New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GPG sign patches on export #12
Comments
Yes, please! For work, I need to sign my commits (up to the point where the remote I need to push my commits to won’t accept my commits if they are not correctly signed). This means I cannot really use Is there a path forward to this? I would happily contribute if being mentored a bit. |
I am generally in favor of StGit supporting signed commits in some fashion. And I would do my best to mentor if you'd like to take on this feature. This issue seeks to have patches signed at Another question is whether the stack state (a.k.a. log, a.k.a. metadata) commits should be signed? |
I agree with your point. I guess it would be simpler to systematically follow the git configuration and sign everything that is a commit when git would have signed it. And I indeed am willing to step in for this feature, since I really enjoy using StGit and would love to be able to use it in a daily basis. |
There is basically one place in the StGit code where commits are made, in stgit/stgit/lib/git/objects.py Lines 266 to 283 in a6b3d49
The simplest thing to try would be to use the
|
I would suggest that a first step towards addressing this issue completely would be to make What do you think? |
Yes, I think that is a fine approach. But I wonder if we might run into issues over-signing patches? An example use case I'm thinking of would be using So, I agree that we can defer on adding command line options and start by using |
Well, |
That perspective makes sense. Perhaps I'm overthinking it a bit. |
This can probably close now, right? |
With what was added in #100, patches are now represented as signed commits in the repository and thus commits finalized with AFAICT, git does not support any form of signed patch export. For example, I also note that the Linux kernel process does not include signed patches in that email-based workflow. Instead, signed tags are used along with maintainers encouraged to sign commits they import into their trees. It is thus unclear to me what form gpg-signed outputs from Closing. |
It would be great to my workflow if I could GPG sign patches when exported (eg, with
stg commit
,stg export
, orstg mail
). Right now I'm having tostg commit
the patch, then rungit rebase -S
on it.The text was updated successfully, but these errors were encountered: