On 2020-03-30 16:03:55-0400, Dominic Chen <d.c.ddcc@xxxxxxxxx> wrote: > The subcommand `git commit` supports a `--no-gpg-sign` argument, which I > find useful for cases where e.g. a GPG key is specified in `.gitconfig`, > but is located on a hardware key that may not currently be attached to > the system. However, other commands like `git rebase`, `git > cherry-pick`, etc, which internally invoke `git commit`, don't support cherry-pick (in git 2.25.1) understands --no-gpg-sign I've encountered this in the past, but I stopped signing my commit. Anyways, here is the patch -----------------8<----------------- From: Đoàn Trần Công Danh <congdanhqx@xxxxxxxxx> Subject: [PATCH] rebase.c: teach --no-gpg-sign to git-rebase Signed-off-by: Đoàn Trần Công Danh <congdanhqx@xxxxxxxxx> --- Documentation/git-rebase.txt | 5 +++ builtin/rebase.c | 10 +++-- t/t3435-rebase-gpg-sign.sh | 72 ++++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 3 deletions(-) create mode 100755 t/t3435-rebase-gpg-sign.sh diff --git a/Documentation/git-rebase.txt b/Documentation/git-rebase.txt index f7a6033607..54023cf3bb 100644 --- a/Documentation/git-rebase.txt +++ b/Documentation/git-rebase.txt @@ -358,6 +358,11 @@ See also INCOMPATIBLE OPTIONS below. defaults to the committer identity; if specified, it must be stuck to the option without a space. +--no-gpg-sign:: + Countermand `commit.gpgSign` configuration variable that is + set to force each and every commit to be signed. + + -q:: --quiet:: Be quiet. Implies --no-stat. diff --git a/builtin/rebase.c b/builtin/rebase.c index 27a07d4e78..a8cc5cfe0c 100644 --- a/builtin/rebase.c +++ b/builtin/rebase.c @@ -1593,6 +1593,9 @@ int cmd_rebase(int argc, const char **argv, const char *prefix) options.allow_empty_message = 1; git_config(rebase_config, &options); + // options.gpg_sign_opt will be either "-S" or NULL + // It'll be freed later, hence, no skip-prefix + gpg_sign = options.gpg_sign_opt ? "" : NULL; if (options.use_legacy_rebase || !git_env_bool("GIT_TEST_REBASE_USE_BUILTIN", -1)) @@ -1823,10 +1826,11 @@ int cmd_rebase(int argc, const char **argv, const char *prefix) if (options.empty != EMPTY_UNSPECIFIED) imply_merge(&options, "--empty"); - if (gpg_sign) { - free(options.gpg_sign_opt); + free(options.gpg_sign_opt); + if (gpg_sign) options.gpg_sign_opt = xstrfmt("-S%s", gpg_sign); - } + else + options.gpg_sign_opt = NULL; if (exec.nr) { int i; diff --git a/t/t3435-rebase-gpg-sign.sh b/t/t3435-rebase-gpg-sign.sh new file mode 100755 index 0000000000..d12b30b033 --- /dev/null +++ b/t/t3435-rebase-gpg-sign.sh @@ -0,0 +1,72 @@ +#!/bin/sh +# +# Copyright (c) 2020 Doan Tran Cong Danh +# + +test_description='test rebase --[no-]gpg-sign' + +. ./test-lib.sh +. "$TEST_DIRECTORY/lib-gpg.sh" + +if ! test_have_prereq GPG +then + skip_all='skip all test rebase --[no-]gpg-sign, gpg not available' + test_done +fi + +test_expect_success 'setup: not-signed commit' ' + test_commit one && + test_commit two && + test_must_fail git verify-commit HEAD && + test_must_fail git verify-commit HEAD^ && + git tag unsigned +' + +test_expect_success 'setup: rebase --gpg-sign to sign all commit' ' + git rebase --gpg-sign --force-rebase --root && + git verify-commit HEAD && + git verify-commit HEAD^ && + git tag signed +' + +test_expect_success 'rebase without commit.gpgsign config' ' + git reset --hard signed && + test_might_fail git config --unset commit.gpgsign && + git rebase --force-rebase --root && + test_must_fail git verify-commit HEAD && + test_must_fail git verify-commit HEAD^ +' + +test_expect_success 'rebase respects commit.gpgsign=true config' ' + git reset --hard unsigned && + git config commit.gpgsign true && + git rebase --force-rebase --root && + git verify-commit HEAD && + git verify-commit HEAD^ +' + +test_expect_success 'rebase --no-gpg-sign overrides commit.gpgsign' ' + git reset --hard unsigned && + git config commit.gpgsign true && + git rebase --no-gpg-sign --force-rebase --root && + test_must_fail git verify-commit HEAD && + test_must_fail git verify-commit HEAD^ +' + +test_expect_success 'rebase --no-gpg-sign clear signed commit' ' + git reset --hard signed && + git config commit.gpgsign true && + git rebase --no-gpg-sign --force-rebase --root && + test_must_fail git verify-commit HEAD && + test_must_fail git verify-commit HEAD^ +' + +test_expect_success 'rebase -i --no-gpg-sign override commit.gpgsign' ' + git reset --hard signed && + git config commit.gpgsign true && + GIT_EDITOR=true git rebase -i --no-gpg-sign --force-rebase --root && + test_must_fail git verify-commit HEAD && + test_must_fail git verify-commit HEAD^ +' + +test_done -- 2.26.0.334.g6536db25bb