From: Christian Couder <christian.couder@gmail•com>
To: git@vger•kernel.org
Cc: Junio C Hamano <gitster@pobox•com>,
Patrick Steinhardt <ps@pks•im>, Elijah Newren <newren@gmail•com>,
Jeff King <peff@peff•net>,
"brian m . carlson" <sandals@crustytoothpaste•net>,
Johannes Schindelin <Johannes.Schindelin@gmx•de>,
Todd Zullinger <tmz@pobox•com>,
Collin Funk <collin.funk1@gmail•com>,
Christian Couder <christian.couder@gmail•com>
Subject: [PATCH v3 0/5] fast-import: start controlling how tag signatures are handled
Date: Mon, 13 Oct 2025 10:48:52 +0200 [thread overview]
Message-ID: <20251013084857.1646783-1-christian.couder@gmail.com> (raw)
In-Reply-To: <20251007122958.1089680-1-christian.couder@gmail.com>
Introduction
------------
Tools like `git-filter-repo` should be able to control how tag
signatures are handled when regenerating repository content after it
has been filtered. For this purpose, they need a way for `git
fast-import` to control how tag signatures are handled.
A previous series [1] added a '--signed-commits=<mode>' option to `git
fast-import` to control how commit signatures are handled, so this is
adding a similar '--signed-tags=<mode>' for tag signatures.
For now this new option behaves in a very similar way as the option
with the same name that already exists in `git fast-export`.
Especially it supports exactly the same <mode>s and the same aliases
for these modes. For example "ignore" is a synonym for "verbatim".
This way, both `git fast-export` and `git fast-import` have both a
'--signed-tags=<mode>' and a '--signed-commits=<mode>' supporting the
same <mode>s.
In the future I want to implement new <mode>s like "strip-if-invalid",
"re-sign", "re-sign-if-invalid" in `git fast-import` for both tag and
commit signatures. These might be a bit more complex, so for now I
prefer to start with the simple modes.
[1] https://lore.kernel.org/git/20250917181427.3193500-1-christian.couder@gmail.com/
Note about the different patches
--------------------------------
Patch 1/5 (doc: git-tag: stop focussing on GPG signed tags) is a
documentation update for `git tag`. It could go in a separate series
or be dropped altogether, but while working on this I thought that it
would be a good thing to do, as the doc is quite outdated.
Patches 2/5, 3/5 and 4/5 are preparatory patches for the main one
which is patch 5/5 (fast-import: add '--signed-tags=<mode>' option).
I wanted '--signed-tags=<mode>' to work for all kinds of signature in
tags (OpenPGP, X.509 and SSH) but soon realized that the
'--signed-tags=<mode>' option of `git fast-export` worked only for
OpenPGP signatures, so I fixed that issue in patch 4/5 (fast-export:
handle all kinds of tag signatures).
While working on the tests in patch 4/5, I found a few things to
improve that could belong to other patches so that's how I came up
with patches 2/5 and 3/5.
Changes since v2
----------------
Thanks to Patrick Steinhardt, Todd Zullinger and Collin Funk who
reviewed or commented on the v1 and v2.
There is a single change in the first patch (doc: git-tag: stop
focusing on GPG signed tags) where the description of the
`-v | --verify` option of `git tag` has been improved.
CI tests
--------
I haven't run CI tests because there is a single documentation change
since v2 that is very unlikely to make things break.
Range diff since v2
-------------------
1: eb65af631d ! 1: ac67d927ad doc: git-tag: stop focusing on GPG signed tags
@@ Documentation/git-tag.adoc: OPTIONS
-v::
--verify::
- Verify the GPG signature of the given tag names.
-+ Verify the signature of the given tag names.
++ Verify the cryptographic signature of the given tags.
