On Thu, 2018-12-13 at 16:22 -0500, John Passaro wrote:
> Currently, users who do not have GPG installed have no way to discern
> signed from unsigned commits without examining raw commit data. I
> propose two new pretty-print placeholders to expose this information:
>
> %GR: full ("R"aw) contents of gpgsig header
> %G+: Y/N if the commit has nonempty gpgsig header or not
>
> The second is of course much more likely to be used, but having exposed
> the one, exposing the other too adds almost no complexity.
>
> I'm open to suggestion on the names of these placeholders.
>
> This commit is based on master but e5a329a279 ("run-command: report exec
> failure" 2018-12-11) is required for the tests to pass.
>
> One note is that this change touches areas of the pretty-format
> documentation that are radically revamped in aw/pretty-trailers: see
> 42617752d4 ("doc: group pretty-format.txt placeholders descriptions"
> 2018-12-08). I have another version of this branch based on that branch
> as well, so you can use that in case conflicts with aw/pretty-trailers
> arise.
>
> See:
> - https://github.com/jpassaro/git/tree/jp/pretty-expose-gpgsig
> - https://github.com/jpassaro/git/tree/jp/pretty-expose-gpgsig--based-on-aw-pretty-trailers
>
> John Passaro (4):
> pretty: expose raw commit signature
> t/t7510-signed-commit.sh: test new placeholders
> doc, tests: pretty behavior when gpg missing
> docs/pretty-formats: add explanation + copy edits
>
> Documentation/pretty-formats.txt | 21 ++++--
> pretty.c | 36 ++++++++-
> t/t7510-signed-commit.sh | 125 +++++++++++++++++++++++++++++--
> 3 files changed, 167 insertions(+), 15 deletions(-)
>
>
> base-commit: 5d826e972970a784bd7a7bdf587512510097b8c7
> prerequisite-patch-id: aedfe228fd293714d9cd0392ac22ff1cba7365db
Just a suggestion: since the raw signature is not very useful without
the commit data to check it against, and the commit data is non-trivial
to construct (requires mangling raw data anyway), maybe you could either
add another placeholder to get the data for signature verification, or
(alternatively or simultaneously) add a placeholder that prints both
data and signature in the OpenPGP message format (i.e. something you can
pass straight to 'gpg --verify').
--
Best regards,
Michał Górny
Attachment:
signature.asc
Description: This is a digitally signed message part
