Bug#1115500: git-debpush should override git -c gpg.format

Sat, 20 Sep 2025 08:49:16 -0700 

Whoops, only sent this to Ian, not the bug too... try again! 

I took some time to play this afternoon. As it stands, my git config looks like 
this:

[user]
        email = [email protected]
        name = Dave Hibberd
        signingkey = /home/hibby/.ssh/id_ed25519.pub
[gpg]
        format = ssh
[core]
        editor = vim
[commit]
        gpgsign = true



On Wednesday, 17 September 2025 22:54:06 British Summer Time Ian Jackson 
wrote:
> hibby writes ("Bug#1115500: git-debpush should override git -c gpg.format"):

> I think probably the right answer *for this bug* is to override
> gpg.format and then if the user has *also* set a user.signingkey and
> doesn't override the key[1] then the attempt to make a signature will
> fail?
> 

Agreed - purely overriding with my config as-is causes a failure as gpg is now 
looking for the ssh key as its argument. It stops malformed tags getting 
pushed to the server but doesn't get us any further really:

hibby@macrotis ~/D/H/l/lutris-test (debian/latest)> git -c gpg.format=openpgp 
tag -s -m "hello!" hibby/testtag
error: gpg failed to sign the data:
gpg: keydb_search failed: Invalid argument
gpg: skipped "/home/hibby/.ssh/id_ed25519.pub": Invalid argument
[GNUPG:] INV_SGNR 0 /home/hibby/.ssh/id_ed25519.pub
[GNUPG:] FAILURE sign 45
gpg: signing failed: Invalid argument
error: unable to sign the tag
The tag message has been left in .git/TAG_EDITMSG

> [1] I mean, override uusing a currently-hypothetical option like in
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108267#40
> so really I mean it will always fail.
> 
> An alternative could be to *inspect* gpg.format and fail if we don't
> like the answer and no key override was found.
> 
> I guess it could *unset* user.signingkey if if finds itself overriding
> gpg.format?  This all seems like too much (a) magic (b) violence.
> 

Yeah, the last option is paired with $DEBSIGN_KEYID will work (I tested 
manually) - it forces functionality but is too hardass I think.

IMHO inspecting gpg.format and failing with an error if not gpg is the best 
solution here - ssh signing isn't supported for upload in Debian, and now that 
I've been informed I am more than happy to rewrite my gpg config to 
gpg.format=openpgp and sign on tag instead of commit. 

I would rather the convenience of tag2upload than the green tick on salsa.

> 
> (Many will read that and say "story of a security engineer's life".)
> 

Sisyphus didn't get to the bottom of the hill without all that pushing!

Best,
H

--
Dave Hibberd <[email protected]>  
Debian Developer
Packet Radioist
MM0RFN

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to