless you hand-craft the merge
commit object, and you are not likely to create an Octopus that pulls
multiple signed tags into one commit.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html