subtree: support GPG commit signing

[areese]

Add support for -S/--gpg-sign/--no-gpg-sign command line options and commit.gpgsign configuration. These are passed to invocations of git commit-tree.

cc: Avery apenwarr@gmail.com

Thanks for taking the time to contribute to Git! Please be advised that the
Git community does not use github.com for their contributions. Instead, we use
a mailing list (git@vger.kernel.org) for code submissions, code reviews, and
bug reports. Nevertheless, you can use GitGitGadget (https://gitgitgadget.github.io/)
to conveniently send your Pull Requests commits to our mailing list.

Please read the "guidelines for contributing" linked above!

[gitgitgadget-git]

Welcome to GitGitGadget

Hi @areese, and welcome to GitGitGadget, the GitHub App to send patch series to the Git mailing list from GitHub Pull Requests.

Please make sure that your Pull Request has a good description, as it will be used as cover letter. You can CC potential reviewers by adding a footer to the PR description with the following syntax:

CC: Revi Ewer <revi.ewer@example.com>, Ill Takalook <ill.takalook@example.net>

Also, it is a good idea to review the commit messages one last time, as the Git project expects them in a quite specific form:

• the lines should not exceed 76 columns,
• the first line should be like a header and typically start with a prefix like "tests:" or "revisions:" to state which subsystem the change is about, and
• the commit messages' body should be describing the "why?" of the change.
• Finally, the commit messages should end in a Signed-off-by: line matching the commits' author.

It is in general a good idea to await the automated test ("Checks") in this Pull Request before contributing the patches, e.g. to avoid trivial issues such as unportable code.

Contributing the patches

Before you can contribute the patches, your GitHub username needs to be added to the list of permitted users. Any already-permitted user can do that, by adding a comment to your PR of the form /allow. A good way to find other contributors is to locate recent pull requests where someone has been /allowed:

• Search: is:pr is:open "/allow"

Both the person who commented /allow and the PR author are able to /allow you.

An alternative is the channel #git-devel on the Libera Chat IRC network:

<newcontributor> I've just created my first PR, could someone please /allow me? https://github.com/gitgitgadget/git/pull/12345
<veteran> newcontributor: it is done
<newcontributor> thanks!

Once on the list of permitted usernames, you can contribute the patches to the Git mailing list by adding a PR comment /submit.

If you want to see what email(s) would be sent for a /submit request, add a PR comment /preview to have the email(s) sent to you. You must have a public GitHub email address for this. Note that any reviewers CC'd via the list in the PR description will not actually be sent emails.

After you submit, GitGitGadget will respond with another comment that contains the link to the cover letter mail in the Git mailing list archive. Please make sure to monitor the discussion in that thread and to address comments and suggestions (while the comments and suggestions will be mirrored into the PR by GitGitGadget, you will still want to reply via mail).

If you do not want to subscribe to the Git mailing list just to be able to respond to a mail, you can download the mbox from the Git mailing list archive (click the (raw) link), then import it into your mail program. If you use GMail, you can do this via:

curl -g --user "<EMailAddress>:<Password>" \
    --url "imaps://imap.gmail.com/INBOX" -T /path/to/raw.txt

To iterate on your change, i.e. send a revised patch or patch series, you will first want to (force-)push to the same branch. You probably also want to modify your Pull Request description (or title). It is a good idea to summarize the revision by adding something like this to the cover letter (read: by editing the first comment on the PR, i.e. the PR description):

Changes since v1:
- Fixed a typo in the commit message (found by ...)
- Added a code comment to ... as suggested by ...
...

To send a new iteration, just add another PR comment with the contents: /submit.

Need help?

New contributors who want advice are encouraged to join git-mentoring@googlegroups.com, where volunteers who regularly contribute to Git are willing to answer newbie questions, give advice, or otherwise provide mentoring to interested contributors. You must join in order to post or view messages, but anyone can join.

You may also be able to find help in real time in the developer IRC channel, #git-devel on Libera Chat. Remember that IRC does not support offline messaging, so if you send someone a private message and log out, they cannot respond to you. The scrollback of #git-devel is archived, though.

