1 |
commit: 1d6850f3ac839326c5596db5a570bc7832bb394e |
2 |
Author: Zac Medico <zmedico <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Feb 4 14:26:12 2012 +0000 |
4 |
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Feb 4 14:38:32 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=1d6850f3 |
7 |
|
8 |
repoman: support git commit --gpg-sign |
9 |
|
10 |
In order to sign commits with git, you will need Git >=1.7.9 and your |
11 |
key will have to be configured by `git config user.signingkey key_id`. |
12 |
Also, the repository will need to have "sign-commits = true" in |
13 |
metadata/layout.conf. This will fix bug #333687. |
14 |
|
15 |
--- |
16 |
bin/repoman | 7 +++++++ |
17 |
man/make.conf.5 | 4 +++- |
18 |
man/portage.5 | 3 +++ |
19 |
pym/portage/repository/config.py | 10 ++++++++-- |
20 |
4 files changed, 21 insertions(+), 3 deletions(-) |
21 |
|
22 |
diff --git a/bin/repoman b/bin/repoman |
23 |
index 6e91254..bee6661 100755 |
24 |
--- a/bin/repoman |
25 |
+++ b/bin/repoman |
26 |
@@ -582,6 +582,13 @@ repo_config = repoman_settings.repositories.get_repo_for_location(repodir) |
27 |
portdb.porttrees = list(repo_config.eclass_db.porttrees) |
28 |
portdir = portdb.porttrees[0] |
29 |
|
30 |
+if repo_config.sign_commit: |
31 |
+ if vcs == 'git': |
32 |
+ # NOTE: It's possible to use --gpg-sign=key_id to specify the key in |
33 |
+ # the commit arguments. If key_id is unspecified, then it must be |
34 |
+ # configured by `git config user.signingkey key_id`. |
35 |
+ vcs_local_opts.append("--gpg-sign") |
36 |
+ |
37 |
# In order to disable manifest signatures, repos may set |
38 |
# "sign-manifests = false" in metadata/layout.conf. This |
39 |
# can be used to prevent merge conflicts like those that |
40 |
|
41 |
diff --git a/man/make.conf.5 b/man/make.conf.5 |
42 |
index e5a9ae1..e8777c8 100644 |
43 |
--- a/man/make.conf.5 |
44 |
+++ b/man/make.conf.5 |
45 |
@@ -722,7 +722,9 @@ Defaults to $HOME/.gnupg. |
46 |
.TP |
47 |
.B PORTAGE_GPG_KEY |
48 |
The \fBgpg\fR(1) key used by \fBrepoman\fR(1) to sign manifests |
49 |
-when \fBsign\fR is in \fBFEATURES\fR. |
50 |
+when \fBsign\fR is in \fBFEATURES\fR. In order to sign commits with |
51 |
+\fBgit\fR(1), you will need Git >=1.7.9 and your commit key will have |
52 |
+to be configured by \fI`git config user.signingkey key_id`\fR. |
53 |
.TP |
54 |
.B PORTAGE_GPG_SIGNING_COMMAND |
55 |
The command used by \fBrepoman\fR(1) to sign manifests when \fBsign\fR is |
56 |
|
57 |
diff --git a/man/portage.5 b/man/portage.5 |
58 |
index e2ed754..dd94a79 100644 |
59 |
--- a/man/portage.5 |
60 |
+++ b/man/portage.5 |
61 |
@@ -785,6 +785,9 @@ precedence over settings in \fBlayout.conf\fR, except tools such as |
62 |
masters = gentoo java-overlay |
63 |
# indicate that this repo can be used as a substitute for foo-overlay |
64 |
aliases = foo-overlay |
65 |
+# sign commits in this repo, which requires Git >=1.7.9, and |
66 |
+# key configured by `git config user.signingkey key_id` |
67 |
+sign\-commits = true |
68 |
# do not sign manifests in this repo |
69 |
sign\-manifests = false |
70 |
# thin\-manifests only contain DIST entries |
71 |
|
72 |
diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py |
73 |
index ebee234..84d9741 100644 |
74 |
--- a/pym/portage/repository/config.py |
75 |
+++ b/pym/portage/repository/config.py |
76 |
@@ -49,7 +49,7 @@ class RepoConfig(object): |
77 |
'cache_formats', 'create_manifest', 'disable_manifest', 'eapi', |
78 |
'eclass_db', 'eclass_locations', 'eclass_overrides', 'format', 'location', |
79 |
'main_repo', 'manifest_hashes', 'masters', 'missing_repo_name', |
80 |
- 'name', 'priority', 'sign_manifest', 'sync', 'thin_manifest', |
81 |
+ 'name', 'priority', 'sign_commit', 'sign_manifest', 'sync', 'thin_manifest', |
82 |
'update_changelog', 'user_location', 'portage1_profiles', |
83 |
'portage1_profiles_compat') |
84 |
|
85 |
@@ -117,6 +117,9 @@ class RepoConfig(object): |
86 |
self.eapi = eapi |
87 |
self.name = name |
88 |
self.missing_repo_name = missing |
89 |
+ # sign_commit is disabled by default, since it requires Git >=1.7.9, |
90 |
+ # and key_id configured by `git config user.signingkey key_id` |
91 |
+ self.sign_commit = False |
92 |
self.sign_manifest = True |
93 |
self.thin_manifest = False |
94 |
self.allow_missing_manifest = False |
95 |
@@ -148,7 +151,7 @@ class RepoConfig(object): |
96 |
|
97 |
for value in ('allow-missing-manifest', 'cache-formats', |
98 |
'create-manifest', 'disable-manifest', 'manifest-hashes', |
99 |
- 'sign-manifest', 'thin-manifest', 'update-changelog'): |
100 |
+ 'sign-commit', 'sign-manifest', 'thin-manifest', 'update-changelog'): |
101 |
setattr(self, value.lower().replace("-", "_"), layout_data[value]) |
102 |
|
103 |
self.portage1_profiles = any(x.startswith("portage-1") \ |
104 |
@@ -688,6 +691,9 @@ def parse_layout_conf(repo_location, repo_name=None): |
105 |
data['masters'] = masters |
106 |
data['aliases'] = tuple(layout_data.get('aliases', '').split()) |
107 |
|
108 |
+ data['sign-commit'] = layout_data.get('sign-commits', 'false').lower() \ |
109 |
+ == 'true' |
110 |
+ |
111 |
data['sign-manifest'] = layout_data.get('sign-manifests', 'true').lower() \ |
112 |
== 'true' |