Hi there,

Some of you may remember me from my more active times...

Anyways, a recent blog post about signed commits in git triggered me to
look at our tools for that again. It seems that we only have the
log/pretty family on the user facing side, but everything we need under
the hood.

So here's a suggestion to implement verify-commit in a way which is
completely analogous to verify-tag. In fact, it could be coded more
elegantly, but I kept it this way so that we could merge the two more
easily in case we wish to do so.

I will follow up with tests if the design principle is something we agree

Michael J Gruber (3):
  pretty: free the gpg status buf
  gpg-interface: provide access to the payload
  verify-commit: scriptable commit signature verification

 Documentation/git-verify-commit.txt | 28 +++++++++++
 Makefile                            |  1 +
 builtin.h                           |  1 +
 builtin/merge.c                     |  1 +
 builtin/verify-commit.c             | 98 +++++++++++++++++++++++++++++++++++++
 command-list.txt                    |  1 +
 commit.c                            |  1 +
 git.c                               |  1 +
 gpg-interface.h                     |  1 +
 pretty.c                            |  2 +
 10 files changed, 135 insertions(+)
 create mode 100644 Documentation/git-verify-commit.txt
 create mode 100644 builtin/verify-commit.c


To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to