Re: [PATCH 1/1] verify-tag/verify-commit should exit unsuccessfully when signature is not trusted

> > disable fetching keys from hkp servers. This way signature verification > > should fail. > > > > Thanks, > > -Santiago. > > This is not a deviation. GPG correctly recognizes difference between trusted, > untrusted and unknown levels. git on the ot

Re: [PATCH 1/1] verify-tag/verify-commit should exit unsuccessfully when signature is not trusted

generally difficult for this reason, but using the raw output should be enough to discard signatures with untrusted keys. Another alternative is to use a keyring with trusted keys *only* and disable fetching keys from hkp servers. This way signature verification should fail. Thanks, -Santiago. >

Re: does a new repo actually *need* default template content?

em under /usr/share/git/samples/hooks/ or something along those lines). > I also wish hooks were just shell snippets in the config files that > could follow the usual config-precedence rules. I like this idea, but I'd probably keep the snippets in a separate file to keep things clean. Thanks, -Santiago. signature.asc Description: PGP signature

Re: GIT 2.3.1 - Code Execution Vulnerability

version are the ones (possibly) packaging 2.3.1. I'd email or open a ticket with Oracle after making sure they 1) haven't backported patches to fix these, or 2) don't have a newer version in their repositories. Cheers! -Santiago. [1] https://security.archlinux.org/CVE-2017-1000117 [2] https

Re: upstreaming https://github.com/cgwalters/git-evtag ?

personally think that at least the sample hook work on here would be a good candidate for this[1], although I don't know what's the status of it. The way they are right now, they should at least warn when push certificates are not enabled on the server side (i.e., there is no hook to handle it).

Re: upstreaming https://github.com/cgwalters/git-evtag ?

eting" solution a couple of years ago[1] but, in my personal opinion, I think push certificates can achieve the same security guarantees as my system with very little changes. Cheers! -Santiago. [1] https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/torres-arias signature.asc Description: PGP signature

Re: upstreaming https://github.com/cgwalters/git-evtag ?

already. Thanks, -Santiago. signature.asc Description: PGP signature

Re: upstreaming https://github.com/cgwalters/git-evtag ?

structure with relevant git reference information as a git object to avoid a server/mitm from moving references around. Cheers! -Santiago. [1] https://public-inbox.org/git/1408485987-3590-1-git-send-email-gits...@pobox.com/ [2] https://public-inbox.org/git/20171202091248.6037-1-r...@shikherverma.com

Re: upstreaming https://github.com/cgwalters/git-evtag ?

embedded in it. I wonder if, with the current tooling in git, this could be done as a custom command... Cheers! -Santiago. On Mon, Jan 08, 2018 at 03:12:00PM -0500, Colin Walters wrote: > Hi, so quite a while ago I wrote this: > https://github.com/cgwalters/git-evtag > > Since I last

Re: git status always modifies index?

Ah, my bad. I missed this patch... Good luck! -Santiago. signature.asc Description: PGP signature

Re: git status always modifies index?

ases. I think it's because of the reasons above. That being said, I don't know what the rest of the community would think of something akin to a --no-update-index type flag. Cheers! -Santiago. signature.asc Description: PGP signature

Re: git status always modifies index?

, -Santiago signature.asc Description: PGP signature

Re: [PATCH] t/lib-gpg: fix gpgconf stderr redirect to /dev/null

ly not litter the stdout with ENOENT-like error messages though... Thanks again for catching this! -Santiago. signature.asc Description: PGP signature

Re: [PATCH] t/lib-gpg: fix gpgconf stderr redirect to /dev/null

Quick followup. The version that triggers this is at least 2.1.21[1]. I recall there was some wiggle room on minor versions before it. Thanks! -Santiago. [1] https://dev.gnupg.org/T3218 On Mon, Nov 13, 2017 at 06:02:02PM -0500, Santiago Torres wrote: > > > Were the ENOENT e

Re: [PATCH] t/lib-gpg: fix gpgconf stderr redirect to /dev/null

l to gpgconf. If that worked > across the various gnupg 2.x releases, it would be a simple enough change to > make as a follow-up. Let me dig up the exact versions. IIRC it was somewhere between 2.1.0 and 2.2.x or so. I think somewhere within the patch re-rolls I had the exact versions.

