-
-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PGP / GPG commit signatures #221
Comments
Hi @Developer563 can you explain more? |
Signing commits currently isn't implemented in Gittyup, I'm changing this to a feature request ( |
Hi, I'm interested in this feature and maybe could try my hand at implementing it. However, could the feature at first be just the signing process itself? Users could create the keys/signatures with other tools. |
Yes, just the signing would work |
I was thinking a following plan:
But should the user be told somewhere that signing is enabled in the repository? Also, should the user be able to toggle signing on and off for the repository? |
Sounds good |
Hey just an update, im still interested working on the feature, i just havent had the time yet due to getting a new job and life is busy. I will get on this ASAP, but if someone else has more time than I do, im not stopping you :) |
Don't worry, take your time |
Is it |
Would love to see this feature implemented! @Akselmo since it's been 13 days your might have your answer already
|
Thanks! I have not been working on this much due to being busy with Life:tm:, but I'll see if I can get some work done on this this weekend :) |
Hm, I don't know where to place the I've tried to place it in Can anyone give me a proper walkthrough what happens when user presses the commit button? I can't get debugger working with this either, GDB just crashes. Also I had no luck trying to find the commit button signals(?) from code either. (I dont know if this is bit too difficult for me after all..) |
@Akselmo I didn't dig much into the code but it seems you're on the right track, not sure if you've got access to everything for reconstructing the raw commit data from here though, you might need to create a new method with other parameters. Unfortunately I haven't done any cpp for years and I don't know this project at all so I won't be able to help you much more :/ |
@Akselmo |
For now, you can Edit Config and add:
Talking about this (and commit messages) in #121 because it is so similar. Edit: I've made a Pull Request (#405) to add these features. I don't know if we'll need to put up some UI icons (locks or checkmarks?) to show 'verified' signed stuff, would be nice. I don't recall if Gittyup does that currently. |
Once again I apologize for my slowness. 😅 Just wanted to say I haven't forgotten this. Also, I am not against it if someone else can implement the solution before me. |
Don't worry - you're doing this for free and are free to take whatever time you want |
I think I should clarify my post above, this works with an installed Gittyup (non-Flatpak, I have not tested Flatpak versions) as it uses my global git that has my GPG signing key in it and all. This might not be the expected behavior of Gittyup and may not be a solution if so. Edit: I forgot that last year I modified Gittyup to remove code that worked with commits to use my installation's git instead, to specifically support signoff and GPG because libgit2 does support git_commit_create_with_signature, but that is required to be implemented via the software. I implemented it using host git. It was a hackish work-around I forgot about. It works, but I don't think Gittyup wants to use local git installations...even though that would bring 'your installed version of git' support. Sorry I got everyone's hopes up on that. My solution isn't a publicly-shippable one. |
Hey, I have unassigned myself, since I don't really use Gittyup anymore (im trying to learn git commands :D ) and I wanted to make it clear that anyone who has interest and more time to work on this can go for it. I may give this another try, but I hope my questions may help anyone else who will attempt this. Sorry I couldn't make this contribution happen (for now at least!). Gittyup is great software and I hope to see it improve in future. :) |
Yeah, it requires replacing the git backend with either shell-executed git or a different, more-featured library for git access. I had forgotten that I had essentially done that in my local clone of the repo (a number of versions old with cherry-picked updates). For now, I could suggest using |
Hi, is it available in newer libgit2 versions? Currently I am working on updating the libgit2 version to make it upstream compatible again. |
Unfortunately, it is not available yet. Worse, it doesn't appear to be a priority. |
I would also be interested in seeing this implemented. I like this project overall, but my org requires us to sign our commits, so unfortunately I can't use it until then. |
This was mentioned above in passing, but somehow only once. It seems that GPGME library is the suggested way of using GPG from within other applications, not executing the |
Both. Being able to call external binaries rather than built-in should have been a top priority from the start for many reasons. Bug finding, testing new binaries that don't have libraries, implementation comparison, environment restrictions, features... |
Is this a duplicate of #121 (comment)? |
I have configured the pgp keys
but I don't know why signing doesn't work.
The text was updated successfully, but these errors were encountered: