Re: [BUG] Veryfing signatures in git log fails when language is not english
Mariusz Gronczewski writes: > 2013/2/14 Junio C Hamano : >> >> - The "right" one you mention for %GS is easier than you might >> think. If you just verify against the accompanying "tagger" >> identity, that should be sufficient. It of course cannot be >> generally solved, as you could tag as person A while signing >> with key for person B, but a simple social convention would >> help us out there: if you tag as Mariusz Gronczewski, your >> signature should also say so. > unless there is someone else with same name, which happens more often > (so far i've seen it happen twice) than same GPG IDs. Oh, I didn't mean to say "ignore email part", which of course will make the result more likely to be ambiguous. I thought you meant by "have to show right one" the following scenario: The tag v1.8.1 has a GPG signature. The key 96AFE6CB was used to sign it. The key is associated with more than one identities. One of them is "Junio C Hamano ", but that is not the only one. I also have combinations of other e-mail addresses and names spelled differently (e.g. "Junio Hamano ") that are _not_ associated with that key. GPG may say "good signature from A aka B aka C"; which one of A, B, or C should we choose? I was suggesting that among the identities associated with the key used to sign the tag, we should show the one that matches the identity on the tagger field. object 5d417842efeafb6e109db7574196901c4e95d273 type commit tag v1.8.1 tagger Junio C Hamano 1356992771 -0800 Git 1.8.1 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQIc... =v706 -END PGP SIGNATURE- Because it is clear from the context where the signature appears that that identity is what matters for me as a signer in the project the tag appears in. I may have other e-mail addresses that are not associated with that key, but it would be insane to put that on the tagger field of the tag, while GPG-signing with that key. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BUG] Veryfing signatures in git log fails when language is not english
2013/2/14 Junio C Hamano : > > - The "right" one you mention for %GS is easier than you might > think. If you just verify against the accompanying "tagger" > identity, that should be sufficient. It of course cannot be > generally solved, as you could tag as person A while signing > with key for person B, but a simple social convention would > help us out there: if you tag as Mariusz Gronczewski, your > signature should also say so. unless there is someone else with same name, which happens more often (so far i've seen it happen twice) than same GPG IDs. It's all fine if you just have one keyring that you can use to validate against all repos but when there are multiple projects each with different persons responsible for deploying it can get messy ;]. my use-case is basically "allow only commits signed by person X Y or Z to be deployed on production" and "allow only persons A, B, C, X, Y, Z to commit", while latter case can be solved by software like gitolite, credential validation is messy at best as you have to validate: - ssh key - if ssh key owner matches commiter name - if commiter name =! author name, if a given person can do that (project architect or some other person accepting patches) or can't and I'm trying to implement GPG signing so if someone does something malicious i can say "OK that commit was signed by your key ID, why you did it?" -- Mariusz Gronczewski (XANi) GnuPG: 0xEA8ACE64 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BUG] Veryfing signatures in git log fails when language is not english
Mariusz Gronczewski writes: > What is really missing is an ability to display used key ID without > hammering git log output with regexps, it would be much easier to > validate incoming commits if there was format option to just display > key ID instead of signer name. %GS isn't really good solution for that > because it will show only one of email addresses used in the key and > script checking signatures would have to always pick "right" one. The %G pretty modifiers other than %GG were done mostly as placeholders. I think the following would be a good way to refine them: - %GG, and possibly "log --show-signature" should run GPG under the user's LANG. - %G? is mostly useless, unless it is made to always mean "does it verify crypto-wise" and nothing else. One bit is simply too small to represent all the cases where you may or may not have the signer's key, or you may have the key but you do not have enough trust in it (e.g. the key may be expired, revoked, or not enough confidence in your web of trust). - The "right" one you mention for %GS is easier than you might think. If you just verify against the accompanying "tagger" identity, that should be sufficient. It of course cannot be generally solved, as you could tag as person A while signing with key for person B, but a simple social convention would help us out there: if you tag as Mariusz Gronczewski, your signature should also say so. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BUG] Veryfing signatures in git log fails when language is not english