-n<num>::
<num> specifies how many lines from the annotation, if any,
2: 640204ef26 = 2: f0208527ff lib-gpg: allow tests with GPGSM or GPGSSH prereq first
3: 8f788bafe1 = 3: e9e3d8c081 t9350: properly count annotated tags
4: d62a43905c = 4: 8d318a0046 fast-export: handle all kinds of tag signatures
5: 9094f37b46 = 5: 962ad96b4a fast-import: add '--signed-tags=<mode>' option
Christian Couder (5):
doc: git-tag: stop focusing on GPG signed tags
lib-gpg: allow tests with GPGSM or GPGSSH prereq first
t9350: properly count annotated tags
fast-export: handle all kinds of tag signatures
fast-import: add '--signed-tags=<mode>' option
Documentation/git-fast-import.adoc | 5 ++
Documentation/git-tag.adoc | 48 ++++++++++++------
builtin/fast-export.c | 7 ++-
builtin/fast-import.c | 43 ++++++++++++++++
t/lib-gpg.sh | 24 +++++++--
t/meson.build | 1 +
t/t9306-fast-import-signed-tags.sh | 80 ++++++++++++++++++++++++++++++
t/t9350-fast-export.sh | 48 ++++++++++++++++--
8 files changed, 229 insertions(+), 27 deletions(-)
create mode 100755 t/t9306-fast-import-signed-tags.sh
--
2.51.0.438.g6987fc0bae
next prev parent reply other threads:[~2025-10-13 8:49 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-07 12:29 [PATCH 0/5] fast-import: start controlling how tag signatures are handled Christian Couder
2025-10-07 12:29 ` [PATCH 1/5] doc: git-tag: stop focussing on GPG signed tags Christian Couder
2025-10-08 7:14 ` Patrick Steinhardt
2025-10-08 9:52 ` Christian Couder
2025-10-08 11:48 ` Patrick Steinhardt
2025-10-07 12:29 ` [PATCH 2/5] lib-gpg: allow tests with the GPGSM prereq first Christian Couder
2025-10-08 7:14 ` Patrick Steinhardt
2025-10-08 9:42 ` Christian Couder
2025-10-09 1:29 ` Collin Funk
2025-10-09 2:37 ` Todd Zullinger
2025-10-09 12:29 ` Christian Couder
2025-10-09 18:18 ` Junio C Hamano
2025-10-09 12:30 ` Christian Couder
2025-10-07 12:29 ` [PATCH 3/5] t9350: properly count annotated tags Christian Couder
2025-10-08 7:14 ` Patrick Steinhardt
2025-10-08 10:00 ` Christian Couder
2025-10-07 12:29 ` [PATCH 4/5] fast-export: handle all kinds of tag signatures Christian Couder
2025-10-08 7:14 ` Patrick Steinhardt
2025-10-08 10:02 ` Christian Couder
2025-10-09 12:33 ` Christian Couder
2025-10-07 12:29 ` [PATCH 5/5] fast-import: add '--signed-tags=<mode>' option Christian Couder
2025-10-08 7:14 ` Patrick Steinhardt
2025-10-08 10:50 ` Christian Couder
2025-10-08 11:53 ` Patrick Steinhardt
2025-10-09 12:24 ` [PATCH v2 0/5] fast-import: start controlling how tag signatures are handled Christian Couder
2025-10-09 12:24 ` [PATCH v2 1/5] doc: git-tag: stop focusing on GPG signed tags Christian Couder
2025-10-10 1:19 ` Junio C Hamano
2025-10-10 7:06 ` Christian Couder
2025-10-09 12:24 ` [PATCH v2 2/5] lib-gpg: allow tests with GPGSM or GPGSSH prereq first Christian Couder
2025-10-10 6:49 ` Patrick Steinhardt
2025-10-10 14:09 ` Todd Zullinger
2025-10-10 16:22 ` Junio C Hamano
2025-10-11 2:14 ` Todd Zullinger
2025-10-12 0:15 ` Junio C Hamano
2025-10-09 12:24 ` [PATCH v2 3/5] t9350: properly count annotated tags Christian Couder
2025-10-09 12:24 ` [PATCH v2 4/5] fast-export: handle all kinds of tag signatures Christian Couder
2025-10-09 12:24 ` [PATCH v2 5/5] fast-import: add '--signed-tags=<mode>' option Christian Couder
2025-10-09 21:35 ` [PATCH v2 0/5] fast-import: start controlling how tag signatures are handled Junio C Hamano
2025-10-13 8:48 ` Christian Couder [this message]
2025-10-13 8:48 ` [PATCH v3 1/5] doc: git-tag: stop focusing on GPG signed tags Christian Couder
2025-10-24 2:03 ` Elijah Newren
2025-10-13 8:48 ` [PATCH v3 2/5] lib-gpg: allow tests with GPGSM or GPGSSH prereq first Christian Couder
2025-10-13 8:48 ` [PATCH v3 3/5] t9350: properly count annotated tags Christian Couder
2025-10-24 2:03 ` Elijah Newren
2025-10-13 8:48 ` [PATCH v3 4/5] fast-export: handle all kinds of tag signatures Christian Couder
2025-10-24 2:03 ` Elijah Newren
2025-10-13 8:48 ` [PATCH v3 5/5] fast-import: add '--signed-tags=<mode>' option Christian Couder
2025-10-24 2:03 ` Elijah Newren
2025-10-24 9:27 ` Christian Couder
2025-10-24 15:03 ` Junio C Hamano
2025-10-13 9:09 ` [PATCH v3 0/5] fast-import: start controlling how tag signatures are handled Christian Couder
2025-10-24 2:06 ` Elijah Newren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251013084857.1646783-1-christian.couder@gmail.com \
--to=christian.couder@gmail$(echo .)com \
--cc=Johannes.Schindelin@gmx$(echo .)de \
--cc=collin.funk1@gmail$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
--cc=gitster@pobox$(echo .)com \
--cc=newren@gmail$(echo .)com \
--cc=peff@peff$(echo .)net \
--cc=ps@pks$(echo .)im \
--cc=sandals@crustytoothpaste$(echo .)net \
--cc=tmz@pobox$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox