support commit.gpgsign
Support users who have set commit.gpgsign, by disabling gpg signatures for git-annex branch commits and commits made by the assistant. The thinking here is that a user sets commit.gpgsign intending the commits that they manually initiate to be gpg signed. But not commits made in the background, whether by a deamon or implicitly to the git-annex branch. gpg signing those would be at best a waste of CPU and at worst would fail, or flood the user with gpg passphrase prompts, or put their signature on changes they did not directly do. See Debian bug #753720. Also makes all commits done by git-annex go through a few central control points, to make such changes easier in future. Also disables commit.gpgsign in the test suite. This commit was sponsored by Antoine Boegli.
This commit is contained in:
Joey Hess
parent
cb48baed33
commit
d41849bc23
15 changed files with 90 additions and 61 deletions
|
|
@ -103,6 +103,28 @@ fastForward branch (first:rest) repo =
|
|||
(False, True) -> findbest c rs -- worse
|
||||
(False, False) -> findbest c rs -- same
|
||||
|
||||
{- The user may have set commit.gpgsign, indending all their manual
|
||||
- commits to be signed. But signing automatic/background commits could
|
||||
- easily lead to unwanted gpg prompts or failures.
|
||||
-}
|
||||
data CommitMode = ManualCommit | AutomaticCommit
|
||||
deriving (Eq)
|
||||
|
||||
{- Commit via the usual git command. -}
|
||||
commitCommand :: CommitMode -> [CommandParam] -> Repo -> IO Bool
|
||||
commitCommand = commitCommand' runBool
|
||||
|
||||
{- Commit will fail when the tree is clean. This suppresses that error. -}
|
||||
commitQuiet :: CommitMode -> [CommandParam] -> Repo -> IO ()
|
||||
commitQuiet commitmode ps = void . tryIO . commitCommand' runQuiet commitmode ps
|
||||
|
||||
commitCommand' :: ([CommandParam] -> Repo -> IO a) -> CommitMode -> [CommandParam] -> Repo -> IO a
|
||||
commitCommand' runner commitmode ps = runner (Param "commit" : ps')
|
||||
where
|
||||
ps'
|
||||
| commitmode == AutomaticCommit = Param "--no-gpg-sign" : ps
|
||||
| otherwise = ps
|
||||
|
||||
{- Commits the index into the specified branch (or other ref),
|
||||
- with the specified parent refs, and returns the committed sha.
|
||||
-
|
||||
|
|
@ -112,8 +134,8 @@ fastForward branch (first:rest) repo =
|
|||
- Unlike git-commit, does not run any hooks, or examine the work tree
|
||||
- in any way.
|
||||
-}
|
||||
commit :: Bool -> String -> Branch -> [Ref] -> Repo -> IO (Maybe Sha)
|
||||
commit allowempty message branch parentrefs repo = do
|
||||
commit :: CommitMode -> Bool -> String -> Branch -> [Ref] -> Repo -> IO (Maybe Sha)
|
||||
commit commitmode allowempty message branch parentrefs repo = do
|
||||
tree <- getSha "write-tree" $
|
||||
pipeReadStrict [Param "write-tree"] repo
|
||||
ifM (cancommit tree)
|
||||
|
|
@ -126,16 +148,18 @@ commit allowempty message branch parentrefs repo = do
|
|||
, return Nothing
|
||||
)
|
||||
where
|
||||
ps = concatMap (\r -> ["-p", fromRef r]) parentrefs
|
||||
ps =
|
||||
(if commitmode == AutomaticCommit then ["--no-gpg-sign"] else [])
|
||||
++ concatMap (\r -> ["-p", fromRef r]) parentrefs
|
||||
cancommit tree
|
||||
| allowempty = return True
|
||||
| otherwise = case parentrefs of
|
||||
[p] -> maybe False (tree /=) <$> Git.Ref.tree p repo
|
||||
_ -> return True
|
||||
|
||||
commitAlways :: String -> Branch -> [Ref] -> Repo -> IO Sha
|
||||
commitAlways message branch parentrefs repo = fromJust
|
||||
<$> commit True message branch parentrefs repo
|
||||
commitAlways :: CommitMode -> String -> Branch -> [Ref] -> Repo -> IO Sha
|
||||
commitAlways commitmode message branch parentrefs repo = fromJust
|
||||
<$> commit commitmode True message branch parentrefs repo
|
||||
|
||||
{- A leading + makes git-push force pushing a branch. -}
|
||||
forcePush :: String -> String
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue