Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <chris@beams.io>) id 1WnHW8-0002qU-TR
for bitcoin-development@lists.sourceforge.net;
Thu, 22 May 2014 01:09:56 +0000
X-ACL-Warn:
Received: from chello084114181075.1.15.vie.surfer.at ([84.114.181.75]
helo=dh35.beams.io) by sog-mx-2.v43.ch3.sourceforge.com with esmtp
(Exim 4.76) id 1WnHW6-0000p9-Ts
for bitcoin-development@lists.sourceforge.net;
Thu, 22 May 2014 01:09:56 +0000
Received: from localhost (localhost [127.0.0.1])
by dh35.beams.io (Postfix) with ESMTP id 51980201407;
Thu, 22 May 2014 03:09:48 +0200 (CEST)
X-Virus-Scanned: amavisd-new at dh35.beams.io
Received: from dh35.beams.io ([127.0.0.1])
by localhost (dh35.beams.io [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Qsshkxj-8YG0; Thu, 22 May 2014 03:09:38 +0200 (CEST)
Received: from [192.168.0.69] (chello084114181075.1.15.vie.surfer.at
[84.114.181.75])
by dh35.beams.io (Postfix) with ESMTPSA id 97B882013DF;
Thu, 22 May 2014 03:09:38 +0200 (CEST)
Content-Type: multipart/signed;
boundary="Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285";
protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Chris Beams <chris@beams.io>
In-Reply-To: <20140521202502.GA439@localhost.localdomain>
Date: Thu, 22 May 2014 03:09:35 +0200
Message-Id: <D60239BA-5329-463F-9870-7B28661E9581@beams.io>
References: <CA+s+GJBNWh0Py9KB4Y+B19ACeHOygtkLrPw5SbZ0SrVs50pqvg@mail.gmail.com>
<7B48B9D4-5FB0-42CA-A462-C20D3F345A9A@beams.io>
<20140521202502.GA439@localhost.localdomain>
To: "David A. Harding" <dave@dtrt.org>
X-Mailer: Apple Mail (2.1878.2)
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[84.114.181.75 listed in dnsbl.sorbs.net]
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1WnHW6-0000p9-Ts
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] PSA: Please sign your git commits
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Thu, 22 May 2014 01:09:57 -0000
--Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285
Content-Type: multipart/alternative;
boundary="Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11"
--Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
On May 21, 2014, at 10:25 PM, David A. Harding <dave@dtrt.org> wrote:
> On Wed, May 21, 2014 at 06:39:44PM +0200, Chris Beams wrote:
>> I [was] searching for a way to enable signing by default [...]
>> Unfortunately, there isn't one, meaning it's likely that most folks
>> will forget to do this most of the time.
>=20
> For all of my projects, I now I put this script in
> .git/hooks/post-commit and post-merge:
>=20
> #!/bin/bash -eu
>=20
> if ! git log -n1 --show-signature | grep -q 'gpg: Good signature'
> then
> yes "FORGOT TO SIGN COMMIT MESSAGE"
> exit 1
> fi
Funny, I was just in the middle of writing a pre-push hook to do =
something similar when I decided to check my email :) Your post-commit =
approach is indeed simpler, so I've gone with it for the moment [1]. =
Thanks.
However, I noticed in the process of testing that this approach messes =
with rebase workflows. For example: if I make several commits (all of =
which are properly signed), and then rebase to reorder them, rebase ends =
up hanging because it delegates to `commit` and the use of `yes` in the =
post-commit hook blocks forever. I've changed `yes` to `echo` to avoid =
this, but it still means that one must be rather diligent to keep =
signatures in place when rebasing. Gerwitz does address rebasing in the =
presence of commit sigs in the "horror story" doc you linked to [2], but =
there's no magic: this makes the whole rebasing process considerably =
more tedious, and linearly so with however many commits you're =
modifying.
This may amount to a rationale for going with a pre-push hook after all, =
i.e. in order to defer the check for signatures until the last possible =
moment. This would allow for cheap iterative rebasing once again.
I suppose the proper solution would be a `git config` option such as =
'commit.sign', that if set to true would mean your commits are always =
signed, even if rebase is the one calling `commit`. This would obviate =
the need for the alias I mention below as well.
> So anytime I forget to sign, I get an obvious error and can =
immediately
> run git commit --amend -S.
If one is already in the habit of using an alias for `commit` (I've long =
used `ci` for concision), the -S can be included in the alias:
git config alias.ci 'commit -S'
> To automatically add a script like the one above to all new projects =
(plus
> quickly add it old current projects), you can follow these =
instructions:
>=20
> =
http://stackoverflow.com/questions/2293498/git-commit-hooks-global-setting=
s
This was a great tip, thanks!
