Please implement a GitHub CI check that fails on lacking correct signoff. remote: FATAL: VREF/proj-gentoo-06-copyright: helper program exit status 256 remote: 24f0a81694dca8c23a1d6c526035c19d4926ef86: no Signed-off-by line matching committer's e-mail address found! remote: expected: tmozes@sygic.com remote: last found: hydrapolic@gmail.com This commit should have been flagged before trying to push to Gentoo repo. commit 24f0a81694dca8c23a1d6c526035c19d4926ef86 Author: Tomas Mozes <tmozes@sygic.com> Date: Tue Nov 12 14:01:49 2019 +0100 dev-db/redis: drop old Package-Manager: Portage-2.3.79, Repoman-2.3.17 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
I'm confused. The assignment script detects missing signoff, and flags that. If that didn't happen, it's possible that the commits were edited after the assignment.
Signed-off-by is just a string inserted to the message, however I commited from my testing machine at work hence that email as git author.
Robin is referring to the fact that the Signed-off-by email is different from the git commit author.
@mgorny: when you say "detects missing signoff" can you link to the actual check code implementation? In this case it wasn't missing, but just didn't match.
https://github.com/mgorny/assign-pull-requests/blob/master/assign-pull-requests.py
mgorny: Here's a proposed fix https://github.com/mgorny/assign-pull-requests/pull/1
I just want to point out there are multiple people who use different e-mails to commit / sign-off. GLEP-76 is probably scaring people to use a bit more "official" e-mail address to sign-off vrt what they use in Github to count commits. Surely, you can add a 2nd e-mail to your Github, but I think we are already asking much from our contributors, and I wouldn't want to link my personal private e-mail to Github anyway. This hasn't been a problem before, is it one now? Has the ::gentoo repo checks been updated so sign-off must match committer? Just yesterday I saw a commit with different author than sign-off (dev-lang/ocaml). How that got through?
Indeed, juippis is right. The hook is supposed to check that the committer signed off (in addition to the author), so your sign-off should come last. That's why we require that particular field to match. I don't see why we would require other addresses to match.
(In reply to Joonas Niilola from comment #7) > I just want to point out there are multiple people who use different e-mails > to commit / sign-off. GLEP-76 is probably scaring people to use a bit more > "official" e-mail address to sign-off vrt what they use in Github to count > commits. Surely, you can add a 2nd e-mail to your Github, but I think we are > already asking much from our contributors, and I wouldn't want to link my > personal private e-mail to Github anyway. You don't need to use an "official" email, right now you just need to make sure the Signoff exists for the email address used for the committer. > This hasn't been a problem before, is it one now? > Has the ::gentoo repo checks been updated so sign-off must match committer? Yes, that's exactly the proj-gentoo-06-copyright check that has been in place for years now. > Just yesterday I saw a commit with different author than sign-off > (dev-lang/ocaml). How that got through? Because the signoff WAS present for the committer! It was NOT present for the Author email interestingly enough (author=github@seichter.de vs signoff=gentoo@seichter.de). Here's the raw commit you saw (some parts omitted for length) ==== commit df1434388cf449f432d8058f8fa0e9f0202483ab tree 88a7fbc88290158010943a47a5012c4bbf3d5498 parent 6a7cf422ce69cab5e7fbd9c2c0301c24980ab190 author Ralph Seichter <github@seichter.de> 1576460254 +0100 committer Mikle Kolyada <zlogene@gentoo.org> 1577453971 +0300 gpgsig ... dev-lang/ocaml: Bump to version 4.09.0, EAPI 7 ... Closes: https://bugs.gentoo.org/688108 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Ralph Seichter <gentoo@seichter.de> Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> ==== (In reply to Michał Górny from comment #8) > Indeed, juippis is right. The hook is supposed to check that the committer > signed off (in addition to the author), so your sign-off should come last. > That's why we require that particular field to match. I don't see why we > would require other addresses to match. Here's the raw view of the commit that triggered the proj-gentoo-06-copyright check for me opening this bug: ==== commit 24f0a81694dca8c23a1d6c526035c19d4926ef86 tree 2b91c75bae77d1a3ae80ae73eae22f919cfab2e7 parent eed11f894ed770050882f04940143207321983d1 author Tomas Mozes <tmozes@sygic.com> 1573563709 +0100 committer Tomas Mozes <tmozes@sygic.com> 1576667640 +0100 dev-db/redis: drop old Package-Manager: Portage-2.3.79, Repoman-2.3.17 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> ==== The possible ways to fix it: - add "Signed-off-by: Tomas Mozes <tmozes@sygic.com>" in the message trailer - change committer to "Tomáš Mózes <hydrapolic@gmail.com>" - change both to some third matching value The CI check used by the GitHub bot right now only checks if the string "Signed-off-by" is present, without checking ANY of the values included in it. My patch updates it to ALSO test that the emails included in it match the committer value. To reduce the scare factor, maybe provide generated data of what to add. In the above case, it would suggest "Signed-off-by: Tomas Mozes <tmozes@sygic.com>". And you don't need to add it manually, Git can do it very easily: If there's a series of commits: "git rebase --signoff origin/master" If there's only one commit, you can fix this trivially with "git commit --amend -s --no-edit"
Ok, I think I know what the problem here is. Only @gentoo.org people (devs) can _commit_ to ::gentoo repo, but other (non-dev) contributors can be the _authors_ of those commits. However, you as a dev will have to _commit_ and _push_ it. I don't even know how you managed to get it through, but I guess this explains why the git log went a bit derailed earlier. Looks like you merged a branch or something? https://dev.gentoo.org/~juippis/pics/drld.png Looking at commits that were pushed, https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47bdb48493752c1c988ddd7b21195c6bfef3428a https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5794ff3b13a3c7e6ee4c88dccf0b734ac79556af https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=375a1f33d12efb98579d2589950f8b1260b758c2 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64064bb8a9eb4751eda056005a357e1d368f4a1c https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a056fc0a259dd50bb853c469107b2914e880bdbc they seem a bit wrong to me. You can easily merge Github contributions by using app-portage/pram or dev-perl/Gentoo-App-Pram. The steps are: git pull pram 123456 (Github PR number) git push It asks _you_ to sign-off these commits, and will commit them using your robbat2@g.o address. You are then responsible of whatever you pushed :) Please look into pram if you intend to merge more Github contributions. Using it is super simple and "it just works".