Skip to content

Commit signature skipped when global configuration commit.gpgSign=true #591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
shaneutt opened this issue Mar 15, 2021 · 6 comments
Closed

Commit signature skipped when global configuration commit.gpgSign=true #591

shaneutt opened this issue Mar 15, 2021 · 6 comments

Comments

@shaneutt
Copy link

shaneutt commented Mar 15, 2021
edited
Loading

Describe the bug
Most git UI's and toolkits will respect the global (or repo) commit configuration.

I found with v0.13.0 of gitui that even though my ~/.gitconfig included the following configuration:

[commit]
	gpgSign = True

Commits I made from gitui would not try to sign, and produced unsigned commits.

To Reproduce
Steps to reproduce the behavior:

  1. configure git config --global commit.gpgSign true
  2. configure a key git config --global user.signingKey ${PUBKEY_HASH}
  3. make a commit with gitui

Expected behavior
The commit should have been signed with the default signing key specified by git config --global user.signingKey ${PUBKEY_HASH}.

If key was not already unlocked via the local keyring program, a prompt should have occurred for the GPG key passphrase prior to commiting and signing.

Context (please complete the following information):

  • OS/Distro + Version: Arch Linux x86_64
  • GitUI Version v0.13.0
  • Rust version: v1.50.0
@shaneutt
Copy link
Author

I'm new to the codebase, but given a nudge in the right direction I may have time to contribute this improvement myself.

@extrawurst
Copy link
Collaborator

@shaneutt welcome and thanks for your interest in helping out! This is a duplicate of #97 - you can catchup with the progress there, it will give u the nudge you need ;)

@shaneutt
Copy link
Author

Sounds good thanks, I've subscribed to that one 🖖

@beet
Copy link

beet commented Mar 24, 2021

Was a dependency on grc added with 0.12.0? I updated GitUI to 0.12.0 on 2021-03-11 while also upgrading git for the security vulnerability update: GHSA-8prw-h3cq-mghm

Prior to then, my commits made with GitUI were signed and verified correctly, but as of 0.12.0 they are not. So is this more of a regression than what looks like a feature request from May 2020 in #97?

@extrawurst
Copy link
Collaborator

@beet I don't know what grc is, its not in the dependencies. commits made with gitui were never signed, this feature is still open as of #97

@beet
Copy link

beet commented Mar 25, 2021

Hmmm, maybe I just thought it was signing commits because at work we're required to rebase a lot, which I do from the command line.

They only just made it a requirement to merge PRs that the commits are all verified, so I probably just hadn't noticed that some of my commits weren't actually signed.

@extrawurst extrawurst mentioned this issue May 26, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@beet @extrawurst @shaneutt