On Thu, Mar 31, 2016 at 08:46:05AM -0700, Junio C Hamano wrote: > Carlos Martín Nieto <cmn@xxxxxxx> writes: > > > Detect the gpgsm block header and run this command instead of gpg. > > On the signing side, ask gpgsm if it knows the signing key we're trying > > to use and fall back to gpg if it does not. > > > > This lets the user more easily combine signing and verifying X509 and > > PGP signatures without having to choose a default for a particular > > repository that may need to be occasionally overridden. > > > > Signed-off-by: Carlos Martín Nieto <cmn@xxxxxxx> > > > > --- > > > > Out there in the so-called "real world", companies like using X509 to > > sign things. Currently you can set 'gpg.program' to gpgsm to get > > gpg-compatible verification,... > > I notice that you had to add GPGSM_MESSAGE string constant; does the > current code without any change really work correctly if you set > 'gpg.program' to gpgsm and do nothing else? It has been a few months since I fooled around with gpgsm, but IIRC, it works for tags but not commits. Because verify-tag just blindly dumps the tag to gpg.program, and gpgsm finds the correct signature. Whereas the --show-signature option of git-log does not bother to call gpg if we didn't see a signature. Which makes me wonder whether verify-tag would send a gpgsm-signed tag to the right place with Carlos's patch (I didn't check). -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html