Re: Request: Extra case for %G? format
Michael J Gruber writes: >> Then currently %G? results in `N', the same as an unsigned commit. >> >> In this case, could %G? please result in a new character? Perhaps `M' >> for "missing public key"? > > Yes, and no. > > Really, there are many different reasons why a signature couldn't be > checked, but gpg itself has these status results: > > "For each signature only one of the three codes GOODSIG, BADSIG or > ERRSIG will be emitted" (doc/DETAILS in gpg's source). I see. It seems in GPG2 that got expanded to: "For each signature only one of the codes GOODSIG, BADSIG, EXPSIG, EXPKEYSIG, REVKEYSIG or ERRSIG will be emitted." I don't suppose it's worthwhile to support the others? I'm not sure how important the rest are. > ERRSIG comes with additional info (RC) that could be parsed for the reason. > > Also, in addition to that line, there can be other lines with additional > information. So there is a lot that could potentially be shown (and *is* > shown with %GG). In the GOODSIG case, we parse the TRUST info to take > the trust model into account (and return U for untrusted good). > > I wouldn't mind adding E to %G? in the ERRSIG case, even though one has > to look at %GG in any case (N or E) if one wants to have more details. That would be great. As long as %G? can tell between a signed but uncheckable commit and an unsigned commit, then it's good for me. > > Cheers, > Michael Thanks, Alex
Re: Request: Extra case for %G? format
Alex venit, vidit, dixit 25.09.2016 08:05: > Hello all, > > Could the %G? format differentiate between an unsigned commit and a > signed commit that you're missing a public key for? > > If `git show --format=%GG --no-patch ' produces an output like > the following: > > gpg: Signature made using RSA key ID > gpg: Can't check signature: public key not found That is the "raw verification message from GPG for a signed commit" as per git-log(1). > Then currently %G? results in `N', the same as an unsigned commit. > > In this case, could %G? please result in a new character? Perhaps `M' > for "missing public key"? Yes, and no. Really, there are many different reasons why a signature couldn't be checked, but gpg itself has these status results: "For each signature only one of the three codes GOODSIG, BADSIG or ERRSIG will be emitted" (doc/DETAILS in gpg's source). ERRSIG comes with additional info (RC) that could be parsed for the reason. Also, in addition to that line, there can be other lines with additional information. So there is a lot that could potentially be shown (and *is* shown with %GG). In the GOODSIG case, we parse the TRUST info to take the trust model into account (and return U for untrusted good). I wouldn't mind adding E to %G? in the ERRSIG case, even though one has to look at %GG in any case (N or E) if one wants to have more details. Cheers, Michael
Request: Extra case for %G? format
Hello all, Could the %G? format differentiate between an unsigned commit and a signed commit that you're missing a public key for? If `git show --format=%GG --no-patch ' produces an output like the following: gpg: Signature made using RSA key ID gpg: Can't check signature: public key not found Then currently %G? results in `N', the same as an unsigned commit. In this case, could %G? please result in a new character? Perhaps `M' for "missing public key"?