Currently, verify-commit and verify-tag produce human-readable output. This is great for humans, and awful for machines. It also lacks a lot of the information that GnuPG's --status-fd output provides. For example, if you wanted to know * the hash algorithm; * whether the signature was made with a subkey; or * the OpenPGP signature version none of that information is available in the human-readable output. We've had people in the past come to the list who require signed commits in their corporate environment. It's not unreasonable to expect that they might want to programmatically verify signatures, including aspects of the signatures we don't currently expose. It's also much nicer to parse the machine-readable output we already collect than hoping GnuPG doesn't change its output. This series introduces a --raw option for verify-commit and verify-tag. If it's used, they provide the gpg --status-fd output on standard error instead of the human-readable output. The series also adds tests for verify-tag, since there were none; these are based off the ones for verify-commit. In writing this series, I noticed an incompatibility between verify-commit and verify-tag. If a valid signature is made with an untrusted key, verify-commit will exit 1, but verify-tag will exit 0. I'm unclear on what we can do about this now, short of adding another option. This is because the two commands share little common code. brian m. carlson (3): verify-commit: add option to print raw gpg status information verify-tag: add tests verify-tag: add option to print raw gpg status information Documentation/git-verify-commit.txt | 4 ++ Documentation/git-verify-tag.txt | 4 ++ builtin/verify-commit.c | 13 ++-- builtin/verify-tag.c | 21 +++++-- t/t7030-verify-tag.sh | 116 ++++++++++++++++++++++++++++++++++++ t/t7510-signed-commit.sh | 32 ++++++++++ 6 files changed, 178 insertions(+), 12 deletions(-) create mode 100755 t/t7030-verify-tag.sh -- 2.4.0 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html