diff --git a/RelNotes/2.51.0.adoc b/RelNotes/2.51.0.adoc index 33ae8f9b8..1a874e6b4 100644 --- a/RelNotes/2.51.0.adoc +++ b/RelNotes/2.51.0.adoc @@ -47,6 +47,12 @@ UI, Workflows & Features service names (like smtp) in addition to the numeric port numbers (like 25). + * Lift the limitation to use changed-path filter in "git log" so that + it can be used for a pathspec with multiple literal paths. + + * Clean up the way how signature on commit objects are exported to + and imported from fast-import stream. + Performance, Internal Implementation, Development Support etc. -------------------------------------------------------------- @@ -91,6 +97,12 @@ Performance, Internal Implementation, Development Support etc. * Flipping the default hash function to SHA-256 at Git 3.0 boundary is planned. + * Declare weather-balloon we raised for "bool" type 18 months ago a + success and officially allow using the type in our codebase. + + * GIT_TEST_INSTALLED was not honored in the recent topic related to + SHA256 hashes, which has been corrected. + Fixes since v2.50 ----------------- @@ -195,6 +207,24 @@ including security updates, are included in this release. expansion. (merge 7d275cd5c0 jb/gpg-program-variable-is-a-pathname later to maint). + * Our header file relied on that the system-supplied + header is not later included, which would override our + macro definitions, but "amazon linux" broke this assumption. Fix + this by preemptively including near the beginning of + ourselves. + (merge 9d3b33125f ps/sane-ctype-workaround later to maint). + + * Clean-up compat/bswap.h mess. + (merge f4ac32c03a ss/compat-bswap-revamp later to maint). + + * Meson-based build did not handle libexecdir setting correctly, + which has been corrected. + (merge 056dbe8612 rj/meson-libexecdir-fix later to maint). + + * Document that we do not require "real" name when signing your + patches off. + (merge 1f0fed312a bc/contribution-under-non-real-names later to maint). + * Other code cleanup, docfix, build fix, etc. (merge b257adb571 lo/my-first-ow-doc-update later to maint). (merge 8b34b6a220 ly/sequencer-update-squash-is-fixup-only later to maint). @@ -220,3 +250,4 @@ including security updates, are included in this release. (merge ad7780b38f ps/doc-pack-refs-auto-with-files-backend-fix later to maint). (merge f4fa8a3687 rh/doc-glob-pathspec-fix later to maint). (merge b27be108c8 ja/doc-git-log-markup later to maint). + (merge 14d7583beb pw/config-kvi-remove-path later to maint). diff --git a/SubmittingPatches.adoc b/SubmittingPatches.adoc index 958e3cc3d..86ca7f6a7 100644 --- a/SubmittingPatches.adoc +++ b/SubmittingPatches.adoc @@ -408,8 +408,15 @@ your patch differs from project to project, so it may be different from that of the project you are accustomed to. [[real-name]] -Also notice that a real name is used in the `Signed-off-by` trailer. Please -don't hide your real name. +Please use a known identity in the `Signed-off-by` trailer, since we cannot +accept anonymous contributions. It is common, but not required, to use some form +of your real name. We realize that some contributors are not comfortable doing +so or prefer to contribute under a pseudonym or preferred name and we can accept +your patch either way, as long as the name and email you use are distinctive, +identifying, and not misleading. + +The goal of this policy is to allow us to have sufficient information to contact +you if questions arise about your contribution. [[commit-trailers]] If you like, you can put extra trailers at the end: diff --git a/SubmittingPatches.html b/SubmittingPatches.html index 72712f353..75101d5e3 100644 --- a/SubmittingPatches.html +++ b/SubmittingPatches.html @@ -961,8 +961,16 @@

Certify your work by adding your Signed-off-by tr from that of the project you are accustomed to.

-

Also notice that a real name is used in the Signed-off-by trailer. Please -don’t hide your real name.

+

Please use a known identity in the Signed-off-by trailer, since we cannot +accept anonymous contributions. It is common, but not required, to use some form +of your real name. We realize that some contributors are not comfortable doing +so or prefer to contribute under a pseudonym or preferred name and we can accept +your patch either way, as long as the name and email you use are distinctive, +identifying, and not misleading.

+
+
+

The goal of this policy is to allow us to have sufficient information to contact +you if questions arise about your contribution.

If you like, you can put extra trailers at the end:

@@ -1584,7 +1592,7 @@

Gnus

diff --git a/git-fast-export.adoc b/git-fast-export.adoc index 43bbb4f63..297b57bb2 100644 --- a/git-fast-export.adoc +++ b/git-fast-export.adoc @@ -50,6 +50,23 @@ resulting tag will have an invalid signature. is the same as how earlier versions of this command without this option behaved. + +When exported, a signature starts with: ++ +gpgsig ++ +where is the Git object hash so either "sha1" or +"sha256", and is the signature type, so "openpgp", +"x509", "ssh" or "unknown". ++ +For example, an OpenPGP signature on a SHA-1 commit starts with +`gpgsig sha1 openpgp`, while an SSH signature on a SHA-256 commit +starts with `gpgsig sha256 ssh`. ++ +While all the signatures of a commit are exported, an importer may +choose to accept only some of them. For example +linkgit:git-fast-import[1] currently stores at most one signature per +Git hash algorithm in each commit. ++ NOTE: This is highly experimental and the format of the data stream may change in the future without compatibility guarantees. diff --git a/git-fast-export.html b/git-fast-export.html index 92527b724..5f36797da 100644 --- a/git-fast-export.html +++ b/git-fast-export.html @@ -506,6 +506,28 @@

OPTIONS

--signed-tags, but for commits. Default is strip, which is the same as how earlier versions of this command without this option behaved.