2013/2/14 Michael J Gruber : > XANi venit, vidit, dixit 14.02.2013 01:18: >> Hi, >> >> any functionality that depends on exact exit msg of program >> can potentially fail because of that >> ᛯ export |grep LANG >> declare -x LANG="pl_PL.UTF-8" >> >> ᛯ ~/src/os/git/git log --format="%G? %h" |head -2 >> 0d19377 >> 5b9d7f8 >> >> ᛯ unset LANG >> ᛯ ~/src/os/git/git log --format="%G? %h" |head -2 >> G 0d19377 >> G 5b9d7f8 >> >> tested against maint (d32805d) and master (5bf72ed) >> >> maybe git should set up some output-changing variables before calling >> external programs? I think setting LC_ALL=C should be enougth. >> > > There are really multiple problems here: > > 1. git calls gpg without setting LANG but expects output in LANG=C > > 2. git looks at the textual output from gpg to check the validity. > > 3. In fact, it does so only for %G and the display of signed merge > commits, in all other cases it checks the return code only. > > gpg is not supposed to be used like that. > > Since the callers of verify_signed_buffer do that craziness there is > some refactoring to be done. > > A false hotfix would be to set LANG=C when calling gpg from git, but > that wouldn't solve the real problem. Besides, we do want LANG dependent > output for the user. > > I'll have a closer look. > > BTW: Thanks for the clear report :) > > Michael What is really missing is an ability to display used key ID without hammering git log output with regexps, it would be much easier to validate incoming commits if there was format option to just display key ID instead of signer name. %GS isn't really good solution for that because it will show only one of email addresses used in the key and script checking signatures would have to always pick "right" one. -- Mariusz Gronczewski (XANi) GnuPG: 0xEA8ACE64 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BUG] Veryfing signatures in git log fails when language is not english
XANi venit, vidit, dixit 14.02.2013 01:18: > Hi, > > any functionality that depends on exact exit msg of program > can potentially fail because of that > ᛯ export |grep LANG > declare -x LANG="pl_PL.UTF-8" > > ᛯ ~/src/os/git/git log --format="%G? %h" |head -2 > 0d19377 > 5b9d7f8 > > ᛯ unset LANG > ᛯ ~/src/os/git/git log --format="%G? %h" |head -2 > G 0d19377 > G 5b9d7f8 > > tested against maint (d32805d) and master (5bf72ed) > > maybe git should set up some output-changing variables before calling > external programs? I think setting LC_ALL=C should be enougth. > There are really multiple problems here: 1. git calls gpg without setting LANG but expects output in LANG=C 2. git looks at the textual output from gpg to check the validity. 3. In fact, it does so only for %G and the display of signed merge commits, in all other cases it checks the return code only. gpg is not supposed to be used like that. Since the callers of verify_signed_buffer do that craziness there is some refactoring to be done. A false hotfix would be to set LANG=C when calling gpg from git, but that wouldn't solve the real problem. Besides, we do want LANG dependent output for the user. I'll have a closer look. BTW: Thanks for the clear report :) Michael -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[BUG] Veryfing signatures in git log fails when language is not english
Hi, any functionality that depends on exact exit msg of program can potentially fail because of that ᛯ export |grep LANG declare -x LANG="pl_PL.UTF-8" ᛯ ~/src/os/git/git log --format="%G? %h" |head -2 0d19377 5b9d7f8 ᛯ unset LANG ᛯ ~/src/os/git/git log --format="%G? %h" |head -2 G 0d19377 G 5b9d7f8 tested against maint (d32805d) and master (5bf72ed) maybe git should set up some output-changing variables before calling external programs? I think setting LC_ALL=C should be enougth. -- Mariusz Gronczewski (XANi) GnuPG: 0xEA8ACE64 signature.asc Description: PGP signature