diff options
author | Chris Beams <chris@beams.io> | 2014-05-22 03:09:35 +0200 |
---|---|---|
committer | bitcoindev <bitcoindev@gnusha.org> | 2014-05-22 01:09:56 +0000 |
commit | 3fa0ee0d16c877150fc5c1f8b1914bbe167040e8 (patch) | |
tree | ebbd07617f807ceb324691f48b2cd1291c42ba90 | |
parent | e5dc85816c4344af6d2edb7f64820e0ceda6fe83 (diff) | |
download | pi-bitcoindev-3fa0ee0d16c877150fc5c1f8b1914bbe167040e8.tar.gz pi-bitcoindev-3fa0ee0d16c877150fc5c1f8b1914bbe167040e8.zip |
Re: [Bitcoin-development] PSA: Please sign your git commits
-rw-r--r-- | 93/10a5a41902c13a9d751ca837b56a5c6a58d6c3 | 240 |
1 files changed, 240 insertions, 0 deletions
diff --git a/93/10a5a41902c13a9d751ca837b56a5c6a58d6c3 b/93/10a5a41902c13a9d751ca837b56a5c6a58d6c3 new file mode 100644 index 000000000..6f56e0bb4 --- /dev/null +++ b/93/10a5a41902c13a9d751ca837b56a5c6a58d6c3 @@ -0,0 +1,240 @@ +Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] + helo=mx.sourceforge.net) + by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) + (envelope-from <chris@beams.io>) id 1WnHW8-0002qU-TR + for bitcoin-development@lists.sourceforge.net; + Thu, 22 May 2014 01:09:56 +0000 +X-ACL-Warn: +Received: from chello084114181075.1.15.vie.surfer.at ([84.114.181.75] + helo=dh35.beams.io) by sog-mx-2.v43.ch3.sourceforge.com with esmtp + (Exim 4.76) id 1WnHW6-0000p9-Ts + for bitcoin-development@lists.sourceforge.net; + Thu, 22 May 2014 01:09:56 +0000 +Received: from localhost (localhost [127.0.0.1]) + by dh35.beams.io (Postfix) with ESMTP id 51980201407; + Thu, 22 May 2014 03:09:48 +0200 (CEST) +X-Virus-Scanned: amavisd-new at dh35.beams.io +Received: from dh35.beams.io ([127.0.0.1]) + by localhost (dh35.beams.io [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id Qsshkxj-8YG0; Thu, 22 May 2014 03:09:38 +0200 (CEST) +Received: from [192.168.0.69] (chello084114181075.1.15.vie.surfer.at + [84.114.181.75]) + by dh35.beams.io (Postfix) with ESMTPSA id 97B882013DF; + Thu, 22 May 2014 03:09:38 +0200 (CEST) +Content-Type: multipart/signed; + boundary="Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285"; + protocol="application/pgp-signature"; micalg=pgp-sha512 +Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\)) +From: Chris Beams <chris@beams.io> +In-Reply-To: <20140521202502.GA439@localhost.localdomain> +Date: Thu, 22 May 2014 03:09:35 +0200 +Message-Id: <D60239BA-5329-463F-9870-7B28661E9581@beams.io> +References: <CA+s+GJBNWh0Py9KB4Y+B19ACeHOygtkLrPw5SbZ0SrVs50pqvg@mail.gmail.com> + <7B48B9D4-5FB0-42CA-A462-C20D3F345A9A@beams.io> + <20140521202502.GA439@localhost.localdomain> +To: "David A. Harding" <dave@dtrt.org> +X-Mailer: Apple Mail (2.1878.2) +X-Spam-Score: 1.0 (+) +X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. + See http://spamassassin.org/tag/ for more details. + 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address + [84.114.181.75 listed in dnsbl.sorbs.net] + 1.0 HTML_MESSAGE BODY: HTML included in message +X-Headers-End: 1WnHW6-0000p9-Ts +Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> +Subject: Re: [Bitcoin-development] PSA: Please sign your git commits +X-BeenThere: bitcoin-development@lists.sourceforge.net +X-Mailman-Version: 2.1.9 +Precedence: list +List-Id: <bitcoin-development.lists.sourceforge.net> +List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> +List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> +List-Post: <mailto:bitcoin-development@lists.sourceforge.net> +List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> +List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, + <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> +X-List-Received-Date: Thu, 22 May 2014 01:09:57 -0000 + + +--Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285 +Content-Type: multipart/alternative; + boundary="Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11" + + +--Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11 +Content-Transfer-Encoding: quoted-printable +Content-Type: text/plain; + charset=us-ascii + + +On May 21, 2014, at 10:25 PM, David A. Harding <dave@dtrt.org> wrote: + +> On Wed, May 21, 2014 at 06:39:44PM +0200, Chris Beams wrote: +>> I [was] searching for a way to enable signing by default [...] +>> Unfortunately, there isn't one, meaning it's likely that most folks +>> will forget to do this most of the time. +>=20 +> For all of my projects, I now I put this script in +> .git/hooks/post-commit and post-merge: +>=20 +> #!