From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WnHW8-0002qU-TR for bitcoin-development@lists.sourceforge.net; Thu, 22 May 2014 01:09:56 +0000 X-ACL-Warn: Received: from chello084114181075.1.15.vie.surfer.at ([84.114.181.75] helo=dh35.beams.io) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1WnHW6-0000p9-Ts for bitcoin-development@lists.sourceforge.net; Thu, 22 May 2014 01:09:56 +0000 Received: from localhost (localhost [127.0.0.1]) by dh35.beams.io (Postfix) with ESMTP id 51980201407; Thu, 22 May 2014 03:09:48 +0200 (CEST) X-Virus-Scanned: amavisd-new at dh35.beams.io Received: from dh35.beams.io ([127.0.0.1]) by localhost (dh35.beams.io [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qsshkxj-8YG0; Thu, 22 May 2014 03:09:38 +0200 (CEST) Received: from [192.168.0.69] (chello084114181075.1.15.vie.surfer.at [84.114.181.75]) by dh35.beams.io (Postfix) with ESMTPSA id 97B882013DF; Thu, 22 May 2014 03:09:38 +0200 (CEST) Content-Type: multipart/signed; boundary="Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) From: Chris Beams In-Reply-To: <20140521202502.GA439@localhost.localdomain> Date: Thu, 22 May 2014 03:09:35 +0200 Message-Id: References: <7B48B9D4-5FB0-42CA-A462-C20D3F345A9A@beams.io> <20140521202502.GA439@localhost.localdomain> To: "David A. Harding" X-Mailer: Apple Mail (2.1878.2) X-Spam-Score: 1.0 (+) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [84.114.181.75 listed in dnsbl.sorbs.net] 1.0 HTML_MESSAGE BODY: HTML included in message X-Headers-End: 1WnHW6-0000p9-Ts Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] PSA: Please sign your git commits X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2014 01:09:57 -0000 --Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285 Content-Type: multipart/alternative; boundary="Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11" --Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On May 21, 2014, at 10:25 PM, David A. Harding wrote: > On Wed, May 21, 2014 at 06:39:44PM +0200, Chris Beams wrote: >> I [was] searching for a way to enable signing by default [...] >> Unfortunately, there isn't one, meaning it's likely that most folks >> will forget to do this most of the time. >=20 > For all of my projects, I now I put this script in > .git/hooks/post-commit and post-merge: >=20 > #!/bin/bash -eu >=20 > if ! git log -n1 --show-signature | grep -q 'gpg: Good signature' > then > yes "FORGOT TO SIGN COMMIT MESSAGE" > exit 1 > fi Funny, I was just in the middle of writing a pre-push hook to do = something similar when I decided to check my email :) Your post-commit = approach is indeed simpler, so I've gone with it for the moment [1]. = Thanks. However, I noticed in the process of testing that this approach messes = with rebase workflows. For example: if I make several commits (all of = which are properly signed), and then rebase to reorder them, rebase ends = up hanging because it delegates to `commit` and the use of `yes` in the = post-commit hook blocks forever. I've changed `yes` to `echo` to avoid = this, but it still means that one must be rather diligent to keep = signatures in place when rebasing. Gerwitz does address rebasing in the = presence of commit sigs in the "horror story" doc you linked to [2], but = there's no magic: this makes the whole rebasing process considerably = more tedious, and linearly so with however many commits you're = modifying. This may amount to a rationale for going with a pre-push hook after all, = i.e. in order to defer the check for signatures until the last possible = moment. This would allow for cheap iterative rebasing once again. I suppose the proper solution would be a `git config` option such as = 'commit.sign', that if set to true would mean your commits are always = signed, even if rebase is the one calling `commit`. This would obviate = the need for the alias I mention below as well. > So anytime I forget to sign, I get an obvious error and can = immediately > run git commit --amend -S. If one is already in the habit of using an alias for `commit` (I've long = used `ci` for concision), the -S can be included in the alias: git config alias.ci 'commit -S' > To automatically add a script like the one above to all new projects = (plus > quickly add it old current projects), you can follow these = instructions: >=20 > = http://stackoverflow.com/questions/2293498/git-commit-hooks-global-setting= s This was a great tip, thanks! - Chris [1]: https://github.com/cbeams/dotfiles/commit/58d6942 [2]: http://mikegerwitz.com/papers/git-horror-story.html#_option_3 --Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

On May 21, 2014, at = 10:25 PM, David A. Harding <dave@dtrt.org> wrote:

On Wed, = May 21, 2014 at 06:39:44PM +0200, Chris Beams wrote:
I [was] searching for a way to enable signing by default = [...]
Unfortunately, there isn't one, meaning it's likely that most = folks
will forget to do this most of the = time.

