Commit signing workflow

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Commit signing workflow

From:	Leo Famulari
Subject:	Commit signing workflow
Date:	Sun, 22 May 2016 20:12:00 -0400
User-agent:	Mutt/1.6.0 (2016-04-01)

As requested in the discussion on "Trustable guix pull" [0], I've
recently started signing the commits I push to Savannah.

At first, I set "gpgsign = true" in my Guix repo's Git config. This
requires you to sign every commit you make. It's effective, but I found
it annoying to provide my signing key while doing exploratory hacking,
rebasing a branch on master, etc.

Instead, I want to sign after my final "self-review" and before pushing
to Savannah or sending patches to the list for final review.

So, I've attached a pre-push Git hook that should prevent unsigned
commits from being pushed to any remote [1]. I've also attached a shell
function that will sign commits besides HEAD (useful for signing a range
of commits). I didn't find a more Git-idiomatic way to sign an existing
commit besides HEAD.

Please let me know if you see any problems with this approach, or if you
can suggest some improvements.

[0]
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#16

[1] One could make it remote-specific if desired.

pre-push
Description: Text document

git-sign
Description: Text document

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Commit signing workflow, Leo Famulari <=
- Re: Commit signing workflow, Ludovic Courtès, 2016/05/23

Prev by Date: [PATCH] gnu: Add texmaker.
Next by Date: Re: [PATCH] gnu: Add r-edger.
Previous by thread: [PATCH] gnu: Add texmaker.
Next by thread: Re: Commit signing workflow
Index(es):
- Date
- Thread