According to 'git tag --help', it should be possible to create a signed, back-
dated tag. But I can't get it to work. Am I doing something wrong, or is this
a git bug? Shell transcript follows:
# Done on a demo repository, although I encountered the bug on a real one.
# I plan on creating two revisions, then tagging the first v1 OLDER than
# the second at v2
$ mkdir foo
$ cd foo
$ git --version
git version 1.5.5
$ git init
Initialized empty Git repository in .git/
$ echo hi > file
$ git add file
$ git commit -m commit1
Created initial commit 617ff6a: commit1
1 files changed, 1 insertions(+), 0 deletions(-)
create mode 100644 file
$ echo bye > file
$ git commit -a -m commit2
Created commit 3f226cf: commit2
1 files changed, 1 insertions(+), 1 deletions(-)
# Create a tag right now, for comparison purposes
$ git tag -s v2 -m v2
You need a passphrase to unlock the secret key for
user: "Eric Blake (free software programmer) <ebb9@xxxxxxx>"
1024-bit DSA key, ID F4850180, created 2004-12-18
$ git cat-file tag v2
object 3f226cf9b3905b60310866ab7a72c744f0f1feb4
type commit
tag v2
tagger Eric Blake <ebb9@xxxxxxx> 1207943097 -0600
v2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
iEYEABECAAYFAkf/v7kACgkQ84KuGfSFAYA4ygCcDwGYnyWBanfQyZPInKrMluYu
m4AAnjQi/TQ+14MDtBeo3MrrpSQXoJnN
=HAcH
-----END PGP SIGNATURE-----
# Make sure I know how to get an older date
$ date '+%F %R'
2008-04-11 13:47
$ date '+%F %R' -d '-1 day'
2008-04-10 13:47
# Now, follow the advice in 'git tag --help'
$ GIT_AUTHOR_DATE=`date '+%F %R' -d '-1 day'` git tag -s v1 -m v1 HEAD^
You need a passphrase to unlock the secret key for
user: "Eric Blake (free software programmer) <ebb9@xxxxxxx>"
1024-bit DSA key, ID F4850180, created 2004-12-18
$ git cat-file tag v1
object 617ff6a0daf5b9a32732bb79ef98f2abd3cd58de
type commit
tag v1
tagger Eric Blake <ebb9@xxxxxxx> 1207943332 -0600
v1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
iEYEABECAAYFAkf/wKQACgkQ84KuGfSFAYBGKACfdWzVMRgaLZImxj8IMMEDDOZr
z38An2WotiiskR+uXaIVglR6zX0mYFGD
=WEKw
-----END PGP SIGNATURE-----
# Hey wait a minute - 1207943097 is older than 1207943332.
# Which means v1 wasn't back-dated the way I asked :(
# Just to double-check with some human-readable times...
$ git tag -v v1 v2 2>&1 | grep -B1 made
v1
gpg: Signature made Fri Apr 11 13:48:52 2008 MDT using DSA key ID F4850180
--
v2
gpg: Signature made Fri Apr 11 13:44:57 2008 MDT using DSA key ID F4850180
# Oh well, I give up - 'git tag --help' lied about creating signed back-dated
# annotated tags. Since the porcelain didn't work, I'll try the plumbing.
$ git tag -d v1
Deleted tag 'v1'
$ emacs t
$ cat t
object 617ff6a0daf5b9a32732bb79ef98f2abd3cd58de
type commit
tag v1
tagger Eric Blake <ebb9@xxxxxxx> `date +%s -d '-1 day'` -0600
v1
$ echo `git mktag < t` > .git/refs/tags/v1
$ git show v1 | head
tag v1
Tagger: Eric Blake <ebb9@xxxxxxx>
Date: Thu Apr 10 14:02:15 2008 -0600
v1
commit 617ff6a0daf5b9a32732bb79ef98f2abd3cd58de
Author: Eric Blake <ebb9@xxxxxxx>
Date: Fri Apr 11 13:40:17 2008 -0600
commit1
# Better than nothing - I created a valid, annotated, back-dated tag. But it
# isn't signed. So let's try again:
$ gpg --clearsign t
You need a passphrase to unlock the secret key for
user: "Eric Blake (free software programmer) <ebb9@xxxxxxx>"
1024-bit DSA key, ID F4850180, created 2004-12-18
$ echo `git mktag < t.asc` > .git/refs/tags/v1
error: char0: does not start with "object "
fatal: invalid tag signature file
# The plumbing doesn't like the BEGIN PGP SIGNED line, so I'll just strip it:
$ echo `tail -n+4 t.asc | git mktag` > .git/refs/tags/v1
$ git show v1 | head -n15
tag v1
Tagger: Eric Blake <ebb9@xxxxxxx>
Date: Thu Apr 10 14:02:15 2008 -0600
v1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
iEYEARECAAYFAkf/xIMACgkQ84KuGfSFAYC8egCfZAFQ5LSnUPELCjifsr1DQKrE
PCUAoIGzd6pApwZNaaHuhO6miggycF1d
=qCJn
-----END PGP SIGNATURE-----
commit 617ff6a0daf5b9a32732bb79ef98f2abd3cd58de
Author: Eric Blake <ebb9@xxxxxxx>
# There. That worked - a back-dated signed tag! Or did it?
$ git tag -v v1
object 617ff6a0daf5b9a32732bb79ef98f2abd3cd58de
type commit
tag v1
tagger Eric Blake <ebb9@xxxxxxx> 1207857735 -0600
v1
gpg: Signature made Fri Apr 11 14:05:23 2008 MDT using DSA key ID F4850180
gpg: BAD signature from "Eric Blake (free software programmer) <ebb9@xxxxxxx>"
error: could not verify the tag 'v1'
# Shoot. I got the signature wrong. The help on 'git mktag --help' mentions
# that tags can be signed, but *does not say how to use gpg to get to that
# point*. I suppose I could read the source code, but I really expected that
# the manual would tell me how. On the other hand, I guess I can live with
# leaving the 'git mktag' documentation alone if the original 'git tag' bug
# is fixed.
# Side note - while investigating this, I found another instance where the
# ui could be improved. Compare the difference between annotated and
# lightweight tags:
$ git tag -m v3 v3
$ git tag v4
$ git tag -v v3
object 3f226cf9b3905b60310866ab7a72c744f0f1feb4
type commit
tag v3
tagger Eric Blake <ebb9@xxxxxxx> 1207945051 -0600
v3
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
error: could not verify the tag 'v3'
# Why'd we get all the way to gpg? Shouldn't git be smart enough to realize
# that there is no 'BEGIN PGP SIGNATURE', and not waste the time calling gpg?
$ git tag -v v4
error: 3f226cf9b3905b60310866ab7a72c744f0f1feb4: cannot verify a non-tag object
of type commit.
error: could not verify the tag 'v4'
# Make up your mind. Is v4 "a non-tag object" or "tag 'v4'"? I think it
# would be nicer if git could tell me something like:
error: tag 'v3' is not signed
error: tag 'v4' is not annotated or signed
--
Eric Blake
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