Re: [PATCH] t/lib-gpg: fix gpgconf stderr redirect to /dev/null

mon only). Thanks again! -Santiago. signature.asc Description: PGP signature

Re: Unable to use --patch with git add

It'd be helpful to know: - What did you do? - What did you expect to happen? - What happened instead? I suspect you are using --patch with a new file, so you probably need to first add it with -N or so. This is just a shot in the dark though... Thanks, -Santiago. On Wed, Oct 11, 2017 at 11:16

Re: git ls-tree -d doesn't work if the specified path is the repository root?

e these four behaviors: [santiago@LykOS bg_daemon]$ git ls-tree -d HEAD -- src 04 tree 238a62ca62527423fd3190d00917ddfef0d254a3src [santiago@LykOS bg_daemon]$ git ls-tree -d HEAD -- src/ 04 tree 767beaaf0927f89e630c52830b6fbac138ec039asrc/bg_daemon [santiago@LykOS bg_daemon]$

Re: [RFC PATCH 0/2] Add named reference to latest push cert

handle/tool/sync around the push certificate solution? Thanks, -Santiago. [1] https://public-inbox.org/git/CAJo=hJvWbjEM9E5AjPHgmQ=eY8xf=Q=xtukeu2ur7auuqea...@mail.gmail.com/ signature.asc Description: PGP signature

Re: signing commits using gpg2

feels like an issue with the interface to the key itself. Can you start a non-detached agent with --verbose to see exactly where it blows up? We probably want to continue this offlist as this seems more of a gpg issue rather than git. We can always come back if we figure out this is something git related :) Cheers! -Santiago. signature.asc Description: PGP signature

Re: t5551 hangs ?

e. > t5551 seems to be flaky - from time to time. > It seems that I have it reproducable unstable, so if someone has more > ideas, please. I'm still unable to reproduce. Do you think you can enable GIT_TRACE, GIT_TRACE_PACK and GIT_TRACE_CURL and pastebin/paste what you see? Cheers! -Santiago. signature.asc Description: PGP signature

Re: t5551 hangs ?

f you kill the apache processes? I can't reproduce on my side, but let me see if I can dig a little into it. Cheers! -Santiago. signature.asc Description: PGP signature

[PATCH v2] t: lib-gpg: flush gpg agent on startup

From: Santiago Torres <santi...@nyu.edu> When running gpg-relevant tests, a gpg-daemon is spawned for each GNUPGHOME used. This daemon may stay running after the test and cache file descriptors for the trash directories, even after the trash directory is removed. This leads to ENOENT error

Re: [PATCH] t: lib-gpg: flush gpg agent on startup

> With that "run it but ignore the outcome even if we failed to.", we > do not have to worry about any of that ;-) Oh right! thanks for the suggestion! Let me re-roll... Thanks, -Santiago. signature.asc Description: PGP signature

Re: [PATCH] t: lib-gpg: flush gpg agent on startup

opefully gpgconf goes nowhere by then). I was able to test this on debian oldstable/stable and arch. Cheers! -Santiago. [1] https://public-inbox.org/git/xmqqvampmnmv@gitster.mtv.corp.google.com/ On Thu, Jul 20, 2017 at 12:58:14PM -0400, santi...@nyu.edu wrote: > From: Santiago To

[PATCH] t: lib-gpg: flush gpg agent on startup

From: Santiago Torres <santi...@nyu.edu> When running gpg-relevant tests, a gpg-daemon is spawned for each GNUPGHOME used. This daemon may stay running after the test and cache file descriptors for the trash directories, even after the trash directory is removed. This leads to ENOENT error

