最近的git版本(>=1.7.9)支持使用GPG为每个提交进行签名。
是否可以对树内的所有提交进行追加签名?
最近的git版本(>=1.7.9)支持使用GPG为每个提交进行签名。
是否可以对树内的所有提交进行追加签名?
git commit
命令中--gpg-sign
选项(也称为-S
)生成的签名是用于生成标识提交的sha1哈希值的数据的一部分。因此,要对提交进行后期签名,需要更改已完成签名的每个提交的ID。git filter-branch
命令,但最好只是对新提交进行签名。由于所有祖先的提交ID都会影响任何新提交将要签名的数据,因此通过新签名的提交仍然可以使用gpg验证旧提交。参见提交44dc738(2017年4月26日),由Jonathan Tan(jhowtan
)进行修改。
(由Junio C Hamano -- gitster
--在提交6ebfa10中合并,2017年5月16日)
当遇到不以换行符结尾的提交信息时,顺序器在确定是否添加空白行之前不会完成该行。
sequencer
: 在添加页脚之前添加换行符
(cherry picked...
"和签名行有时出现在提交消息的最后一行上。has_conforming_footer()
认为符合规范的页脚不符合规范,从而导致符合规范和不符合规范的页脚被视为相同,而它们不应该是。do_pick_commit()
和append_signoff()
中都要这样做。
在Git 2.29(2020年第四季度)中,这将更加可靠。
查看提交842385b, 提交9dad073, 提交26e28fe, 提交75d3bee, 提交20f4b04, 提交5b9427e, 提交8d2aa8d, 提交424e28f, 提交e885a84, 提交185e865(2020年9月30日)由Jeff King (peff
)。
(由Junio C Hamano -- gitster
--合并于提交19dd352, 2020年10月5日)
序列生成器
:在解析预告片时处理忽略页脚
签名:
Jeff King
The
append_signoff()
function takes an"ignore_footer"
argument, which specifies a number of bytes at the end of the message buffer which should not be considered (they cannot contain trailers, and the trailer is spliced in before them).But to find the existing trailers, it calls into
has_conforming_trailer()
. That function takes anignore_footer
parameter, but since 967dfd4d56 ("sequencer
: use trailer's trailer layout", 2016-11-02, Git v2.12.0-rc0 -- merge listed in batch #2) the parameter is completely ignored.The trailer interface we're using takes a single string, with no option to tell it to use part of the string. However, since we have a mutable
strbuf
, we can work around this by simply overwriting (and later restoring) the boundary with aNUL
.I'm not sure if this can actually trigger a bug in practice. It's easy to get a non-zero
ignore_footer
by doing something like this:git commit -F - --cleanup=verbatim <<-EOF subject body Signed-off-by: me # this looks like a comment, but is actually in the # message! That makes the earlier s-o-b fake. EOF git commit --amend -s
There git-commit calls
ignore_non_trailer()
to count up the "#" cruft, which becomes theignore_footer
header. But it works even without this patch! That's because the trailer code also callsignore_non_trailer()
and skips the cruft, too. So it happens to work because the only callers with a non-zeroignore_footer
are using the exact same function that the trailer parser uses internally.And that seems true for all of the current callers, but there's nothing guaranteeing it. We're better off only feeding the correct buffer to the trailer code in the first place.
您可以尝试从想要开始签署提交的位置创建一个新分支。最近我就为一个在没有访问我的私钥的机器上创建的分支做了这个操作:
# git checkout -b new-branch <last-signed-commit>
# git cherry-pick <first-unsigned-commit>
# git checkout unsigned-branch
# git rebase new-branch
这需要您的Git配置自动签署您的提交,并且显然不应该有太多的合并提交,否则rebase会看起来很奇怪。如果有疑问,请挑选您的提交;每个挑选的提交都将被签署。