On Wed, Mar 22, 2017 at 06:41:24PM -0400, Jeff King wrote: > > In that case, something like this would be closer to the desired > > behavior? > > Yes, though you can spell: > > cat >expect <<-\EOF > EOF > > as just: > > >expect Ah, that sounds like a better way to fix this with a smaller diff. > > > I'm also unsure on what would be the right thing to put on the commit > > message. > > I think the argument is: > > 1. It's safer not to expound on tags that have failed verification (so > that the caller cannot accidentally use them). Especially since the > --format cannot tell anything about the GPG status. > > That means that > > tag=$(git verify-tag --format='%(tag)' foo) > > can use a non-blank $tag without having to wonder whether it is > valid or not. > > and > > 2. That's what we've done since the feature was released. > > The only thing that would give me pause is if were to later add > %G-like formatters, and then: > > xargs git verify-tag --format='%(gpg:status) %(tag)' | > while read status tag > do > ... > done > > would become useful, but we'd be tied to the behavior that we omit the > tag when the gpg verification failed (for backwards compatibility). > OTOH, we could perhaps make the rule "ignored unless %(gpg) formatters > are used". Which would be backwards-compatible and safe for old formats, > and work correctly for new ones. This sounds like a helpful addition to implement. We could update/add tests for compliance on this once the feature is addded and fix the ambiguous behavior in the tests now. Thanks, -Santiago. --- diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh index b4698ab5f..0581053a0 100755 --- a/t/t7004-tag.sh +++ b/t/t7004-tag.sh @@ -896,17 +896,15 @@ test_expect_success GPG 'verifying a forged tag should fail' ' ' test_expect_success 'verifying a proper tag with --format pass and format accordingly' ' - cat >expect <<-\EOF + cat >expect <<-\EOF && tagname : signed-tag - EOF && + EOF git tag -v --format="tagname : %(tag)" "signed-tag" >actual && test_cmp expect actual ' -test_expect_success 'verifying a forged tag with --format fail and format accordingly' ' - cat >expect <<-\EOF - tagname : forged-tag - EOF && +test_expect_success 'verifying a forged tag with --format should fail silently' ' + >expect && test_must_fail git tag -v --format="tagname : %(tag)" "forged-tag" >actual && test_cmp expect actual ' diff --git a/t/t7030-verify-tag.sh b/t/t7030-verify-tag.sh index d62ccbb98..173a88e89 100755 --- a/t/t7030-verify-tag.sh +++ b/t/t7030-verify-tag.sh @@ -126,17 +126,15 @@ test_expect_success GPG 'verify multiple tags' ' ' test_expect_success 'verifying tag with --format' ' - cat >expect <<-\EOF + cat >expect <<-\EOF && tagname : fourth-signed - EOF && + EOF git verify-tag --format="tagname : %(tag)" "fourth-signed" >actual && test_cmp expect actual ' -test_expect_success 'verifying a forged tag with --format fail and format accordingly' ' - cat >expect <<-\EOF - tagname : 7th forged-signed - EOF && +test_expect_success 'verifying a forged tag with --format should fail silently' ' + >expect && test_must_fail git verify-tag --format="tagname : %(tag)" $(cat forged1.tag) >actual-forged && test_cmp expect actual-forged '
Attachment:
signature.asc
Description: PGP signature