Re: What's cooking in git.git (Jul 2017, #04; Thu, 13)

Stretch/Arch, who do ship gpg2 with gpgconf. It seems Debian oldstable and other variants still ship gpg1, which doesn't have it. Would it make sense to have a fallthrough branch on the switch statement for gpg2.1 instead? something like the attached patch. Thanks, -Santiago. From 07ab87c1ddb31197a3a5

Re: What's cooking in git.git (Jul 2017, #04; Thu, 13)

d > documented. I double checked the patch/solutions/causes just to be sure I'm not doing anything crazy. Here's a v2 of the patch that kills the agent upon cleanup rather than startup. Thanks! -Santiago. From 20491890b804d13f9edb0205c1cc21d080beffe2 Mon Sep 17 00:00:00 2001 From: Santiago

Re: What's cooking in git.git (Jul 2017, #04; Thu, 13)

leave an agent instance per test running, possibly forever. E.g., make test would result in the following: santiago at ~ ✔ pgrep -a gpg-agent 632 gpg-agent --homedir /git/t/trash directory.t6050-replace/gpghome --use-standard-socket --daemon 1192 /usr/bin/gpg-agent --supervised

Re: What's cooking in git.git (Jul 2017, #04; Thu, 13)

AUTH_SOCK etc. into the list of > envirionment variables to nuke there? > > Combined with the unknown-ness of the root cause of the issue, I can > only say that the patch may be raising an issue worth addressing, > but it is too sketchy to tell if it is a right solution or what the > exact problem being solved is. I'll dig into this. This sounds a way more reasonable approach. Thanks for the feedback! -Santiago. signature.asc Description: PGP signature

Re: What's cooking in git.git (Jul 2017, #04; Thu, 13)

ent lately. I checked the latest iterations of "what's cooking" to see if it was going to be discarded or so, but I see no mention of it. Thanks! -Santiago [1] https://public-inbox.org/git/20170707220729.a3xrsju3rf4guyzs@LykOS.localdomain/T/#t signature.asc Description: PGP signature

Re: [RFC PATCH] t: lib-gpg: flush agent sockets on startup

Hello all, I don't know if this is a desired feature, but I noticed that, one some versions of gpg, gpg tests are skipped when I run a test suite multiple times. Cheers! -Santiago. On Fri, Jul 07, 2017 at 06:01:59PM -0400, santi...@nyu.edu wrote: > From: Santiago Torres <santi...@n

[RFC PATCH] t: lib-gpg: flush agent sockets on startup

From: Santiago Torres <santi...@nyu.edu> When running gpg-relevant tests, a gpg-daemon is ran for a trash_directory-specific GNUPGHOME. This daemon creates a unix socket on the target host, and it will be used on subsequent runs of the same test script. Add a call to kill the agent and

Re: [PATCH 3/3] t7004, t7030: fix here-doc syntax errors

On Thu, Mar 23, 2017 at 03:00:08PM -0700, Junio C Hamano wrote: > Santiago Torres <santi...@nyu.edu> writes: > OK, so has everybody agreed what the next step would be? I believe it is, although I imagine getting a confirmation from Peff would be adequate. > Is the patch bel

Re: [PATCH 3/3] t7004, t7030: fix here-doc syntax errors

used". Which would be backwards-compatible and safe for old formats, > and work correctly for new ones. This sounds like a helpful addition to implement. We could update/add tests for compliance on this once the feature is addded and fix the ambiguous behavior in the tests now. Thanks, -Santi

Re: [PATCH 3/3] t7004, t7030: fix here-doc syntax errors

havior, the bogus ones are quietly omitted. Which can also be > confusing, but I'd think would generally err on the side of caution. In that case, something like this would be closer to the desired behavior? I'm also unsure on what would be the right thing to put on the commit message. -Santiago. ---

