Recently with 1.7.9 release git gets support for git commit signing. This was one of the last show stoppers to migrate gentoo-x86 tree from cvs to git. In recent portage versions like 2.1.10.45 and 2.2.0_alpha85 support for git gpg signed commits was also added. So in kde overlay we decided to test with feature with thin manifests.
New repoman can use git gpg signed commits if you do the following thing
- Enable special tag in metadata/layout.conf
sign-commits = true - Install git >=1.7.9
- Configure your gpg sign key for git via
git config --global user.signingkey $KEYID
After first commit you can chek that gpg signature was added to special field in commit via
git log --show-signature
It will look like this
commit 9b3cafc7efb2c17b0f2baffae530196014967921
gpg: enabled debug flags: memstat
gpg: Signature made Sun Feb 5 21:06:06 2012 MSK using RSA key ID F82F92E6
gpg: Good signature from “Alexey Shvetsov ”
gpg: aka “Alexey ‘alexxy’ Shvetsov ”
gpg: aka “Alexey ‘alexxy’ Shvetsov ”
gpg: aka “Alexey Shvetsov ”
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/32768 bytes in 0 blocks
Author: Alexey Shvetsov
Date: Sun Feb 5 21:05:48 2012 +0400
[metadata] Enable git signed commits by default
Signed-off-by: Alexey Shvetsov
February 6th, 2012 at 01:34
When will be implemented into main tree?
Cauld it be done for ‘emerge –sync’ also?
February 6th, 2012 at 03:19
I dont know when it will be implemented =) but we should test this kind of layout and workflow first
February 6th, 2012 at 03:28
Does it need to show the person’s name six times?
February 6th, 2012 at 03:53
its example output. in this case from actual commit that add needed changes to overlay layout
February 6th, 2012 at 06:55
So many times did the GIT devs tell me they’ll never add this because signing the tag is enough (its not, a single human can’t review all commits or trust or the other mergers on large projects).
Yay. Can finally discontinue my signing hook script.