4 files changed, 21 insertions, 3 deletions

diff --git a/bin/repoman b/bin/repoman
index 6e9125480..bee6661db 100755
--- a/bin/repoman
+++ b/bin/repoman
@@ -582,6 +582,13 @@ repo_config = repoman_settings.repositories.get_repo_for_location(repodir)
 portdb.porttrees = list(repo_config.eclass_db.porttrees)
 portdir = portdb.porttrees[0]
 
+if repo_config.sign_commit:
+	if vcs == 'git':
+		# NOTE: It's possible to use --gpg-sign=key_id to specify the key in
+		# the commit arguments. If key_id is unspecified, then it must be
+		# configured by `git config user.signingkey key_id`.
+		vcs_local_opts.append("--gpg-sign")
+
 # In order to disable manifest signatures, repos may set
 # "sign-manifests = false" in metadata/layout.conf. This
 # can be used to prevent merge conflicts like those that
diff --git a/man/make.conf.5 b/man/make.conf.5
index e5a9ae1ed..e8777c840 100644
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -722,7 +722,9 @@ Defaults to $HOME/.gnupg.
 .TP
 .B PORTAGE_GPG_KEY
 The \fBgpg\fR(1) key used by \fBrepoman\fR(1) to sign manifests
-when \fBsign\fR is in \fBFEATURES\fR.
+when \fBsign\fR is in \fBFEATURES\fR. In order to sign commits with
+\fBgit\fR(1), you will need Git >=1.7.9 and your commit key will have
+to be configured by \fI`git config user.signingkey key_id`\fR.
 .TP
 .B PORTAGE_GPG_SIGNING_COMMAND
 The command used by \fBrepoman\fR(1) to sign manifests when \fBsign\fR is
diff --git a/man/portage.5 b/man/portage.5
index e2ed75404..dd94a796b 100644
--- a/man/portage.5
+++ b/man/portage.5
@@ -785,6 +785,9 @@ precedence over settings in \fBlayout.conf\fR, except tools such as
 masters = gentoo java-overlay
 # indicate that this repo can be used as a substitute for foo-overlay
 aliases = foo-overlay
+# sign commits in this repo, which requires Git >=1.7.9, and
+# key configured by `git config user.signingkey key_id`
+sign\-commits = true
 # do not sign manifests in this repo
 sign\-manifests = false
 # thin\-manifests only contain DIST entries
diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py
index ebee234c3..84d97411e 100644
--- a/pym/portage/repository/config.py
+++ b/pym/portage/repository/config.py
@@ -49,7 +49,7 @@ class RepoConfig(object):
 		'cache_formats', 'create_manifest', 'disable_manifest', 'eapi',
 		'eclass_db', 'eclass_locations', 'eclass_overrides', 'format', 'location',
 		'main_repo', 'manifest_hashes', 'masters', 'missing_repo_name',
-		'name', 'priority', 'sign_manifest', 'sync', 'thin_manifest',
+		'name', 'priority', 'sign_commit', 'sign_manifest', 'sync', 'thin_manifest',
 		'update_changelog', 'user_location', 'portage1_profiles',
 		'portage1_profiles_compat')
 
@@ -117,6 +117,9 @@ class RepoConfig(object):
 		self.eapi = eapi
 		self.name = name
 		self.missing_repo_name = missing
+		# sign_commit is disabled by default, since it requires Git >=1.7.9,
+		# and key_id configured by `git config user.signingkey key_id`
+		self.sign_commit = False
 		self.sign_manifest = True
 		self.thin_manifest = False
 		self.allow_missing_manifest = False
@@ -148,7 +151,7 @@ class RepoConfig(object):
 
 			for value in ('allow-missing-manifest', 'cache-formats',
 				'create-manifest', 'disable-manifest', 'manifest-hashes',
-				'sign-manifest', 'thin-manifest', 'update-changelog'):
+				'sign-commit', 'sign-manifest', 'thin-manifest', 'update-changelog'):
 				setattr(self, value.lower().replace("-", "_"), layout_data[value])
 
 			self.portage1_profiles = any(x.startswith("portage-1") \
@@ -688,6 +691,9 @@ def parse_layout_conf(repo_location, repo_name=None):
 	data['masters'] = masters
 	data['aliases'] = tuple(layout_data.get('aliases', '').split())
 
+	data['sign-commit'] = layout_data.get('sign-commits', 'false').lower() \
+		== 'true'
+
 	data['sign-manifest'] = layout_data.get('sign-manifests', 'true').lower() \
 		== 'true'