[gitgitgadget-git]

There are issues in commit 777d868:
subtree: support GPG commit signing
Commit not signed off

[dscho]

/allow

[gitgitgadget-git]

User areese is now allowed to use GitGitGadget.

WARNING: areese has no public email address set on GitHub;
GitGitGadget needs an email address to Cc: you on your contribution, so that you receive any feedback on the Git mailing list. Go to https://github.com/settings/profile to make your preferred email public to let GitGitGadget know which email address to use.

[areese]

This has a bug, the merge is missing gpg-sign, I need to update it.

[gitgitgadget-git]

There are issues in commit 2927127:
contrib/subtree: fix a bug where git merge was not being passed the --gpg-sign flag.
First line of commit message is too long (> 76 columns)

[areese]

/submit

[gitgitgadget-git]

There are issues in commit 2927127:
contrib/subtree: fix a bug where git merge was not being passed the --gpg-sign flag.
First line of commit message is too long (> 76 columns)

[areese]

trying this again after fixing the commit message.

/preview

[gitgitgadget-git]

There are issues in commit 08a2607:
contrib/subtree: Fix --gpg-sign option not working
Prefixed commit message must be in lower case
Lines in the body of the commit messages should be wrapped between 60 and 76 characters.
Indented lines, and lines without whitespace, are exempt

[gitgitgadget-git]

There are issues in commit 8a30d1f:
contrib/subtree: Fix --gpg-sign option not working
Prefixed commit message must be in lower case
Lines in the body of the commit messages should be wrapped between 60 and 76 characters.
Indented lines, and lines without whitespace, are exempt

[gitgitgadget-git]

There are issues in commit 6c15783:
contrib/subtree: fix --gpg-sign option not working
Lines in the body of the commit messages should be wrapped between 60 and 76 characters.
Indented lines, and lines without whitespace, are exempt

[K021]

/allow

[gitgitgadget-git]

Error: User K021 is not yet permitted to use GitGitGadget

[areese]

/preview

[gitgitgadget-git]

Preview email sent as pull.1490.git.git.1681145845.gitgitgadget@gmail.com

[areese]

/submit

[gitgitgadget-git]

Submitted as pull.1490.git.git.1681146107.gitgitgadget@gmail.com

To fetch this version into FETCH_HEAD:

git fetch https://github.com/gitgitgadget/git/ pr-git-1490/areese/git-subtree-support-gpg-signing-v1

To fetch this version to local tag pr-git-1490/areese/git-subtree-support-gpg-signing-v1:

git fetch --no-tags https://github.com/gitgitgadget/git/ tag pr-git-1490/areese/git-subtree-support-gpg-signing-v1

[gitgitgadget-git]

On the Git mailing list, Allen Reese wrote (reply to this):

Adding Avery, as I don’t seem to have managed to cc Avery as part of the gitgadet pr.