/bin/bash -eu +>=20 +> if ! git log -n1 --show-signature | grep -q 'gpg: Good signature' +> then +> yes "FORGOT TO SIGN COMMIT MESSAGE" +> exit 1 +> fi + +Funny, I was just in the middle of writing a pre-push hook to do = +something similar when I decided to check my email :) Your post-commit = +approach is indeed simpler, so I've gone with it for the moment [1]. = +Thanks. + +However, I noticed in the process of testing that this approach messes = +with rebase workflows. For example: if I make several commits (all of = +which are properly signed), and then rebase to reorder them, rebase ends = +up hanging because it delegates to `commit` and the use of `yes` in the = +post-commit hook blocks forever. I've changed `yes` to `echo` to avoid = +this, but it still means that one must be rather diligent to keep = +signatures in place when rebasing. Gerwitz does address rebasing in the = +presence of commit sigs in the "horror story" doc you linked to [2], but = +there's no magic: this makes the whole rebasing process considerably = +more tedious, and linearly so with however many commits you're = +modifying. + +This may amount to a rationale for going with a pre-push hook after all, = +i.e. in order to defer the check for signatures until the last possible = +moment. This would allow for cheap iterative rebasing once again. + +I suppose the proper solution would be a `git config` option such as = +'commit.sign', that if set to true would mean your commits are always = +signed, even if rebase is the one calling `commit`. This would obviate = +the need for the alias I mention below as well. + + +> So anytime I forget to sign, I get an obvious error and can = +immediately +> run git commit --amend -S. + +If one is already in the habit of using an alias for `commit` (I've long = +used `ci` for concision), the -S can be included in the alias: + + git config alias.ci 'commit -S' + + +> To automatically add a script like the one above to all new projects = +(plus +> quickly add it old current projects), you can follow these = +instructions: +>=20 +> = +http://stackoverflow.com/questions/2293498/git-commit-hooks-global-setting= +s + +This was a great tip, thanks! + +- Chris + +[1]: https://github.com/cbeams/dotfiles/commit/58d6942 +[2]: http://mikegerwitz.com/papers/git-horror-story.html#_option_3 + +--Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11 +Content-Transfer-Encoding: quoted-printable +Content-Type: text/html; + charset=us-ascii + +<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = +charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; = +-webkit-nbsp-mode: space; -webkit-line-break: = +after-white-space;"><div><br></div><div><div><div>On May 21, 2014, at = +10:25 PM, David A. Harding <<a = +href=3D"mailto:dave@dtrt.org">dave@dtrt.org</a>> wrote:</div><br = +class=3D"Apple-interchange-newline"><blockquote type=3D"cite">On Wed, = +May 21, 2014 at 06:39:44PM +0200, Chris Beams wrote:<br><blockquote = +type=3D"cite">I [was] searching for a way to enable signing by default = +[...]<br>Unfortunately, there isn't one, meaning it's likely that most = +folks<br>will forget to do this most of the = +time.<br></blockquote><br>For all of my projects, I now I put this = +script in<br>.git/hooks/post-commit and post-merge:<br><br> = + #!/bin/bash -eu<br><br> if ! git log = +-n1 --show-signature | grep -q 'gpg: Good signature'<br> = + then<br> yes = +"FORGOT TO SIGN COMMIT MESSAGE"<br> = + exit 1<br> = + fi<br></blockquote><div><br></div><div>Funny, I was = +just in the middle of writing a pre-push hook to do something similar = +when I decided to check my email :) Your post-commit approach is indeed = +simpler, so I've gone with it for the moment [1]. = +Thanks.