Skip to content

Commit 492d7a5

Browse files
committed
Merge branch 'tm/tag-gpgsign-config'
A new tag.gpgSign configuration variable turns "git tag -a" into "git tag -s". * tm/tag-gpgsign-config: tag: add tag.gpgSign config option to force all tags be GPG-signed
2 parents dbf491e + 1c6b565 commit 492d7a5

File tree

4 files changed

+52
-6
lines changed

4 files changed

+52
-6
lines changed

Documentation/config/tag.txt

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,14 @@ tag.sort::
88
linkgit:git-tag[1]. Without the "--sort=<value>" option provided, the
99
value of this variable will be used as the default.
1010

11+
tag.gpgSign::
12+
A boolean to specify whether all tags should be GPG signed.
13+
Use of this option when running in an automated script can
14+
result in a large number of tags being signed. It is therefore
15+
convenient to use an agent to avoid typing your gpg passphrase
16+
several times. Note that this option doesn't affects tag signing
17+
behavior enabled by "-u <keyid>" or "--local-user=<keyid>" options.
18+
1119
tar.umask::
1220
This variable can be used to restrict the permission bits of
1321
tar archive entries. The default is 0002, which turns off the

Documentation/git-tag.txt

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,13 @@ OPTIONS
6464
-s::
6565
--sign::
6666
Make a GPG-signed tag, using the default e-mail address's key.
67+
The default behavior of tag GPG-signing is controlled by `tag.gpgSign`
68+
configuration variable if it exists, or disabled oder otherwise.
69+
See linkgit:git-config[1].
70+
71+
--no-sign::
72+
Override `tag.gpgSign` configuration variable that is
73+
set to force each and every tag to be signed.
6774

6875
-u <keyid>::
6976
--local-user=<keyid>::

builtin/tag.c

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ static const char * const git_tag_usage[] = {
3333

3434
static unsigned int colopts;
3535
static int force_sign_annotate;
36+
static int config_sign_tag = -1; /* unspecified */
3637

3738
static int list_tags(struct ref_filter *filter, struct ref_sorting *sorting,
3839
struct ref_format *format)
@@ -144,6 +145,11 @@ static int git_tag_config(const char *var, const char *value, void *cb)
144145
int status;
145146
struct ref_sorting **sorting_tail = (struct ref_sorting **)cb;
146147

148+
if (!strcmp(var, "tag.gpgsign")) {
149+
config_sign_tag = git_config_bool(var, value);
150+
return 0;
151+
}
152+
147153
if (!strcmp(var, "tag.sort")) {
148154
if (!value)
149155
return config_error_nonbool(var);
@@ -442,15 +448,10 @@ int cmd_tag(int argc, const char **argv, const char *prefix)
442448
memset(&opt, 0, sizeof(opt));
443449
memset(&filter, 0, sizeof(filter));
444450
filter.lines = -1;
451+
opt.sign = -1;
445452

446453
argc = parse_options(argc, argv, prefix, options, git_tag_usage, 0);
447454

448-
if (keyid) {
449-
opt.sign = 1;
450-
set_signing_key(keyid);
451-
}
452-
create_tag_object = (opt.sign || annotate || msg.given || msgfile);
453-
454455
if (!cmdmode) {
455456
if (argc == 0)
456457
cmdmode = 'l';
@@ -463,6 +464,15 @@ int cmd_tag(int argc, const char **argv, const char *prefix)
463464
if (cmdmode == 'l')
464465
setup_auto_pager("tag", 1);
465466

467+
if (opt.sign == -1)
468+
opt.sign = cmdmode ? 0 : config_sign_tag > 0;
469+
470+
if (keyid) {
471+
opt.sign = 1;
472+
set_signing_key(keyid);
473+
}
474+
create_tag_object = (opt.sign || annotate || msg.given || msgfile);
475+
466476
if ((create_tag_object || force) && (cmdmode != 0))
467477
usage_with_options(git_tag_usage, options);
468478

t/t7004-tag.sh

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -932,6 +932,27 @@ test_expect_success GPG \
932932
test_cmp expect actual
933933
'
934934

935+
get_tag_header gpgsign-enabled $commit commit $time >expect
936+
echo "A message" >>expect
937+
echo '-----BEGIN PGP SIGNATURE-----' >>expect
938+
test_expect_success GPG \
939+
'git tag configured tag.gpgsign enables GPG sign' \
940+
'test_config tag.gpgsign true &&
941+
git tag -m "A message" gpgsign-enabled &&
942+
get_tag_msg gpgsign-enabled>actual &&
943+
test_cmp expect actual
944+
'
945+
946+
get_tag_header no-sign $commit commit $time >expect
947+
echo "A message" >>expect
948+
test_expect_success GPG \
949+
'git tag --no-sign configured tag.gpgsign skip GPG sign' \
950+
'test_config tag.gpgsign true &&
951+
git tag -a --no-sign -m "A message" no-sign &&
952+
get_tag_msg no-sign>actual &&
953+
test_cmp expect actual
954+
'
955+
935956
test_expect_success GPG \
936957
'trying to create a signed tag with non-existing -F file should fail' '
937958
! test -f nonexistingfile &&

0 commit comments

Comments
 (0)