> On Apr 10, 2023, at 10:01 AM, Jacques Vidrine via GitGitGadget <gitgitgadget@gmail.com> wrote:
> 
> From: Jacques Vidrine <t@fboundp.com>
> 
> Add support for -S/--gpg-sign/--no-gpg-sign command line options
> and commit.gpgsign configuration. These are passed to invocations
> of `git commit-tree`.
> 
> Signed-off-by: Allen Reese <java.allen@apple.com>
> Signed-off-by: Jacques Vidrine <t@fboundp.com>
> ---
> contrib/subtree/git-subtree.sh  | 24 +++++++++++++++++++-----
> contrib/subtree/git-subtree.txt |  9 +++++++++
> 2 files changed, 28 insertions(+), 5 deletions(-)
> 
> diff --git a/contrib/subtree/git-subtree.sh b/contrib/subtree/git-subtree.sh
> index 10c9c87839a..553b4391deb 100755
> --- a/contrib/subtree/git-subtree.sh
> +++ b/contrib/subtree/git-subtree.sh
> @@ -46,6 +46,8 @@ rejoin        merge the new branch back into HEAD
>  options for 'add' and 'merge' (also: 'pull', 'split --rejoin', and 'push --rejoin')
> squash        merge subtree changes as a single commit
> m,message=    use the given message as the commit message for the merge commit
> +S,gpg-sign?   GPG-sign commits, optionally specifying keyid.
> +no-gpg-sign   Disable GPG commit signing.
> "
> 
> indent=0
> @@ -165,6 +167,7 @@ main () {
> 	arg_quiet=
> 	arg_debug=
> 	arg_prefix=
> +	arg_gpgsign=
> 	arg_split_branch=
> 	arg_split_onto=
> 	arg_split_ignore_joins=
> @@ -240,6 +243,9 @@ main () {
> 			test -n "$allow_addmerge" || die_incompatible_opt "$opt" "$arg_command"
> 			arg_addmerge_squash=
> 			;;
> +		-S*|--gpg-sign=*|--no-gpg-sign)
> +			arg_gpgsign="${opt}"
> +			;;
> 		--)
> 			break
> 			;;
> @@ -268,6 +274,12 @@ main () {
> 
> 	dir="$(dirname "$arg_prefix/.")"
> 
> +	if test -z "$arg_gpgsign" &&
> +		git config --bool commit.gpgsign >/dev/null
> +	then
> +		arg_gpgsign="-S"
> +	fi
> +
> 	debug "command: {$arg_command}"
> 	debug "quiet: {$arg_quiet}"
> 	debug "dir: {$dir}"
> @@ -534,7 +546,7 @@ copy_commit () {
> 			printf "%s" "$arg_split_annotate"
> 			cat
> 		) |
> -		git commit-tree "$2" $3  # reads the rest of stdin
> +		git commit-tree $arg_gpgsign "$2" $3  # reads the rest of stdin
> 	) || die "fatal: can't copy commit $1"
> }
> 
> @@ -674,10 +686,10 @@ new_squash_commit () {
> 	if test -n "$old"
> 	then
> 		squash_msg "$dir" "$oldsub" "$newsub" |
> -		git commit-tree "$tree" -p "$old" || exit $?
> +		git commit-tree $arg_gpgsign "$tree" -p "$old" || exit $?
> 	else
> 		squash_msg "$dir" "" "$newsub" |
> -		git commit-tree "$tree" || exit $?
> +		git commit-tree $arg_gpgsign "$tree" || exit $?
> 	fi
> }
> 
> @@ -900,11 +912,13 @@ cmd_add_commit () {
> 	then
> 		rev=$(new_squash_commit "" "" "$rev") || exit $?
> 		commit=$(add_squashed_msg "$rev" "$dir" |
> -			git commit-tree "$tree" $headp -p "$rev") || exit $?
> +			git commit-tree $arg_gpgsign "$tree" \
> +			$headp -p "$rev") || exit $?
> 	else
> 		revp=$(peel_committish "$rev") || exit $?
> 		commit=$(add_msg "$dir" $headrev "$rev" |
> -			git commit-tree "$tree" $headp -p "$revp") || exit $?
> +			git commit-tree $arg_gpgsign "$tree" \
> +			$headp -p "$revp") || exit $?
> 	fi
> 	git reset "$commit" || exit $?
> 
> diff --git a/contrib/subtree/git-subtree.txt b/contrib/subtree/git-subtree.txt
> index 004abf415b8..fa54541b288 100644
> --- a/contrib/subtree/git-subtree.txt
> +++ b/contrib/subtree/git-subtree.txt
> @@ -185,6 +185,15 @@ subproject.
> --message=<message>::
> 	Specify <message> as the commit message for the merge commit.
> 
> +-S[<keyid>]::
> +--gpg-sign[=<keyid>]::
> +--no-gpg-sign::
> +	GPG-sign commits. The `keyid` argument is optional and
> +	defaults to the committer identity; if specified, it must be
> +	stuck to the option without a space. `--no-gpg-sign` is useful to
> +	countermand both `commit.gpgSign` configuration variable, and
> +	earlier `--gpg-sign`.
> +
> OPTIONS FOR 'split' (ALSO: 'push')
> ----------------------------------
> These options for 'split' may also be given to 'push' (which wraps
> -- 
> gitgitgadget
>