</div><div><br></div><div>However, I noticed in the process of = +testing that this approach messes with rebase workflows. For example: if = +I make several commits (all of which are properly signed), and then = +rebase to reorder them, rebase ends up hanging because it delegates to = +`commit` and the use of `yes` in the post-commit hook blocks forever. = +I've changed `yes` to `echo` to avoid this, but it still means that one = +must be rather diligent to keep signatures in place when rebasing. = +Gerwitz does address rebasing in the presence of commit sigs in the = +"horror story" doc you linked to [2], but there's no magic: this makes = +the whole rebasing process considerably more tedious, and linearly so = +with however many commits you're = +modifying.</div><div><br></div><div>This may amount to a rationale for = +going with a pre-push hook after all, i.e. in order to defer the check = +for signatures until the last possible moment. This would allow for = +cheap iterative rebasing once again.</div><div><br></div><div>I suppose = +the proper solution would be a `git config` option such as = +'commit.sign', that if set to true would mean your commits are always = +signed, even if rebase is the one calling `commit`. This would obviate = +the need for the alias I mention below as = +well.</div><div><br></div><div><br></div><blockquote type=3D"cite">So = +anytime I forget to sign, I get an obvious error and can = +immediately<br>run git commit --amend = +-S.<br></blockquote><div><br></div><div>If one is already in the habit = +of using an alias for `commit` (I've long used `ci` for concision), the = +-S can be included in the alias:</div><div><br></div><div> = + git config alias.ci 'commit = +-S'</div><div><br></div><div><div><br></div></div><blockquote = +type=3D"cite">To automatically add a script like the one above to all = +new projects (plus<br>quickly add it old current projects), you can = +follow these instructions:<br><br> <a = +href=3D"http://stackoverflow.com/questions/2293498/git-commit-hooks-global= +-settings">http://stackoverflow.com/questions/2293498/git-commit-hooks-glo= +bal-settings</a><br></blockquote></div><br></div><div>This was a great = +tip, thanks!</div><div><br></div><div>- = +Chris</div><div><div><div><br></div><div>[1]: <a = +href=3D"https://github.com/cbeams/dotfiles/commit/58d6942">https://github.= +com/cbeams/dotfiles/commit/58d6942</a></div><div>[2]: <a = +href=3D"http://mikegerwitz.com/papers/git-horror-story.html#_option_3">htt= +p://mikegerwitz.com/papers/git-horror-story.html#_option_3</a></div></div>= +</div></body></html>= + +--Apple-Mail=_AE7156A4-A359-42BB-AF9D-8D265DC91E11-- + +--Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285 +Content-Transfer-Encoding: 7bit +Content-Disposition: attachment; + filename=signature.asc +Content-Type: application/pgp-signature; + name=signature.asc +Content-Description: Message signed with OpenPGP using GPGMail + +-----BEGIN PGP SIGNATURE----- +Comment: GPGTools - https://gpgtools.org + +iQIcBAEBCgAGBQJTfU5PAAoJED0hT49bxe1zGxoQAIhUJYsq0j3KYfc+ZV3QDdnC +CeL9Go87qPEQTXJzJU0Yk4y7PoCsxJ0oPnQOeaEOEzwiRJ2aRKJoLbfwu0lsTJo/ +nT4abYSLx1EgqgtDkFSF62DXKnN2BWmyexw5FDJFQ1plzWJ1NYh4lncjM3wT5K0Z +Qb367T06+Ihp7iuU/LAi3zhwZumxntITqrWamBiqfu6Sn+u7EtKnMBxduczWNmFB +iPzJtaAcb+R2v/l2lKw3NqNS/ewtmZrduTQtwhuaFd16bfffC5dnFzcgr5W0nJt8 +X0Kt+Vtr2mO445plqJhbq0MB2H1k6TuS+tBPCz9T/9dWEz4yRoa0GSaLgyN/rDOL +OyKMNanVMzKfy0egsXwiiAyL4rBbi7E3qDXG2x8bTBqDBlr9BxI54TdOVVexC7/2 +puUvxfsZv3zrMojRVw8l+q9LZLGsjjPY7kv9OQqWSkYLhfON6wCpfdXzUuWO66Qq +mZFh6wkaWn9pJZLApzF8gQvmY+rRn4EXJs7cUCGes+mplMu3+v/H/6AksQWakxqA +PbJBaK4xsvwhOFKBWlqHxWxhQgIsTdkEmtkq9nDUsPjuohq/1ef8e7WtTo3ONVNF +5Bwe70x1EVGzsqz1e5xlJxKuuUTaTXJ9ep+hLCPydFVF+UJUUXjOgdkhusgoiWwI +uSgtPwHM/aqgQ36UdWkM +=gbJG +-----END PGP SIGNATURE----- + +--Apple-Mail=_23EB31E1-FF71-4D75-A5B5-B73B17931285-- + + |