Hi,
We are investigating adding commit and tag signatures into our existing
repositories. We currently use the common workflow of developers merging commits
to master using an internal git hosting service after having passed code
review. Non-local merges like this would then be unsigned.
But it seems like if we allow unsigned empty merge commits, i.e. those that
themselves do not introduce any any other change than what its parents
introduce, and require all other commits to be properly validated, then we can
safely validate the whole repository?
A simple naive example of this would look something like this:
rc=0
tags=$(git for-each-ref --format '%(objectname)' refs/tags)
tags_verified=$(for i in $tags; do git verify-tag --format='%(objectname)' "$i"; done)
for i in $(git rev-list HEAD --no-merges --not $tags_verified); do
git verify-commit "$i" || rc=1
done
for i in $(git rev-list HEAD --merges --not $tags_verified); do
diff=$(git show --text --pretty=format: --diff-merges=cc "$i")
git verify-commit "$i" || [ ! "$diff" ] || rc=1
done
exit $rc
Or is this a faulty strategy?
Thanks,
/Per Lundkvist