Re: [PATCH 3/3] t7004, t7030: fix here-doc syntax errors

; >>--format specifier tests", 2017-01-17) > >> > >> t/t7004-tag.sh| 8 > >> t/t7030-verify-tag.sh | 8 > >> 2 files changed, 8 insertions(+), 8 deletions(-) > > > > Like 2/3, this one also produces test failures

Re: [PATCH 3/3] t7004, t7030: fix here-doc syntax errors

Like 2/3, this one also produces test failures for me. It looks like > "verify-tag" does not show a tag which has been forged. I'm not sure if > that's intentional (and the test is wrong) or a bug. I see that offending code would be [1]. Changing this behavior should be trivial (d

Re: SHA1 collisions found

together. I think Arstechnica may be a little bit sensationalistic here. Cheers! -Santiago. [1] https://bugs.webkit.org/show_bug.cgi?id=168774#c27 signature.asc Description: PGP signature

SHAttered (the first practical SHA1 attack)

Hello all, I ran into this website presenting the "first practical attack on sha1"[1]. I don't recall seeing this on the ML, so I'm sharing this just in case. I know there are proposals to move out of sha1 already. I wonder if this affects the timeline for their adoption? Thanks, -San

Re: idea: light-weight pull requests

this could be implemented by tools like this rather easily (e.g., using symlinks + inotify or something less hacky). I'm wondering if standardizing this would be more interesting to those communities? I would like to see what becomes of this. Cheers! -Santiago. On Tue, Feb 07, 2017 at 08:32:17AM

Re: git clone problem

--recursive https://github.com/... $ ls Thanks, -Santiago On Wed, Jan 25, 2017 at 05:58:58PM +0100, Jordi Durban wrote: > Hi all! Not sure if that will reach the goal, but let's it a try. > > I have a problem with the git clone command: when I try to clone a remote > repository with

Re: [PATCH v6 4/6] builtin/tag: add --format argument for tag -v

On Wed, Jan 18, 2017 at 10:44:03AM -0800, Junio C Hamano wrote: > Santiago Torres <santi...@nyu.edu> writes: > Was: Thanks! Would you want me to re-roll really quick? or would you rather apply this on your side? Thanks, -Santiago. > > Eric, I've noticed that this mess

Re: [PATCH v6 4/6] builtin/tag: add --format argument for tag -v

llowing into this commit solves this issue with the > former approach. The lines it touches are all from 4/6 and I view > all of it as general improvement, including type correctness and > code formatting. Thanks! Should I re-roll this really quick? Or would you rather apply this on your tree directly? -Santiago. signature.asc Description: PGP signature

[PATCH v6 2/6] ref-filter: add function to print single ref_array_item

From: Lukas Puehringer ref-filter functions are useful for printing git object information using a format specifier. However, some other modules may not want to use this functionality on a ref-array but only print a single item. Expose a pretty_print_ref function to

[PATCH v6 6/6] t/t7004-tag: Add --format specifier tests

From: Santiago Torres <santi...@nyu.edu> tag -v now supports --format specifiers to inspect the contents of a tag upon verification. Add two tests to ensure this behavior is respected in future changes. Signed-off-by: Santiago Torres <santi...@nyu.edu> --- t/t7004

[PATCH v6 4/6] builtin/tag: add --format argument for tag -v

From: Lukas Puehringer Adding --format to git tag -v mutes the default output of the GPG verification and instead prints the formatted tag object. This allows callers to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG

[PATCH v6 3/6] builtin/verify-tag: add --format to verify-tag

From: Santiago Torres <santi...@nyu.edu> Callers of verify-tag may want to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG verification. This is to avoid tag refs that point to an incorrect object. Add a --format parameter to git verify-tag to

[PATCH v6 1/6] gpg-interface,tag: add GPG_VERIFY_OMIT_STATUS flag

From: Lukas Puehringer Functions that print git object information may require that the gpg-interface functions be silent. Add GPG_VERIFY_OMIT_STATUS flag and prevent print_signature_buffer from being called if flag is set. Signed-off-by: Lukas Puehringer

