Allow the tag signing key to be specified in the config file

I did this:

  $ git tag -s test-sign
  gpg: skipped "Andy Parkins <andyparkins@gmail.com>": secret key not available
  gpg: signing failed: secret key not available
  failed to sign the tag with GPG.

The problem is that I have used the comment field in my key's UID
definition.

  $ gpg --list-keys andy
  pub   1024D/4F712F6D 2003-08-14
  uid                  Andy Parkins (Google) <andyparkins@gmail.com>

So when git-tag looks for "Andy Parkins <andyparkins@gmail.com>";
obviously it's not going to be found.

There shouldn't be a requirement that I use the same form of my name in
my git repository and my gpg key - I might want to be formal (Andrew) in
my gpg key and informal (Andy) in the repository.  Further I might have
multiple keys in my keyring, and might want to use one that doesn't
match up with the address I use in commit messages.

This patch adds a configuration entry "user.signingkey" which, if
present, will be passed to the "-u" switch for gpg, allowing the tag
signing key to be overridden.  If the entry is not present, the fallback
is the original method, which means existing behaviour will continue
untouched.

Signed-off-by: Andy Parkins <andyparkins@gmail.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>

diff --git a/Documentation/config.txt b/Documentation/config.txt
index 3f2fa09a87b0cbfb517591ff0472b1ff5cd81ef8..6ea7c76a6af24139b8de1553b6204f32939acd53 100644 (file)
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -469,6 +469,13 @@ user.name::
        Can be overridden by the 'GIT_AUTHOR_NAME' and 'GIT_COMMITTER_NAME'
        environment variables.  See gitlink:git-commit-tree[1].
 
+user.signingkey::
+       If gitlink:git-tag[1] is not selecting the key you want it to
+       automatically when creating a signed tag, you can override the
+       default selection with this variable.  This option is passed
+       unchanged to gpg's --local-user parameter, so you may specify a key
+       using any method that gpg supports.
+
 whatchanged.difftree::
        The default gitlink:git-diff-tree[1] arguments to be used
        for gitlink:git-whatchanged[1].

diff --git a/Documentation/git-tag.txt b/Documentation/git-tag.txt
index 13c7aefbf332124c5282a9a8532c7c9f8e0564f1..3f01e0bfc5eb72bfbd8c3ab97e4b9ac495463edb 100644 (file)
--- a/Documentation/git-tag.txt
+++ b/Documentation/git-tag.txt
@@ -70,6 +70,16 @@ OPTIONS
        Take the tag message from the given file.  Use '-' to
        read the message from the standard input.
 
+CONFIGURATION
+-------------
+By default, git-tag in sign-with-default mode (-s) will use your
+committer identity (of the form "Your Name <your@email.address>") to
+find a key.  If you want to use a different default key, you can specify
+it in the repository configuration as follows:
+
+[user]
+    signingkey = <gpg-key-id>
+
 Author
 ------
 Written by Linus Torvalds <torvalds@osdl.org>,

diff --git a/git-tag.sh b/git-tag.sh
index 94499c9b367800249e74a0e891dd14eb968f8857..988bf4c6a6b52af4d4a1b792090c317b9d799755 100755 (executable)
--- a/git-tag.sh
+++ b/git-tag.sh
@@ -112,7 +112,9 @@ git-check-ref-format "tags/$name" ||
 object=$(git-rev-parse --verify --default HEAD "$@") || exit 1
 type=$(git-cat-file -t $object) || exit 1
 tagger=$(git-var GIT_COMMITTER_IDENT) || exit 1
-: ${username:=$(expr "z$tagger" : 'z\(.*>\)')}
+
+keyid=$(git-repo-config user.signingkey) ||
+       keyid=$(expr "z$tagger" : 'z\(.*>\)')
 
 trap 'rm -f "$GIT_DIR"/TAG_TMP* "$GIT_DIR"/TAG_FINALMSG "$GIT_DIR"/TAG_EDITMSG' 0
 
@@ -139,7 +141,7 @@ if [ "$annotate" ]; then
       cat "$GIT_DIR"/TAG_FINALMSG ) >"$GIT_DIR"/TAG_TMP
     rm -f "$GIT_DIR"/TAG_TMP.asc "$GIT_DIR"/TAG_FINALMSG
     if [ "$signed" ]; then
-       gpg -bsa -u "$username" "$GIT_DIR"/TAG_TMP &&
+       gpg -bsa -u "$keyid" "$GIT_DIR"/TAG_TMP &&
        cat "$GIT_DIR"/TAG_TMP.asc >>"$GIT_DIR"/TAG_TMP ||
        die "failed to sign the tag with GPG."
     fi