- Chris
[1]: https://github.com/cbeams/dotfiles/commit/58d6942
[2]: http://mikegerwitz.com/papers/git-horror-story.html#_option_3
--Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space;"><div><br></div><div><div><div>On May 21, 2014, at =
10:25 PM, David A. Harding <<a =
href=3D"mailto:dave@dtrt.org">dave@dtrt.org</a>> wrote:</div><br =
class=3D"Apple-interchange-newline"><blockquote type=3D"cite">On Wed, =
May 21, 2014 at 06:39:44PM +0200, Chris Beams wrote:<br><blockquote =
type=3D"cite">I [was] searching for a way to enable signing by default =
[...]<br>Unfortunately, there isn't one, meaning it's likely that most =
folks<br>will forget to do this most of the =
time.<br></blockquote><br>For all of my projects, I now I put this =
script in<br>.git/hooks/post-commit and post-merge:<br><br> =
#!/bin/bash -eu<br><br> if ! git log =
-n1 --show-signature | grep -q 'gpg: Good signature'<br> =
then<br> yes =
"FORGOT TO SIGN COMMIT MESSAGE"<br> =
exit 1<br> =
fi<br></blockquote><div><br></div><div>Funny, I was =
just in the middle of writing a pre-push hook to do something similar =
when I decided to check my email :) Your post-commit approach is indeed =
simpler, so I've gone with it for the moment [1]. =
Thanks.</div><div><br></div><div>However, I noticed in the process of =
testing that this approach messes with rebase workflows. For example: if =
I make several commits (all of which are properly signed), and then =
rebase to reorder them, rebase ends up hanging because it delegates to =
`commit` and the use of `yes` in the post-commit hook blocks forever. =
I've changed `yes` to `echo` to avoid this, but it still means that one =
must be rather diligent to keep signatures in place when rebasing. =
Gerwitz does address rebasing in the presence of commit sigs in the =
"horror story" doc you linked to [2], but there's no magic: this makes =
the whole rebasing process considerably more tedious, and linearly so =
with however many commits you're =
modifying.</div><div><br></div><div>This may amount to a rationale for =
going with a pre-push hook after all, i.e. in order to defer the check =
for signatures until the last possible moment. This would allow for =
cheap iterative rebasing once again.</div><div><br></div><div>I suppose =
the proper solution would be a `git config` option such as =
'commit.sign', that if set to true would mean your commits are always =
signed, even if rebase is the one calling `commit`. This would obviate =
the need for the alias I mention below as =
well.</div><div><br></div><div><br></div><blockquote type=3D"cite">So =
anytime I forget to sign, I get an obvious error and can =
immediately<br>run git commit --amend =
-S.<br></blockquote><div><br></div><div>If one is already in the habit =
of using an alias for `commit` (I've long used `ci` for concision), the =
-S can be included in the alias:</div><div><br></div><div> =
git config alias.ci 'commit =
-S'</div><div><br></div><div><div><br></div></div><blockquote =
type=3D"cite">To automatically add a script like the one above to all =
new projects (plus<br>quickly add it old current projects), you can =
follow these instructions:<br><br> <a =
href=3D"http://stackoverflow.com/questions/2293498/git-commit-hooks-global=
-settings">http://stackoverflow.com/questions/2293498/git-commit-hooks-glo=
bal-settings</a><br></blockquote></div><br></div><div>This was a great =
tip, thanks!</div><div><br></div><div>- =
Chris</div><div><div><div><br></div><div>[1]: <a =
href=3D"https://github.com/cbeams/dotfiles/commit/58d6942">https://github.=
com/cbeams/dotfiles/commit/58d6942</a></div><div>[2]: <a =
href=3D"http://mikegerwitz.com/papers/git-horror-story.html#_option_3">htt=
p://mikegerwitz.com/papers/git-horror-story.html#_option_3</a></div></div>=
</div></body></html>=
--Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11--
--Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJTfU5PAAoJED0hT49bxe1zGxoQAIhUJYsq0j3KYfc+ZV3QDdnC
CeL9Go87qPEQTXJzJU0Yk4y7PoCsxJ0oPnQOeaEOEzwiRJ2aRKJoLbfwu0lsTJo/
nT4abYSLx1EgqgtDkFSF62DXKnN2BWmyexw5FDJFQ1plzWJ1NYh4lncjM3wT5K0Z
Qb367T06+Ihp7iuU/LAi3zhwZumxntITqrWamBiqfu6Sn+u7EtKnMBxduczWNmFB
iPzJtaAcb+R2v/l2lKw3NqNS/ewtmZrduTQtwhuaFd16bfffC5dnFzcgr5W0nJt8
X0Kt+Vtr2mO445plqJhbq0MB2H1k6TuS+tBPCz9T/9dWEz4yRoa0GSaLgyN/rDOL
OyKMNanVMzKfy0egsXwiiAyL4rBbi7E3qDXG2x8bTBqDBlr9BxI54TdOVVexC7/2
puUvxfsZv3zrMojRVw8l+q9LZLGsjjPY7kv9OQqWSkYLhfON6wCpfdXzUuWO66Qq
mZFh6wkaWn9pJZLApzF8gQvmY+rRn4EXJs7cUCGes+mplMu3+v/H/6AksQWakxqA
PbJBaK4xsvwhOFKBWlqHxWxhQgIsTdkEmtkq9nDUsPjuohq/1ef8e7WtTo3ONVNF
5Bwe70x1EVGzsqz1e5xlJxKuuUTaTXJ9ep+hLCPydFVF+UJUUXjOgdkhusgoiWwI
uSgtPwHM/aqgQ36UdWkM
=gbJG
-----END PGP SIGNATURE-----
--Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285--