[PATCH v6 5/6] t/t7030-verify-tag: Add --format specifier tests

From: Santiago Torres <santi...@nyu.edu> Verify-tag now provides --format specifiers to inspect and ensure the contents of the tag are proper. We add two tests to ensure this functionality works as expected: the return value should indicate if verification passed, and the format specifier

[PATCH v6 0/6] Add --format to tag verification

From: Santiago Torres <santi...@nyu.edu> This is the sixth iteration of [1][2][3][4][5], and as a result of the discussion in [5]. The main goal of this patch series is to bring --format to git tag verification so that upper-layer tools can inspect the content of a tag and make decisions

Re: [PATCH v5 5/7] builtin/tag: add --format argument for tag -v

> VERBOSE|QUIET _does_ have a meaning, which is "show the payload, but do > not print the signature buffer". Perhaps just renaming QUIET to > OMIT_STATUS or something would make it more clear. > Let me give this a go too. OMIT_STATUS does sound less confusing. Thank

Re: [PATCH v5 3/7] tag: add format specifier to gpg_verify_tag

Yeah, this actually looks more cleaner. Let me give it a go. Thanks! -Santiago. On Tue, Jan 17, 2017 at 12:30:04PM -0500, Jeff King wrote: > On Tue, Jan 17, 2017 at 12:25:31PM -0500, Jeff King wrote: > > > Actually, looking at the callsites, I think they are fine

Re: [PATCH v5 5/7] builtin/tag: add --format argument for tag -v

GPG_VERIFY_VERBOSE will be unset when GPG_VERIFY_QUIET). I would have to re-read the patch to make sure this is the case then. GPG_VERIFY_QUIET was added to suppress any VERBOSE|RAW flags, we could defeault to QUIET if flags are not set. What do you think? Thanks! -Santiago signature.asc Description: PGP signature

Re: [PATCH v5 3/7] tag: add format specifier to gpg_verify_tag

gpg_verification() I'm afraid that adding yet another wrapper would further convolute the call chain. If you think this is not an issue, I could easily do it. Do you have any suggested name for the wrapper? Thanks! -Santiago signature.asc Description: PGP signature

[PATCH v5 3/7] tag: add format specifier to gpg_verify_tag

From: Lukas Puehringer Calling functions for gpg_verify_tag() may desire to print relevant information about the header for further verification. Add an optional format argument to print any desired information after GPG verification. Signed-off-by: Lukas Puehringer

[PATCH v5 4/7] builtin/verify-tag: add --format to verify-tag

From: Santiago Torres <santi...@nyu.edu> Callers of verify-tag may want to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG verification. This is to avoid tag refs that point to an incorrect object. Add a --format parameter to git verify-tag to

[PATCH v5 0/7] Add --format to tag verification

From: Santiago Torres <santi...@nyu.edu> This is the fifth iteration of [1][2][3][4], and as a result of the discussion in [5]. The main goal of this patch series is to bring --format to git tag verification so that upper-layer tools can inspect the content of a tag and make decisions

[PATCH v5 1/7] gpg-interface, tag: add GPG_VERIFY_QUIET flag

From: Lukas Puehringer Functions that print git object information may require that the gpg-interface functions be silent. Add GPG_VERIFY_QUIET flag and prevent print_signature_buffer from being called if flag is set. Signed-off-by: Lukas Puehringer

[PATCH v5 6/7] t/t7030-verify-tag: Add --format specifier tests

From: Santiago Torres <santi...@nyu.edu> Verify-tag now provides --format specifiers to inspect and ensure the contents of the tag are proper. We add two tests to ensure this functionality works as expected: the return value should indicate if verification passed, and the format specifier

