-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Marek Marczykowski-Górecki:
Great. Thanks for this script.
>>>
>>>> Marek,
>>>
>>>> I'm not seeing any git tags:
>>>
>>>> [user@...
qubesos.github.io]$ git pull origin master From
>>>> github.com:QubesOS/
qubesos.github.io * branch
>>>> master -> FETCH_HEAD Already up-to-date. [user@...
>>>>
qubesos.github.io]$ git tag [user@...
qubesos.github.io]$ git
>>>> tag -v "`git describe`" fatal: No names found, cannot
>>>> describe anything. error: tag '' not found.
>>>
>>>> What am I doing wrong?
>>>
>>> Try git pull --tags.
>>>
>
>> That works. Thank you.
>
A fast way to create these signed tags is specifying an alias in
~/.gitconfig (hint from Marek). But don't forget to check the `git
diff` from latest known 'good' state before creating it. ;)
[alias]
stag = "!id=`git show --pretty=format:%H|head -1`; git tag -s
- -m \"Tag for commit $id\" nukama_${id:0:8}"
If we script this, we might only checkout the latest commit, where the
chain of trusted contributors commits (based on a trusted stag) is not
broken by an unsigned commit.
I'm signing commits created on my doc-VM only and create a signed tag
when it is ready for production.
I might also edit some files over github when I'm away from my
fortress, but have to create a stag afterwards when I'm back or wait
for some other trusted contributor to check my commits and stag them.
Maybe we can create a key for signing tags (trusted contributors,
separate audit-VM) and one for signing commits (trusted and other
contributors, doc-VM). Overkill!?
Here is my .gitconfig, any objections or suggestions?
[user]
email =
nuk...@gmail.com
name = Hakisho Nukama
signingkey = 3FCF9A1111350DE9FA9C3DD06E7A27B909DAFB92
[alias]
lg = log --graph --show-signature
stag = "!id=`git show --pretty=format:%H|head -1`; git tag -s
- -m \"Tag for commit $id\" nukama_${id:0:8}"
[core]
autosetuprebase = always
[commit]
gpgsign = true
[gpg]
program = gpg2
- --
Best Regards,
Hakisho Nukama
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVZN3BAAoJEDAdK/0oyrkqOuwQAKwwg6XEzgpYsIER49yChVFW
ESmvfo8bxfaTNGUWMEU/fbi45AejeQDlJScfPc6zBSAUaCoT6kFbqCu/oNX7Pfr3
jxTX1CSrms3oq/u9NwpV+kONqTAE/asYbBfGo0lanCJJxk2tUCQU2p9OyJjBcSrq
XiMFMmY7ldtuUKtLAqV8QnNPb+zPM0jvKSZh9lpZpTHvWAmB9Lxq9CIU9WcrA+M5
JyHFo4RNld3K+Si/us/638Gk1ZvEWrXE6AYBw/xREnFy63MVf4vvIastgX+I3q0C
QZMfELXM2JNK3mG9J4a9zJE88NonPCfNDWinvZjVT4uFDP+JRoCZ8csaBvzNfFSh
Gc9CrIvC8hUTHGePL/W30RyjHjVNc0lNn5VK3OE0IrfmmyPiTLt7PV14NWmTRBqL
QCeeY2MXbrb7WWcUKAGPhpCwNUILZjjlpjwaP9r3xilhjJF7gB7pVTwglxmAsGc0
0e1H8QaE9ed39K/X1JwRjR6qWN61NdwAP3Ax2a0w1w8E3M1TrtL7Ey3i5zQiBAjn
acvsZqlolGIgWPJ5GyvTUKuYaSFPIoho+z2dWIm32K7UTeBL++8yFftWKNS4WxwT
VjfNncM2RWJ85UU/wpBI74f4MO9aYUDsllo3979KWISX5HzVQCbZ75mSo9cLpsO1
y+hdMhE00xV898zvwK1o
=W6In
-----END PGP SIGNATURE-----