Starting with the newest git version, the signature checking
code somehow ignores GPG's status-fd and status-file options, which are
THE way to machine parse GPG's output (seee [1])

How to reproduce:

1. Put the following line in your ~/.gnupg/gpg.conf file:

status-fd 1

2. Produce a singed commit:

git commit -aS -m "signed test commit"

3. Let git check the signature:

git log -n 1 --show-signature | cat


Commit 104cffdaaaaed653aasdddddddddd
gpg: Signature made Tue 09 Apr 2013 01:09:09 PM CEST using RSA key ID
gpg: Good signature from "User"
Author: user <usermail>

Missing from output is the machine parsable GPG information:

[GNUPG:] SIG_ID sorvifhoerui/asidunb 2013-04-09 23947273
[GNUPG:] GOODSIG 433811111111111324 User <usermail>
[GNUPG:] VALIDSIG ddddddddddddddddddfsjidjfv 2013-04-09 aoidfjidh0 0 4 0
1 2 00 oshidvoo444444ddddddddd

Note: The git-log format specifiers %GG, %G?, %GK, ... do not provide
enough information, as they, for example, do not provide the
information, that the signature is valid, if the key is untrusted (which
will simply leed to a "bad" signature).

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to
More majordomo info at

Reply via email to