Alex venit, vidit, dixit 25.09.2016 08:05:
> Hello all,
> Could the %G? format differentiate between an unsigned commit and a
> signed commit that you're missing a public key for?
> If `git show --format=%GG --no-patch <commit>' produces an output like
> the following:
> gpg: Signature made <date> using RSA key ID <id>
> gpg: Can't check signature: public key not found

That is the "raw verification message from GPG for a signed commit" as
per git-log(1).

> Then currently %G? results in `N', the same as an unsigned commit.
> In this case, could %G? please result in a new character? Perhaps `M'
> for "missing public key"?

Yes, and no.

Really, there are many different reasons why a signature couldn't be
checked, but gpg itself has these status results:

"For each signature only one of the three codes GOODSIG, BADSIG or
ERRSIG will be emitted" (doc/DETAILS in gpg's source).

ERRSIG comes with additional info (RC) that could be parsed for the reason.

Also, in addition to that line, there can be other lines with additional
information. So there is a lot that could potentially be shown (and *is*
shown with %GG). In the GOODSIG case, we parse the TRUST info to take
the trust model into account (and return U for untrusted good).

I wouldn't mind adding E to %G? in the ERRSIG case, even though one has
to look at %GG in any case (N or E) if one wants to have more details.


Reply via email to