+
+

When exported, a signature starts with:

+
+
+

gpgsig <git-hash-algo> <signature-format>

+
+
+

where <git-hash-algo> is the Git object hash so either "sha1" or +"sha256", and <signature-format> is the signature type, so "openpgp", +"x509", "ssh" or "unknown".

+
+
+

For example, an OpenPGP signature on a SHA-1 commit starts with +gpgsig sha1 openpgp, while an SSH signature on a SHA-256 commit +starts with gpgsig sha256 ssh.

+
+
+

While all the signatures of a commit are exported, an importer may +choose to accept only some of them. For example +git-fast-import(1) currently stores at most one signature per +Git hash algorithm in each commit.

+
@@ -823,7 +845,7 @@

GIT

diff --git a/git-fast-import.adoc b/git-fast-import.adoc index 250d86665..d23278420 100644 --- a/git-fast-import.adoc +++ b/git-fast-import.adoc @@ -445,7 +445,7 @@ one). original-oid? ('author' (SP )? SP LT GT SP LF)? 'committer' (SP )? SP LT GT SP LF - ('gpgsig' SP LF data)? + ('gpgsig' SP SP LF data)? ('encoding' SP LF)? data ('from' SP LF)? @@ -518,13 +518,39 @@ their syntax. ^^^^^^^^ The optional `gpgsig` command is used to include a PGP/GPG signature -that signs the commit data. +or other cryptographic signature that signs the commit data. -Here specifies which hashing algorithm is used for this -signature, either `sha1` or `sha256`. +.... + 'gpgsig' SP SP LF data +.... + +The `gpgsig` command takes two arguments: + +* `` specifies which Git object format this signature + applies to, either `sha1` or `sha256`. This allows to know which + representation of the commit was signed (the SHA-1 or the SHA-256 + version) which helps with both signature verification and + interoperability between repos with different hash functions. + +* `` specifies the type of signature, such as + `openpgp`, `x509`, `ssh`, or `unknown`. This is a convenience for + tools that process the stream, so they don't have to parse the ASCII + armor to identify the signature type. + +A commit may have at most one signature for the SHA-1 object format +(stored in the "gpgsig" header) and one for the SHA-256 object format +(stored in the "gpgsig-sha256" header). + +See below for a detailed description of the `data` command which +contains the raw signature data. + +Signatures are not yet checked in the current implementation +though. (Already setting the `extensions.compatObjectFormat` +configuration option might help with verifying both SHA-1 and SHA-256 +object format signatures when it will be implemented.) -NOTE: This is highly experimental and the format of the data stream may -change in the future without compatibility guarantees. +NOTE: This is highly experimental and the format of the `gpgsig` +command may change in the future without compatibility guarantees. `encoding` ^^^^^^^^^^ diff --git a/git-fast-import.html b/git-fast-import.html index d2de5de07..a06e3d591 100644 --- a/git-fast-import.html +++ b/git-fast-import.html @@ -998,7 +998,7 @@

commit

original-oid? ('author' (SP <name>)? SP LT <email> GT SP <when> LF)? 'committer' (SP <name>)? SP LT <email> GT SP <when> LF - ('gpgsig' SP <alg> LF data)? + ('gpgsig' SP <algo> SP <format> LF data)? ('encoding' SP <encoding> LF)? data ('from' SP <commit-ish> LF)? @@ -1082,11 +1082,47 @@

committer

gpgsig

The optional gpgsig command is used to include a PGP/GPG signature -that signs the commit data.

+or other cryptographic signature that signs the commit data.

+
+
+
+
        'gpgsig' SP <git-hash-algo> SP <signature-format> LF data
+
+
+
+

The gpgsig command takes two arguments:

+
+
+
    +
  • +

    <git-hash-algo> specifies which Git object format this signature +applies to, either sha1 or sha256. This allows to know which +representation of the commit was signed (the SHA-1 or the SHA-256 +version) which helps with both signature verification and +interoperability between repos with different hash functions.

    +
    • +
  • +

    <signature-format> specifies the type of signature, such as +openpgp, x509, ssh, or unknown. This is a convenience for +tools that process the stream, so they don’t have to parse the ASCII +armor to identify the signature type.

    +
    • +
+
+
+

A commit may have at most one signature for the SHA-1 object format +(stored in the "gpgsig" header) and one for the SHA-256 object format +(stored in the "gpgsig-sha256" header).

+
+
+

See below for a detailed description of the data command which +contains the raw signature data.

-

Here <alg> specifies which hashing algorithm is used for this -signature, either sha1 or sha256.

+

Signatures are not yet checked in the current implementation +though. (Already setting the extensions.compatObjectFormat +configuration option might help with verifying both SHA-1 and SHA-256 +object format signatures when it will be implemented.)

@@ -1095,8 +1131,8 @@

gpgsig

Note
-This is highly experimental and the format of the data stream may -change in the future without compatibility guarantees. +This is highly experimental and the format of the gpgsig +command may change in the future without compatibility guarantees.
@@ -2572,7 +2608,7 @@

GIT