From 1d6850f3ac839326c5596db5a570bc7832bb394e Mon Sep 17 00:00:00 2001 From: Zac Medico Date: Sat, 4 Feb 2012 06:26:12 -0800 Subject: repoman: support git commit --gpg-sign In order to sign commits with git, you will need Git >=1.7.9 and your key will have to be configured by `git config user.signingkey key_id`. Also, the repository will need to have "sign-commits = true" in metadata/layout.conf. This will fix bug #333687. --- bin/repoman | 7 +++++++ man/make.conf.5 | 4 +++- man/portage.5 | 3 +++ pym/portage/repository/config.py | 10 ++++++++-- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/bin/repoman b/bin/repoman index 6e9125480..bee6661db 100755 --- a/bin/repoman +++ b/bin/repoman @@ -582,6 +582,13 @@ repo_config = repoman_settings.repositories.get_repo_for_location(repodir) portdb.porttrees = list(repo_config.eclass_db.porttrees) portdir = portdb.porttrees[0] +if repo_config.sign_commit: + if vcs == 'git': + # NOTE: It's possible to use --gpg-sign=key_id to specify the key in + # the commit arguments. If key_id is unspecified, then it must be + # configured by `git config user.signingkey key_id`. + vcs_local_opts.append("--gpg-sign") + # In order to disable manifest signatures, repos may set # "sign-manifests = false" in metadata/layout.conf. This # can be used to prevent merge conflicts like those that diff --git a/man/make.conf.5 b/man/make.conf.5 index e5a9ae1ed..e8777c840 100644 --- a/man/make.conf.5 +++ b/man/make.conf.5 @@ -722,7 +722,9 @@ Defaults to $HOME/.gnupg. .TP .B PORTAGE_GPG_KEY The \fBgpg\fR(1) key used by \fBrepoman\fR(1) to sign manifests -when \fBsign\fR is in \fBFEATURES\fR. +when \fBsign\fR is in \fBFEATURES\fR. In order to sign commits with +\fBgit\fR(1), you will need Git >=1.7.9 and your commit key will have +to be configured by \fI`git config user.signingkey key_id`\fR. .TP .B PORTAGE_GPG_SIGNING_COMMAND The command used by \fBrepoman\fR(1) to sign manifests when \fBsign\fR is diff --git a/man/portage.5 b/man/portage.5 index e2ed75404..dd94a796b 100644 --- a/man/portage.5 +++ b/man/portage.5 @@ -785,6 +785,9 @@ precedence over settings in \fBlayout.conf\fR, except tools such as masters = gentoo java-overlay # indicate that this repo can be used as a substitute for foo-overlay aliases = foo-overlay +# sign commits in this repo, which requires Git >=1.7.9, and +# key configured by `git config user.signingkey key_id` +sign\-commits = true # do not sign manifests in this repo sign\-manifests = false # thin\-manifests only contain DIST entries diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py index ebee234c3..84d97411e 100644 --- a/pym/portage/repository/config.py +++ b/pym/portage/repository/config.py @@ -49,7 +49,7 @@ class RepoConfig(object): 'cache_formats', 'create_manifest', 'disable_manifest', 'eapi', 'eclass_db', 'eclass_locations', 'eclass_overrides', 'format', 'location', 'main_repo', 'manifest_hashes', 'masters', 'missing_repo_name', - 'name', 'priority', 'sign_manifest', 'sync', 'thin_manifest', + 'name', 'priority', 'sign_commit', 'sign_manifest', 'sync', 'thin_manifest', 'update_changelog', 'user_location', 'portage1_profiles', 'portage1_profiles_compat') @@ -117,6 +117,9 @@ class RepoConfig(object): self.eapi = eapi self.name = name self.missing_repo_name = missing + # sign_commit is disabled by default, since it requires Git >=1.7.9, + # and key_id configured by `git config user.signingkey key_id` + self.sign_commit = False self.sign_manifest = True self.thin_manifest = False self.allow_missing_manifest = False @@ -148,7 +151,7 @@ class RepoConfig(object): for value in ('allow-missing-manifest', 'cache-formats', 'create-manifest', 'disable-manifest', 'manifest-hashes', - 'sign-manifest', 'thin-manifest', 'update-changelog'): + 'sign-commit', 'sign-manifest', 'thin-manifest', 'update-changelog'): setattr(self, value.lower().replace("-", "_"), layout_data[value]) self.portage1_profiles = any(x.startswith("portage-1") \ @@ -688,6 +691,9 @@ def parse_layout_conf(repo_location, repo_name=None): data['masters'] = masters data['aliases'] = tuple(layout_data.get('aliases', '').split()) + data['sign-commit'] = layout_data.get('sign-commits', 'false').lower() \ + == 'true' + data['sign-manifest'] = layout_data.get('sign-manifests', 'true').lower() \ == 'true' -- cgit v1.2.3-1-g7c22