[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Commit signing workflow
From: |
Leo Famulari |
Subject: |
Commit signing workflow |
Date: |
Sun, 22 May 2016 20:12:00 -0400 |
User-agent: |
Mutt/1.6.0 (2016-04-01) |
As requested in the discussion on "Trustable guix pull" [0], I've
recently started signing the commits I push to Savannah.
At first, I set "gpgsign = true" in my Guix repo's Git config. This
requires you to sign every commit you make. It's effective, but I found
it annoying to provide my signing key while doing exploratory hacking,
rebasing a branch on master, etc.
Instead, I want to sign after my final "self-review" and before pushing
to Savannah or sending patches to the list for final review.
So, I've attached a pre-push Git hook that should prevent unsigned
commits from being pushed to any remote [1]. I've also attached a shell
function that will sign commits besides HEAD (useful for signing a range
of commits). I didn't find a more Git-idiomatic way to sign an existing
commit besides HEAD.
Please let me know if you see any problems with this approach, or if you
can suggest some improvements.
[0]
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#16
[1] One could make it remote-specific if desired.
pre-push
Description: Text document
git-sign
Description: Text document
signature.asc
Description: PGP signature
- Commit signing workflow,
Leo Famulari <=