[PATCH v5 7/7] t/t7004-tag: Add --format specifier tests

From: Santiago Torres <santi...@nyu.edu> tag -v now supports --format specifiers to inspect the contents of a tag upon verification. Add two tests to ensure this behavior is respected in future changes. Signed-off-by: Santiago Torres <santi...@nyu.edu> --- t/t7004

[PATCH v5 2/7] ref-filter: add function to print single ref_array_item

From: Lukas Puehringer ref-filter functions are useful for printing git object information using a format specifier. However, some other modules may not want to use this functionality on a ref-array but only print a single item. Expose a pretty_print_ref function to

[PATCH v5 5/7] builtin/tag: add --format argument for tag -v

From: Lukas Puehringer Adding --format to git tag -v mutes the default output of the GPG verification and instead prints the formatted tag object. This allows callers to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG

Re: [PATCH 2/2] tag: send fully qualified refnames to verify_tag_and_format

On Wed, Oct 19, 2016 at 04:39:44PM -0400, Jeff King wrote: > The ref-filter code generally expects to see fully qualified > refs, so that things like "%(refname)" and "%(refname:short)" > work as expected. We can do so easily from git-tag, which > always works with refnames in the refs/tags

Re: [PATCH v4 2/7] ref-filter: add function to print single ref_array_item

can use > "%(refname:short)" if you want the shorter part). Hmm, I hadn't actually noticed that. Do you have any suggestions in how to address this? In general this feels like a consequence of disambiguating .git/tags/* within builtin/tag.c rather than letting ref-filter figure it out. Thanks, -Santiago. signature.asc Description: PGP signature

Re: What's cooking in git.git (Oct 2016, #03; Tue, 11)

t; Is this ready for 'next'? Hi, I saw this on the previous "what's cooking." Is there anything I need to do on my side to make sure this is ready for next? Thanks! -Santiago. signature.asc Description: PGP signature

Re: [PATCH v4 0/7] Add --format to tag verification

Hi, I noticed there were no replies for this thread. I was curious if it got buried because I sent it on the Friday evening before a long weekend. I don't mean to pressure or anything. Thanks! -Santiago. On Fri, Oct 07, 2016 at 05:07:14PM -0400, santi...@nyu.edu wrote: > From: Santiago Tor

[PATCH v4 5/7] builtin/tag: add --format argument for tag -v

From: Lukas Puehringer Adding --format to git tag -v mutes the default output of the GPG verification and instead prints the formatted tag object. This allows callers to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG

[PATCH v4 7/7] t/t7004-tag: Add --format specifier tests

From: Santiago Torres <santi...@nyu.edu> tag -v now supports --format specifiers to inspect the contents of a tag upon verification. Add two tests to ensure this behavior is respected in future changes. Signed-off-by: Santiago Torres <santi...@nyu.edu> --- t/t7004

[PATCH v4 6/7] t/t7030-verify-tag: Add --format specifier tests

From: Santiago Torres <santi...@nyu.edu> Verify-tag now provides --format specifiers to inspect and ensure the contents of the tag are proper. We add two tests to ensure this functionality works as expected: the return value should indicate if verification passed, and the format specifier

[PATCH v4 0/7] Add --format to tag verification

From: Santiago Torres <santi...@nyu.edu> This is the fourth iteration of the series in [1][2][3], which comes as a result of the discussion in [4]. The main goal of this patch series is to bring --format to git tag verification so that upper-layer tools can inspect the content of a tag an

[PATCH v4 1/7] gpg-interface, tag: add GPG_VERIFY_QUIET flag

From: Lukas Puehringer Functions that print git object information may require that the gpg-interface functions be silent. Add GPG_VERIFY_QUIET flag and prevent print_signature_buffer from being called if flag is set. Signed-off-by: Lukas Puehringer

[PATCH v4 2/7] ref-filter: add function to print single ref_array_item

From: Lukas Puehringer ref-filter functions are useful for printing git object information using a format specifier. However, some other modules may not want to use this functionality on a ref-array but only print a single item. Expose a pretty_print_ref function to

