search

guberm / tortoisegit

Automatically exported from code.google.com/p/tortoisegit
0 stars 0 forks source link

Allow to GPG sign commits #1494

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

1)Using the git bash, call the command "gpg --gen-key" to generate the gpg key 
pair;

2)In the node "Git" on TortoiseGit, place the "Signing Key Id" value

3) Call "commit" (the parameter "-S" should be considered here)

What is the expected output? 

1) TortoiseGit should show a dialog to input the passphase
2) The commit must be closed signed. 

What version of TortoiseGit and msysgit are you using?

1) TortoiseGit: 1.7.14
2) git: 1.8

What operating system? Windows 7

Please provide any additional information below.

Obs: user and email informed in the TortoiseGit should match to user and email 
informed in the pgp key pair.

Original issue reported on code.google.com by rodrigue...@gmail.com on 27 Oct 2012 at 11:21

GoogleCodeExporter commented 9 years ago 
gnupg does not provide any hook/helper for asking for a password.

Original comment by sstrickr...@googlemail.com on 30 Oct 2012 at 10:20

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago

Original comment by sstrickr...@googlemail.com on 14 Jan 2013 at 3:45

GoogleCodeExporter commented 9 years ago 
gnupg starts pinentry.exe to enter the passphrase which is held in memory by 
gpg-agent.

Just open the console and type "gpg --textmode -s -u [your ID here] test.txt"
and pinentry pops up to ask for the passphrase.

If I use tortoisegit to sign I get the error:
gpg: {Path-to-gpg.conf}:5: invalid auto-key-locate list
error: gpg failed to sign the data
error: unable to sign the tag

Is tortoisegit using a build in gnupg and not an installed package?

Original comment by der.cave...@googlemail.com on 18 Oct 2013 at 6:45

GoogleCodeExporter commented 9 years ago 
How do you tell TortoiseGit to sign a commit?

Original comment by sstrickr...@googlemail.com on 19 Oct 2013 at 12:05

GoogleCodeExporter commented 9 years ago 
Hi!
I tried to sign a tag.

Original comment by der.cave...@googlemail.com on 19 Oct 2013 at 6:56

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Still not working, current stable versions of tool chain as of post date.

TortoiseGit can be configured with a signing key ID, indicating it should work. 
Alternately committing from TortoiseGit, and command line, then checking log, 
shows that TortoiseGit will not emit the "-S" flag on its commits.

$ git log --show-signature -3
commit XXXXXXXXX
Author: victor <null@localhost>
Date:   Sat Mar 7 23:29:07 2015 -0600

    Update README.md

commit XXXXXXXXX
gpg: Signature made 03/07/15 22:46:01 using RSA key ID XXXXXXXXX
gpg: Good signature from "Victor Segall (Victor) <null@localhost>"
Author: victor <null@localhost>
Date:   Sat Mar 7 22:46:01 2015 -0600

    Updated README.md

commit XXXXXXXXX
Author: victor <null@localhost>
Date:   Sat Mar 7 21:12:58 2015 -0600

    Update README.md

Would be a separate third-party issue if, in fact, Tortoise emitted the -S flag 
and then balked at gpg4win configuration. It does not get that far.

Original comment by author.v...@gmail.com on 8 Mar 2015 at 5:47

GoogleCodeExporter commented 9 years ago 
Where to put this option? The interface already has so many options...

Original comment by sstrickr...@googlemail.com on 27 Mar 2015 at 1:07

GoogleCodeExporter commented 9 years ago 
Issue 2452 has been merged into this issue.

Original comment by sstrickr...@googlemail.com on 27 Mar 2015 at 1:07

GoogleCodeExporter commented 9 years ago 
For signing all commits you could use the "commit.gpgsign" config variable.

Original comment by sstrickr...@googlemail.com on 27 Mar 2015 at 1:41

GoogleCodeExporter commented 9 years ago 
@der.caveman81: TortoiseGit calls git.exe. If you use Git for Windows, there 
gpg 1.4 is shipped which does not contain the gpg-agent and cannot read gpg 2.1 
keyrings.

You might need to set gpg.program configuration variable in order to use a 
third party gpg.exe. I added a note to our docs: 
https://tortoisegit.org/docs/tortoisegit/tgit-dug-branchtag.html 
(https://code.google.com/p/tortoisegit/source/detail?r=9877e435d2adf4f199aca19ea
3241ff177d7d81b)

For the record: Gpg4win w

Original comment by sstrickr...@googlemail.com on 29 Mar 2015 at 2:54

GoogleCodeExporter commented 9 years ago 
I doubt that a UI change is needed to solve the now merged issue #2452 part of 
this. Simply getting TortoiseGit to emit the -S flag to git.exe might "just 
work" by also causing git.exe to emit its passphrase dialog.

We don't necessarily need TortoiseGit to handle key management if that's a real 
problem, and if it can be correctly done by third party. As I recall, I entered 
the signing key ID into the repo .git/config through TortoiseGit, and since 
that was a manual entry immediately after making the key (I had the ID on 
screen), that's why my manual `git.exe -S` comparison just worked. I think the 
same holds true for the problem in general.

Original comment by author.v...@gmail.com on 8 May 2015 at 5:50