For all of my projects, I now I put this = script in
.git/hooks/post-commit and post-merge:

=    #!/bin/bash -eu

   if ! git log = -n1 --show-signature | grep -q 'gpg: Good signature'
=    then
       yes = "FORGOT TO SIGN COMMIT MESSAGE"
=        exit 1
=    fi

Funny, I was = just in the middle of writing a pre-push hook to do something similar = when I decided to check my email :) Your post-commit approach is indeed = simpler, so I've gone with it for the moment [1]. = Thanks.

However, I noticed in the process of = testing that this approach messes with rebase workflows. For example: if = I make several commits (all of which are properly signed), and then = rebase to reorder them, rebase ends up hanging because it delegates to = `commit` and the use of `yes` in the post-commit hook blocks forever. = I've changed `yes` to `echo` to avoid this, but it still means that one = must be rather diligent to keep signatures in place when rebasing. = Gerwitz does address rebasing in the presence of commit sigs in the = "horror story" doc you linked to [2], but there's no magic: this makes = the whole rebasing process considerably more tedious, and linearly so = with however many commits you're = modifying.

This may amount to a rationale for = going with a pre-push hook after all, i.e. in order to defer the check = for signatures until the last possible moment. This would allow for = cheap iterative rebasing once again.

I suppose = the proper solution would be a `git config` option such as = 'commit.sign', that if set to true would mean your commits are always = signed, even if rebase is the one calling `commit`. This would obviate = the need for the alias I mention below as = well.


So = anytime I forget to sign, I get an obvious error and can = immediately
run git commit --amend = -S.

If one is already in the habit = of using an alias for `commit` (I've long used `ci` for concision), the = -S can be included in the alias:

  =   git config alias.ci 'commit = -S'


To automatically add a script like the one above to all = new projects (plus
quickly add it old current projects), you can = follow these instructions:

   http://stackoverflow.com/questions/2293498/git-commit-hooks-glo= bal-settings

This was a great = tip, thanks!

- = Chris
= --Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11-- --Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJTfU5PAAoJED0hT49bxe1zGxoQAIhUJYsq0j3KYfc+ZV3QDdnC CeL9Go87qPEQTXJzJU0Yk4y7PoCsxJ0oPnQOeaEOEzwiRJ2aRKJoLbfwu0lsTJo/ nT4abYSLx1EgqgtDkFSF62DXKnN2BWmyexw5FDJFQ1plzWJ1NYh4lncjM3wT5K0Z Qb367T06+Ihp7iuU/LAi3zhwZumxntITqrWamBiqfu6Sn+u7EtKnMBxduczWNmFB iPzJtaAcb+R2v/l2lKw3NqNS/ewtmZrduTQtwhuaFd16bfffC5dnFzcgr5W0nJt8 X0Kt+Vtr2mO445plqJhbq0MB2H1k6TuS+tBPCz9T/9dWEz4yRoa0GSaLgyN/rDOL OyKMNanVMzKfy0egsXwiiAyL4rBbi7E3qDXG2x8bTBqDBlr9BxI54TdOVVexC7/2 puUvxfsZv3zrMojRVw8l+q9LZLGsjjPY7kv9OQqWSkYLhfON6wCpfdXzUuWO66Qq mZFh6wkaWn9pJZLApzF8gQvmY+rRn4EXJs7cUCGes+mplMu3+v/H/6AksQWakxqA PbJBaK4xsvwhOFKBWlqHxWxhQgIsTdkEmtkq9nDUsPjuohq/1ef8e7WtTo3ONVNF 5Bwe70x1EVGzsqz1e5xlJxKuuUTaTXJ9ep+hLCPydFVF+UJUUXjOgdkhusgoiWwI uSgtPwHM/aqgQ36UdWkM =gbJG -----END PGP SIGNATURE----- --Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285--