From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: Jeff King <peff@peff.net>
Cc: Santiago Torres Arias <santiago@nyu.edu>,
git@vger.kernel.org, gitster@pobox.com, sunshine@sunshineco.us
Subject: Re: [RFC PATCH] builtin:tag:verify_tag: allow gpg output + pretty
Date: Mon, 22 Apr 2019 23:07:01 +0000 [thread overview]
Message-ID: <20190422230701.GD6316@genre.crustytoothpaste.net> (raw)
In-Reply-To: <20190422160211.GB9680@sigill.intra.peff.net>
[-- Attachment #1: Type: text/plain, Size: 3475 bytes --]
On Mon, Apr 22, 2019 at 12:02:11PM -0400, Jeff King wrote:
> On Mon, Apr 22, 2019 at 11:46:56AM -0400, Santiago Torres Arias wrote:
>
> > > In some ways I'm less concerned about verify-tag, though, because the
> > > point is that it should be scriptable. And scraping gpg's stderr is not
> > > ideal there. We should be parsing --status-fd ourselves and making the
> > > result available via format specifier, similar to the way "log
> > > --format=%G?" works.
> >
> > I think that would be great, as we could make it simpler for verifiers
> > to parse gpg output.
>
> Alternatively, we could make it an option to dump the --status-fd output
> to stderr (or to a custom fd). That still leaves the caller with the
> responsibility to parse gpg's output, but at least they're parsing the
> machine-readable bits and not the regular human-readable stderr.
Don't we already have that for verify-tag and verify-commit? I recall
adding "--raw" for that very reason:
genre ok % git verify-tag --raw v2.21.0
[GNUPG:] NEWSIG
[GNUPG:] KEYEXPIRED 1442879137
[GNUPG:] KEYEXPIRED 1505842336
[GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0
[GNUPG:] KEYEXPIRED 1442879137
[GNUPG:] SIG_ID NZHib/GfN4TzXBhuI9ABwYXqluE 2019-02-24 1551023739
[GNUPG:] KEYEXPIRED 1442879137
[GNUPG:] KEYEXPIRED 1505842336
[GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0
[GNUPG:] KEYEXPIRED 1442879137
[GNUPG:] KEYEXPIRED 1505842336
[GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0
[GNUPG:] EXPKEYSIG B0B5E88696AFE6CB Junio C Hamano <gitster@pobox.com>
[GNUPG:] KEYEXPIRED 1442879137
[GNUPG:] KEYEXPIRED 1505842336
[GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0
[GNUPG:] KEYEXPIRED 1442879137
[GNUPG:] KEYEXPIRED 1505842336
[GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0
[GNUPG:] VALIDSIG E1F036B1FEE7221FC778ECEFB0B5E88696AFE6CB 2019-02-24 1551023739 0 4 0 1 8 00 96E07AF25771955980DAD10020D04E5A713660A7
[GNUPG:] KEYEXPIRED 1442879137
[GNUPG:] KEYEXPIRED 1505842336
[GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0
[GNUPG:] KEYEXPIRED 1442879137
[GNUPG:] KEYEXPIRED 1505842336
[GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0
[GNUPG:] KEYEXPIRED 1442879137
[GNUPG:] KEYEXPIRED 1505842336
[GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0
[GNUPG:] TOFU_USER 96E07AF25771955980DAD10020D04E5A713660A7 gitster@pobox.com
[GNUPG:] TOFU_STATS 2 1 0 auto 1555974073 1555974073 0 0 2 1 0
[GNUPG:] TOFU_STATS_LONG gitster@pobox.com: Verified 1~signature in the past 0~seconds. Encrypted%0A0 messages.
[GNUPG:] TOFU_USER 96E07AF25771955980DAD10020D04E5A713660A7 jch@google.com
[GNUPG:] TOFU_STATS 2 1 0 auto 1555974073 1555974073 0 0 2 1 0
[GNUPG:] TOFU_STATS_LONG jch@google.com: Verified 1~signature in the past 0~seconds. Encrypted 0%0Amessages.
[GNUPG:] TOFU_USER 96E07AF25771955980DAD10020D04E5A713660A7 junio@pobox.com
[GNUPG:] TOFU_STATS 2 1 0 auto 1555974073 1555974073 0 0 2 1 0
[GNUPG:] TOFU_STATS_LONG junio@pobox.com: Verified 1~signature in the past 0~seconds. Encrypted%0A0 messages.
[GNUPG:] VERIFICATION_COMPLIANCE_MODE 23
The idea was that users might want to restrict signatures to using
subkeys or certain algorithms or what-have-you, and this was the easiest
way to let people have all of that power.
--
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 868 bytes --]
next prev parent reply other threads:[~2019-04-22 23:07 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-12 20:14 [RFC PATCH] builtin:tag:verify_tag: allow gpg output + pretty santiago
2019-04-12 20:16 ` Santiago Torres Arias
2019-04-22 15:27 ` Jeff King
2019-04-22 15:46 ` Santiago Torres Arias
2019-04-22 16:02 ` Jeff King
2019-04-22 23:07 ` brian m. carlson [this message]
2019-04-22 23:26 ` Santiago Torres Arias
2019-04-23 0:00 ` brian m. carlson
2019-04-23 2:13 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190422230701.GD6316@genre.crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
--cc=santiago@nyu.edu \
--cc=sunshine@sunshineco.us \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.