On Thu, 2016-03-31 at 08:46 -0700, Junio C Hamano wrote: > Carlos Martín Nieto <cmn@xxxxxxx> writes: > > > > > Detect the gpgsm block header and run this command instead of gpg. > > On the signing side, ask gpgsm if it knows the signing key we're > > trying > > to use and fall back to gpg if it does not. > > > > This lets the user more easily combine signing and verifying X509 > > and > > PGP signatures without having to choose a default for a particular > > repository that may need to be occasionally overridden. > > > > Signed-off-by: Carlos Martín Nieto <cmn@xxxxxxx> > > > > --- > > > > Out there in the so-called "real world", companies like using X509 > > to > > sign things. Currently you can set 'gpg.program' to gpgsm to get > > gpg-compatible verification,... > I notice that you had to add GPGSM_MESSAGE string constant; does the > current code without any change really work correctly if you set > 'gpg.program' to gpgsm and do nothing else? It does work for verify-commit which is what I've been playing around with since it just sends the contents of the 'gpgsig' header field to the verification function. I don't recall testing with verify-tag but there we might indeed have issues, since we parse the contents to see if we have the signature. > > > > > ... but if you're changing it to swap between > > PGP and X509, it's an extra variable to keep in mind when working > > with > > signed commits and tags. > > > > +gpgsm.program:: > > + Use this custom program instead of "gpgsm" found on $PATH > > when > > + making or verifying a gpsm signature. The program must > > support the > gpsm signature, or gpgsm signature? Nice catch. Thanks. cmn -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html