[PATCH v4 3/7] tag: add format specifier to gpg_verify_tag

From: Lukas Puehringer Calling functions for gpg_verify_tag() may desire to print relevant information about the header for further verification. Add an optional format argument to print any desired information after GPG verification. Signed-off-by: Lukas Puehringer

[PATCH v4 4/7] builtin/verify-tag: add --format to verify-tag

From: Santiago Torres <santi...@nyu.edu> Callers of verify-tag may want to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG verification. This is to avoid tag refs that point to an incorrect object. Add a --format parameter to git verify-tag to

Re: [PATCH v3 0/5] Add --format to tag verification

attention to? (I'm looking at t7004 mostly right now). Thanks! -Santiago. signature.asc Description: PGP signature

[PATCH v3 3/5] tag: add format specifier to gpg_verify_tag

From: Lukas P Calling functions for gpg_verify_tag() may desire to print relevant information about the header for further verification. Add an optional format argument to print any desired information after GPG verification. Signed-off-by: Lukas Puehringer

[PATCH v3 5/5] builtin/tag: add --format argument for tag -v

From: Lukas Puehringer Adding --format to git tag -v mutes the default output of the GPG verification and instead prints the formatted tag object. This allows callers to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG

[PATCH v3 2/5] ref-filter: add function to print single ref_array_item

From: Lukas Puehringer ref-filter functions are useful for printing git object information using a format specifier. However, some other modules may not want to use this functionality on a ref-array but only print a single item. Expose a format_ref function to create,

[PATCH v3 4/5] builtin/verify-tag: add --format to verify-tag

From: Santiago Torres <santi...@nyu.edu> Callers of verify-tag may want to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG verification. This is to avoid tag refs that point to an incorrect object. Add a --format parameter to git verify-tag to

[PATCH v3 0/5] Add --format to tag verification

From: Santiago Torres <santi...@nyu.edu> This is the third iteration of [1][2], and as a result of the discussion in [3]. In this re-roll we: * Fixed all the signed-off-by's [0002] * Renamed the function format_ref to pretty_print_ref instead, which is a more descriptive name

[PATCH v3 1/5] gpg-interface, tag: add GPG_VERIFY_QUIET flag

From: Lukas Puehringer Functions that print git object information may require that the gpg-interface functions be silent. Add GPG_VERIFY_QUIET flag and prevent print_signature_buffer from being called if flag is set. Signed-off-by: Lukas Puehringer

Re: [PATCH v2 4/5] builtin/verify-tag: add --format to verify-tag

I'll work on this while I wait for more reviews. Thanks! -Santiago. signature.asc Description: PGP signature

[PATCH v2 5/5] builtin/tag: add --format argument for tag -v

From: Lukas P Adding --format to git tag -v mutes the default output of the GPG verification and instead prints the formatted tag object. This allows callers to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG verification.

[PATCH v2 4/5] builtin/verify-tag: add --format to verify-tag

From: Santiago Torres <santi...@nyu.edu> Callers of verify-tag may want to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG verification. This is to avoid tag refs that point to an incorrect object. Add a --format parameter to git verify-tag to

[PATCH v2 0/5] Add --format to tag verification

From: Santiago Torres <santi...@nyu.edu> This is the second iteration of [1], and as a result of the discussion in [2]. In this re-roll we: * Dropped the commit to move the format string parameter to a global variable on builtin/tag. We had to change the signature of for_each_name_fn

[PATCH v2 3/5] tag: add format specifier to gpg_verify_tag

From: Lukas P Calling functions for gpg_verify_tag() may desire to print relevant information about the header for further verification. Add an optional format argument to print any desired information after GPG verification. Signed-off-by: Lukas P

[PATCH v2 1/5] gpg-interface, tag: add GPG_VERIFY_QUIET flag

From: Lukas P Functions that print git object information may require that the gpg-interface functions be silent. Add GPG_VERIFY_QUIET flag and prevent print_signature_buffer from being called if flag is set. Signed-off-by: Lukas P ---

