Rev 6023: (jr) Add a config option signature_key for setting which GPG key should be in file:///home/pqm/archives/thelove/bzr/%2Btrunk/
Canonical.com Patch Queue Manager
pqm at pqm.ubuntu.com
Tue Jul 12 14:11:20 UTC 2011
At file:///home/pqm/archives/thelove/bzr/%2Btrunk/
------------------------------------------------------------
revno: 6023 [merge]
revision-id: pqm at pqm.ubuntu.com-20110712141118-09vc4hfybefzgbb2
parent: pqm at pqm.ubuntu.com-20110711101336-k498o31t08szd9e9
parent: jriddell at canonical.com-20110712132012-3agodfclkq7sn5wm
committer: Canonical.com Patch Queue Manager <pqm at pqm.ubuntu.com>
branch nick: +trunk
timestamp: Tue 2011-07-12 14:11:18 +0000
message:
(jr) Add a config option signature_key for setting which GPG key should be
used to sign commits. Also default to using the gpg user identity which
matches user_email() as set by whoami. Also don't use create_signatures on
documentation config examples,
since it doesn't do anything so makes for a bad example. (Jonathan Riddell)
modified:
bzrlib/config.py config.py-20051011043216-070c74f4e9e338e8
bzrlib/gpg.py gpg.py-20051017065112-8654536d415dacc6
bzrlib/help_topics/en/configuration.txt configuration.txt-20060314161707-868350809502af01
bzrlib/tests/test_config.py testconfig.py-20051011041908-742d0c15d8d8c8eb
bzrlib/tests/test_gpg.py testgpg.py-20051017042228-9276cd40a784c93c
doc/en/release-notes/bzr-2.5.txt bzr2.5.txt-20110708125756-587p0hpw7oke4h05-1
doc/en/user-guide/gpg_signatures.txt gpg_signatures.txt-20110613144839-bhiqfi9k0khol2vm-1
=== modified file 'bzrlib/config.py'
--- a/bzrlib/config.py 2011-06-30 16:48:11 +0000
+++ b/bzrlib/config.py 2011-07-11 12:03:39 +0000
@@ -31,6 +31,7 @@
log_format=name-of-format
validate_signatures_in_log=true|false(default)
acceptable_keys=pattern1,pattern2
+gpg_signing_key=amy at example.com
in locations.conf, you specify the url of a branch and options for it.
Wildcards may be used - * and ? as normal in shell completion. Options
@@ -536,6 +537,14 @@
return True
return False
+ def gpg_signing_key(self):
+ """GPG user-id to sign commits"""
+ key = self.get_user_option('gpg_signing_key')
+ if key == "default" or key == None:
+ return self.user_email()
+ else:
+ return key
+
def get_alias(self, value):
return self._get_alias(value)
=== modified file 'bzrlib/gpg.py'
--- a/bzrlib/gpg.py 2011-07-01 10:42:26 +0000
+++ b/bzrlib/gpg.py 2011-07-11 10:53:46 +0000
@@ -175,7 +175,9 @@
return False
def _command_line(self):
- return [self._config.gpg_signing_command(), '--clearsign']
+
+ return [self._config.gpg_signing_command(), '--clearsign', '-u',
+ self._config.gpg_signing_key()]
def __init__(self, config):
self._config = config
=== modified file 'bzrlib/help_topics/en/configuration.txt'
--- a/bzrlib/help_topics/en/configuration.txt 2011-06-14 10:47:20 +0000
+++ b/bzrlib/help_topics/en/configuration.txt 2011-07-11 10:53:46 +0000
@@ -258,7 +258,7 @@
variable name, an equals sign and a value. For example::
email = John Doe <jdoe at isp.com>
- check_signatures = require
+ gpg_signing_key = Amy Pond <amy at example.com>
A variable can reference other variables **in the same configuration file** by
enclosing them in curly brackets::
@@ -311,7 +311,6 @@
[DEFAULT]
email = John Doe <jdoe at isp.com>
editor = /usr/bin/vim
- check_signatures = check-available
create_signatures = when-required
@@ -329,10 +328,6 @@
[http://hypothetical.site.com/branches/devel-branch]
create_signatures = always
- check_signatures = always
-
- [http://example.com/bzr/*]
- check_signatures = require
The authentication configuration file, authentication.conf
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -420,6 +415,13 @@
committed revisions only when the branch requires them. ``never`` will refuse
to sign newly committed revisions, even if the branch requires signatures.
+gpg_signing_key
+~~~~~~~~~~~
+
+The GnuPG user identity to use when signing commits. Can be an e-mail
+address, key fingerprint or full key ID. When unset or when set to
+"default" Bazaar will use the user e-mail set with ``whoami``.
+
recurse
~~~~~~~
@@ -441,6 +443,8 @@
gpg_signing_command = /usr/bin/gnpg
+The specified command must accept the options "--clearsign" and "-u <email>".
+
bzr_remote_path
~~~~~~~~~~~~~~~
=== modified file 'bzrlib/tests/test_config.py'
--- a/bzrlib/tests/test_config.py 2011-06-22 13:53:20 +0000
+++ b/bzrlib/tests/test_config.py 2011-07-11 10:53:46 +0000
@@ -160,6 +160,7 @@
editor=vim
change_editor=vimdiff -of @new_path @old_path
gpg_signing_command=gnome-gpg
+gpg_signing_key=DD4D5088
log_format=short
validate_signatures_in_log=true
acceptable_keys=amy
@@ -214,6 +215,7 @@
[/a/]
check_signatures=check-available
gpg_signing_command=false
+gpg_signing_key=default
user_local_option=local
# test trailing / matching
[/a/*]
@@ -1225,6 +1227,10 @@
self.assertEqual("gnome-gpg", my_config.gpg_signing_command())
self.assertEqual(False, my_config.signature_needed())
+ def test_gpg_signing_key(self):
+ my_config = self._get_sample_config()
+ self.assertEqual("DD4D5088", my_config.gpg_signing_key())
+
def _get_empty_config(self):
my_config = config.GlobalConfig()
return my_config
@@ -1520,6 +1526,14 @@
self.get_branch_config('/a')
self.assertEqual("false", self.my_config.gpg_signing_command())
+ def test_gpg_signing_key(self):
+ self.get_branch_config('/b')
+ self.assertEqual("DD4D5088", self.my_config.gpg_signing_key())
+
+ def test_gpg_signing_key_default(self):
+ self.get_branch_config('/a')
+ self.assertEqual("erik at bagfors.nu", self.my_config.gpg_signing_key())
+
def test_get_user_option_global(self):
self.get_branch_config('/a')
self.assertEqual('something',
=== modified file 'bzrlib/tests/test_gpg.py'
--- a/bzrlib/tests/test_gpg.py 2011-06-30 15:10:10 +0000
+++ b/bzrlib/tests/test_gpg.py 2011-07-12 13:20:12 +0000
@@ -27,6 +27,9 @@
class FakeConfig(object):
+ def gpg_signing_key(self):
+ return "amy at example.com"
+
def gpg_signing_command(self):
return "false"
@@ -38,7 +41,7 @@
def test_signing_command_line(self):
my_gpg = gpg.GPGStrategy(FakeConfig())
- self.assertEqual(['false', '--clearsign'],
+ self.assertEqual(['false', '--clearsign', '-u', 'amy at example.com'],
my_gpg._command_line())
def test_checks_return_code(self):
=== modified file 'doc/en/release-notes/bzr-2.5.txt'
--- a/doc/en/release-notes/bzr-2.5.txt 2011-07-11 08:53:59 +0000
+++ b/doc/en/release-notes/bzr-2.5.txt 2011-07-12 11:48:45 +0000
@@ -20,6 +20,10 @@
.. New commands, options, etc that users may wish to try out.
+* Add a config option gpg_signature_key for setting which GPG key
+ should be used to sign commits. Also default to using the gpg user
+ identity which matches user_email() as set by whoami.
+
Improvements
************
=== modified file 'doc/en/user-guide/gpg_signatures.txt'
--- a/doc/en/user-guide/gpg_signatures.txt 2011-06-22 15:55:13 +0000
+++ b/doc/en/user-guide/gpg_signatures.txt 2011-07-11 10:53:46 +0000
@@ -53,6 +53,14 @@
``re-sign`` is also useful to change an existing signature.
+By default Bazaar will tell GnuPG to use a key with the same user
+identity as the one set with ``whoami``. To override this set
+``gpg_signing_key`` in bazaar.conf or locations.conf.
+
+ ``gpg_signing_key=DD4D5088``
+
+ ``gpg_signing_key=amy at example.com``
+
Verifying Commits
-----------------
@@ -78,6 +86,6 @@
Work in Progress
----------------
-There is still a number of digital signature related features which are hoped
-to be added to Bazaar soon. These include verificiation in logs, qbzr
+There is still a number of digital signature related features which
+are hoped to be added to Bazaar soon. These include bzr explorer
integration and setting branches to require signatures.
More information about the bazaar-commits
mailing list