Re: Request: Extra case for %G? format

[Alex]

Michael J Gruber  writes:

>> Then currently %G? results in `N', the same as an unsigned commit.
>> 
>> In this case, could %G? please result in a new character? Perhaps `M'
>> for "missing public key"?
>
> Yes, and no.
>
> Really, there are many different reasons why a signature couldn't be
> checked, but gpg itself has these status results:
>
> "For each signature only one of the three codes GOODSIG, BADSIG or
> ERRSIG will be emitted" (doc/DETAILS in gpg's source).

I see. It seems in GPG2 that got expanded to:

"For each signature only one of the codes GOODSIG, BADSIG, EXPSIG,
EXPKEYSIG, REVKEYSIG or ERRSIG will be emitted."

I don't suppose it's worthwhile to support the others? I'm not sure how
important the rest are.

> ERRSIG comes with additional info (RC) that could be parsed for the reason.
>
> Also, in addition to that line, there can be other lines with additional
> information. So there is a lot that could potentially be shown (and *is*
> shown with %GG). In the GOODSIG case, we parse the TRUST info to take
> the trust model into account (and return U for untrusted good).
>
> I wouldn't mind adding E to %G? in the ERRSIG case, even though one has
> to look at %GG in any case (N or E) if one wants to have more details.

That would be great. As long as %G? can tell between a signed but
uncheckable commit and an unsigned commit, then it's good for me.

>
> Cheers,
> Michael

Thanks,
Alex

Re: Request: Extra case for %G? format

[Michael J Gruber]

Alex venit, vidit, dixit 25.09.2016 08:05:
> Hello all,
> 
> Could the %G? format differentiate between an unsigned commit and a
> signed commit that you're missing a public key for?
> 
> If `git show --format=%GG --no-patch ' produces an output like
> the following:
> 
> gpg: Signature made  using RSA key ID 
> gpg: Can't check signature: public key not found

That is the "raw verification message from GPG for a signed commit" as
per git-log(1).

> Then currently %G? results in `N', the same as an unsigned commit.
> 
> In this case, could %G? please result in a new character? Perhaps `M'
> for "missing public key"?

Yes, and no.

Really, there are many different reasons why a signature couldn't be
checked, but gpg itself has these status results:

"For each signature only one of the three codes GOODSIG, BADSIG or
ERRSIG will be emitted" (doc/DETAILS in gpg's source).

ERRSIG comes with additional info (RC) that could be parsed for the reason.

Also, in addition to that line, there can be other lines with additional
information. So there is a lot that could potentially be shown (and *is*
shown with %GG). In the GOODSIG case, we parse the TRUST info to take
the trust model into account (and return U for untrusted good).

I wouldn't mind adding E to %G? in the ERRSIG case, even though one has
to look at %GG in any case (N or E) if one wants to have more details.

Cheers,
Michael