This repository was archived by the owner on Sep 11, 2020. It is now read-only.
git: Add ability to PGP sign commits #920
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The way that commit signatures were being written out was causing an extra newline to be written at the end of the commit when the message encoding was already taking care of this. Ultimately, this results in a corrupt object, rendering the object unverifiable with the signature in the commit. Signed-off-by: Chris Marchesi <[email protected]>
This adds the ability to sign commits by adding the SignKey field to CommitOptions. If present, the commit will be signed during the WorkTree.Commit call. The supplied SignKey must already be decrypted by the caller. Signed-off-by: Chris Marchesi <[email protected]>
|
Looks like tests are failing due to use of I'll switch this up to using |
This was added in Go 1.10 and is not supported on Go 1.9. Switched to bytes.Buffer to ensure compatibility. Signed-off-by: Chris Marchesi <[email protected]>
This will not work for a signed commit as with the GPG signature being a part of the commit, the hash is now non-deterministic. Verification of the commit is done through the validation of the signature. Signed-off-by: Chris Marchesi <[email protected]>
I'm hoping this helps get codecov to a tolerable delta. :) Signed-off-by: Chris Marchesi <[email protected]>
smola
reviewed
Aug 17, 2018
| encoded := &plumbing.MemoryObject{} | ||
| if err := commit.Encode(encoded); err != nil { | ||
| return "", err | ||
| } |
There was a problem hiding this comment.
Add spaces after each if block (this is a convention that we generally follow all over go-git codebase).
jfontan
approved these changes
Aug 17, 2018
|
I triggered manually the failing job in CI. It is an intermittent failure, not related to this PR. |
|
Thanks @smola! I'll keep that in mind for some future tagging work I'm working on. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the ability to sign commits by adding the
SignKeyfield toCommitOptions. If present, the commit will be signed during theWorkTree.Commitcall.The supplied
SignKeymust already be decrypted by the caller.Signed-off-by: Chris Marchesi <[email protected]>There is also a small bugfix in here as well that was affecting the ability to sign commits: