Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 333687 - Git commit signing
Summary: Git commit signing
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Unspecified (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Alexey Shvetsov
URL:
Whiteboard:
Keywords:
Depends on: 401579 402213
Blocks: 333531 463510
  Show dependency tree
 
Reported: 2010-08-20 19:49 UTC by Thilo Bangert (RETIRED) (RETIRED)
Modified: 2013-06-02 11:01 UTC (History)
10 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thilo Bangert (RETIRED) (RETIRED) gentoo-dev 2010-08-20 19:49:04 UTC
How commits are signed in git. Utilizes git notes support.
Status unclear.
Comment 1 Piotr Jaroszyński (RETIRED) gentoo-dev 2010-08-20 21:12:04 UTC
Why do we care about that?
Comment 2 Alexey Shvetsov gentoo-dev 2010-10-26 14:44:27 UTC
Seems there is solluttion for gpg signing

http://weierophinney.net/matthew/archives/236-GPG-signing-Git-Commits.html
Comment 3 Donnie Berkholz (RETIRED) gentoo-dev 2011-04-18 19:28:38 UTC
http://permalink.gmane.org/gmane.linux.gentoo.scm-migration/48
Comment 4 Arun Raghavan (RETIRED) gentoo-dev 2011-09-20 03:42:50 UTC
Should become a non-issue before long:

http://permalink.gmane.org/gmane.linux.gentoo.scm-migration/111
Comment 5 Pacho Ramos gentoo-dev 2011-11-24 12:32:58 UTC
Robert is retiring, not sure who will take care of this now :/
Comment 6 Andreas K. Hüttel gentoo-dev 2012-01-14 15:30:52 UTC
https://github.com/gitster/git/blob/master/Documentation/RelNotes/1.7.9.txt
from 1.7.9_rc1 tag:


Git v1.7.9 Release Notes (draft)
========================

Updates since v1.7.8
--------------------

[...]

* "git commit" learned "-S" to GPG-sign the commit; this can be shown
   with the "--show-signature" option to "git log".

[...]
Comment 7 Alexey Shvetsov gentoo-dev 2012-01-14 15:47:18 UTC
Current git 1.7.9_rc1 has commit signing and signature checking ability

From Reflog 

* "git log" learned "--show-signature" option to show the signed tag
   that was merged that is embedded in the merge commit. It also can
   show the signature made on the commit with "git commit -S".

* "git commit" learned "-S" to GPG-sign the commit; this can be shown
  with the "--show-signature" option to "git log".
Comment 8 Zac Medico gentoo-dev 2012-02-04 14:33:14 UTC
I've added initial support to repoman here:

http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=6cbf430ed3db0e9128a29280ca08f0309cbd933d

In order to sign commits with git, you will need Git >=1.7.9 and your key will have to be configured by `git config user.signingkey key_id`. Also, the repository will need to have "sign-commits = true" in metadata/layout.conf.

It seems that the commit signing features are undocumented in git-manpages-1.7.9, so we have to use git's source code for documentation:

git commit -S, --gpg-sign[=key_id]:

 builtin/commit.c:     { OPTION_STRING, 'S', "gpg-sign", &sign_commit, "key id",

git log --show-signature:

 revision.c:   } else if (!strcmp(arg, "--show-signature")) {
Comment 10 Zac Medico gentoo-dev 2012-02-04 23:27:24 UTC
(In reply to comment #9)
> http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=1d6850f3ac839326c5596db5a570bc7832bb394e

This is released in portage-2.1.10.45 and 2.2.0_alpha85.
Comment 11 Dirkjan Ochtman gentoo-dev 2012-05-22 09:40:17 UTC
So this seems more or less done, or are there missing pieces?
Comment 12 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2012-05-22 14:19:08 UTC
Do we have any code to verify the signatures?
Comment 13 Zac Medico gentoo-dev 2012-05-22 19:04:16 UTC
(In reply to comment #12)
> Do we have any code to verify the signatures?

I don't know, but if anybody has code to verify Manifest signatures, then that would be a good starting point for getting a set of valid keys.
Comment 14 Alexey Shvetsov gentoo-dev 2012-05-23 12:06:41 UTC
Well git does signature verification by itself

git log --show-signature

=D
Comment 15 Florian Steinel 2012-05-23 21:06:05 UTC
(In reply to comment #14)

From http://mikegerwitz.com/docs/git-horror-story.html#_enforcing_trust :

See the part about
...
git log --pretty="format:%H %aN  %s  %G?"
...
and the gpg web of trust
Comment 16 razamatan 2013-02-12 08:57:38 UTC
who can stick a fork this this?  it looks like it's resolved.
Comment 17 Brian Harring gentoo-dev 2013-02-12 21:12:30 UTC
(In reply to comment #16)
> who can stick a fork this this?  it looks like it's resolved.

Portage validation at the sync'ing level is still missing; it just has write support, basically.
Comment 18 Alex Xu (Hello71) 2013-03-27 18:10:32 UTC
Portage does not validate commits *now* anyways.

`emerge-webrsync` snapshots are signed individually anyways.

I have filed bug 463510 to track implementation of signature verification.
Comment 19 Richard Freeman gentoo-dev 2013-04-29 13:53:50 UTC
(In reply to comment #17)
> (In reply to comment #16)
> > who can stick a fork this this?  it looks like it's resolved.
> 
> Portage validation at the sync'ing level is still missing; it just has write
> support, basically.

This sounds like it would be pretty hard to implement - the head of the tree will most likely never be signed.

Typical workflow - sign a commit, then git pull/rebase (which is not signed), and then git push.  The head points to an unsigned commit.  Even if you use merge commits I don't believe you can sign them.

So, the only way that head will point to a signed commit is if the tree is rebased immediately before a change is committed to it and then pushed.  That seems unlikely, especially with testing.

So, to verify a signature we would need to verify that the commit where content was actually introduced was signed.

I really think this should be closed - I'm all for improving things, but it isn't like we're getting any signature verification benefits by hanging onto cvs.
Comment 20 Andreas K. Hüttel gentoo-dev 2013-06-02 11:01:22 UTC
OK I'm putting my head on the block here, this item is resolved as good as it will ever git.

(Tree validation in portage is another issue and should be discussed in a separate bug. It is not done now, and should not block the migration.)