Package: git
Version: 1:2.11.0-2
I'm playing about with signed pushes, which I hope to use to allow the
dgit git server to be used for general git hosting (pushable by DDs
and DMs). That's #848678.
I discovered that git-receive-pack calls gpg. Seen in strace:
t.8633:execve("/usr/bin/gpg", ["/usr/bin/gpg",
"--agent-program=/home/ian/things/Dgit/dgit/tests/tstunt/gpg-agent",
"--status-fd=1", "--keyid-format=long", "--verify", "/tmp/.git_vtag_tmpo93dmC",
"-"], [/* 87 vars */]) = 0
It would be better if it called gpgv. gpg does all sorts of
complicated things, including automatically starting or connecting to
a gpg-agent, which are not appropriate for use in a daemon on a
server.
Additionally, I find that passing -c gpg.program=/usr/bin/gpgv
to git receive-pack is not effective, and there seems to be no
sensible way to specify the keyrings to use (although that could be
done by setting GNUPGHOME perhaps).
Can you please let me know if you intend to deal with these problems
in stretch ? I imagine probably not!
In which case I think I will have to work around this problem, and
also #852647, by putting a stunt wrapper for gpg on the PATH.
Naturally this will involve dgit-repos-server making some assumptions
about the options passed to gpg[v] by git-receive-pack, since it may
have to massage them.
Ian.