[PATCH v2 2/5] ref-filter: add function to print single ref_array_item

From: Lukas P ref-filter functions are useful for printing git object information using a format specifier. However, some other modules may not want to use this functionality on a ref-array but only print a single item. Expose a format_ref function to create, pretty

Re: [PATCH 4/6] tag: add format specifier to gpg_verify_tag

/6, but if this is the only user of the 3/6, > it would be much better to have a single function to format a ref > exported from ref-filter.[ch] so that this one can say > > if (fmt_pretty) > format_ref(name_to_report, sha1, FILTER_REFS_TAGS); > > or something like that, instead of doing three that will always be > used together in quick succession in the above pattern. Oh, this sounds like a better alternative. This would be instead of 0003 right? Thanks, -Santiago. signature.asc Description: PGP signature

Re: [PATCH 5/6] builtin/verify-tag: Add --format to verify-tag

On Thu, Sep 22, 2016 at 02:16:21PM -0700, Junio C Hamano wrote: > santi...@nyu.edu writes: > > > From: Santiago Torres <santi...@nyu.edu> > > > > Callers of verify-tag may want to cross-check the tagname from refs/tags > > with the tagname from the tag

Re: [PATCH 6/6] builtin/tag: add --format argument for tag -v

take this other road then. > > ... > > There are minor implementation and design issues I spotted, but > overall I think the feature the series attempts to add may be a good > thing to have. > Thanks for the review! I'll re-roll shortly. -Santiago. > Thanks. signature.asc Description: PGP signature

[PATCH 5/6] builtin/verify-tag: Add --format to verify-tag

From: Santiago Torres <santi...@nyu.edu> Callers of verify-tag may want to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG verification. This is to avoid tag refs that point to an incorrect object. Add a --format parameter to git verify-tag to

[PATCH 2/6] gpg-interface: add GPG_VERIFY_QUIET flag

From: Lukas P Functions that print git object information may require that the gpg-interface functions be silent. Add a GPG_VERIFY_QUIET to prevent functions such as `print_signature_buffer` from printing any output and only return whether signature verification passed

[PATCH 1/6] builtin/tag: move format specifier to global var

From: Santiago Torres <santi...@nyu.edu> The format specifier will be likely used in other functions throughout git tag. One likely candidate to require format strings in the future is the gpg_verify_tag function. However, changing the signature of functions such as for_each_ref or veri

[PATCH 4/6] tag: add format specifier to gpg_verify_tag

From: Lukas P Calling functions for gpg_verify_tag() may desire to print relevant information about the header for further verification. Add an optional format argument to print any desired information after GPG verification. Signed-off-by: Lukas Puehringer

[PATCH 6/6] builtin/tag: add --format argument for tag -v

From: Lukas P Adding --format to git tag -v mutes the default output of the GPG verification and instead prints the formatted tag object. This allows callers to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG verification.

[PATCH 3/6] ref-filter: Expose wrappers for ref_item functions

From: Lukas P Ref-filter functions are useful for printing git object information without a format specifier. However, some functions may not want to use a complete ref-array, and just a single item instead. Expose create/show/free functions for ref_array_items through

[RFC/PATCH 0/6] Add --format to tag verification

From: Santiago Torres <santi...@nyu.edu> Hello everyone, This is a followup on [1]. There we discussed what would be the best way to provide automated scripts with mechanisms to inspect the contents of a tag upon verification. We struggled a little bit with how to make this fit the curre

Re: Bug

(was it GitHub? local? self-hosted?) 2) What did you do? (git push origin master? git push?) 3) What happened instead of working? (the error message would be helpful. Hope this helps. Cheers! -Santiago. On Tue, Sep 13, 2016 at 01:18:52PM -0400, Mike Hawes wrote: > To whom this may concern, > >

  1   2   >