git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Soft bug: No chance to sign synthetic commits when using git subtree External
@ 2022-10-21  7:52 Adam Ryczkowski
  2022-10-29  7:24 ` Fwd: " Adam Ryczkowski
  0 siblings, 1 reply; 3+ messages in thread
From: Adam Ryczkowski @ 2022-10-21  7:52 UTC (permalink / raw)
  To: git

Hello!

I build a complex project "Monorepo" in an environment that mandates
code signing and monorepository philosophy. In my project I built
several multi-purpose libraries. I track changes to those libraries in
a separate (local) repository, and use git subtree to merge them with
the Monorepo.

Git does not have an option to sign the synthetic commits it generates
when merging and pulling (and does ignore a policy `commit.gpgsign =
true` in `.git/config` present in all repositories that are involved).
It is not that bad in `git subtree pull`, because I can do `git commit
--amend -S --no-edit` on the last commit in the Monorepo, if I find
that the `git subtree pull` added a new commit.

The problem is with `git subtree push`, because it can add more than
one commit on a single invocation, forcing me to edit the history.

Do you confirm this is an inconvenience bug (not a bug in the sense
that I get the repository corrupted)?

I use git 2.38.1 on Ubuntu 20.04 64 bit

Steps to reproduce:

1. In the empty directory, in my example `/home/adam/gitbug`, create
the Monorepo:

```
git init monorepo
```

2. Modify the `monorepo/.git/config` and add user's signing key and
`commit.gpgsign=true`
```
[user]
signingkey = 1234561234567890
email = adam@statystyka.net
[commit]
gpgsign = true
```

3. Add a first commit and verify it gets signed.
```
cd monorepo
git commit -m "Initial commit" --allow-empty
git log --show-signature
cd ..
```

4. Create a feature library "lib1":
```
git init lib1
```

5. Modify the `lib1/.git/config` in a similar way as in Monorepo (step
2) and add `receive.denyCurrentBranch=
updateInstead`
```
[user]
signingkey = 1234561234567890
email = adam@statystyka.net
[commit]
gpgsign = true
[receive]
denyCurrentBranch = updateInstead
```

6. Add a first commit to lib1. Verify it is signed.
```
cd lib1
touch library_code.py
git add library_code.py
git commit -m "Initial commit in lib1"
git log --show-signature
cd ..
```

7. Add lib1 as a subtree repository for Monorepo. Bug #1: The
signature of the subtree split commit IS NOT signed in the Monorepo.
```
cd monorepo
git remote add lib1 "/home/adam/gitbug/lib1"
git subtree add --prefix lib/lib1 lib1 master
git log --show-signature

Merge: 6f06087 cef349f
Author: Adam Ryczkowski <adam@statystyka.net>
Date:   Thu Oct 20 09:35:27 2022 +0200

    Add 'lib/lib1/' from commit 'cef349f0c89b7a506a5558750310d4cb3dc1f307'

    git-subtree-dir: lib/lib1
    git-subtree-mainline: 6f06087ac3d45d18d0651717388906902d6fa74b
    git-subtree-split: cef349f0c89b7a506a5558750310d4cb3dc1f307

```


8. Sign the signature with git amend, and verify all the commits are signed:
```
git commit -S --amend --no-edit
git log --show-signature
cd ..
```

9. Make a commit in lib1 and verify all the commits are signed:
```
cd lib1
echo "First line of code" >> library_code.py
git commit -S -am "Adds first line of code"
git log --show-signature
cd ..
```

10. Pull the changes in the lib1 to the Monorepo and verify all the
commits are signed:
```
cd monorepo
git subtree pull --prefix=lib/lib1 lib1 master
git log --show-signature
```

11. Modify the lib1 from inside the Monorepo and push the changes to
the subtree repository:
```
echo "Another line of code" >> lib/lib1/library_code.py
git commit -S -am "Adds another line of code"
git log --show-signature
git subtree push --prefix=lib/lib1 lib1 master
cd ..
```

12. Bug #2: In the lib1 the added commit "Adds another line of code"
added by the `git subtree push` IS NOT signed:
```
cd lib1
git log --show-signature
```

13. We need to walk around this bug otherwise the `git subtree pull`
will merge UNSIGNED commits.
```
git commit -S --amend --no-edit
git log --show-signature
cd ..
```

14. Go back to the lib1 and subtre pull the last subtree push we did,
otherwise our subsequent subtree push would end with `error: failed to
push some refs to '/home/adam/tmp/gitbug/lib1`. If we hadn't manually
signed the last commit in lib1, this would pull that unsigned commit
and cover it with ANOTHER unsigned commit caused by git subtree pull.
```
cd monorepo
git subtree pull --prefix=lib/lib1 lib1 master
git log --show-signature
```

15. Make a _second_ push to the lib1.
```
echo "Third line of code" >> lib/lib1/library_code.py
git commit -S -am "Adds third line of code"
git log --show-signature # All is signed as expected
git subtree push --prefix=lib/lib1 lib1 master
cd ..
```

16. Go to the lib1 and see a total mayhem: Three unsigned commits:
```
cd lib1
git log --show-signature
```
First two commits and a commit `2de16` are unsigned... The only way of
fixing it is to do rewrite the history:


```
commit b3c5429d2b3f7f4a3643bd577d1c4fd458238a22
Author: Adam Ryczkowski <adam@statystyka.net>
Date:   Thu Oct 20 12:43:18 2022 +0200

    Adds third line of code

commit 53f1d874c542731b7fbb928877034332b57cc6e9
Merge: 2de16ea d80a03e
Author: Adam Ryczkowski <adam@statystyka.net>
Date:   Thu Oct 20 12:42:51 2022 +0200

    Merge commit 'd80a03ef0c1a82e29d94d89c8d7bd1d3f40e8691'

commit d80a03ef0c1a82e29d94d89c8d7bd1d3f40e8691
Primary key fingerprint: C076 B904 25BB FE0B 2718  697B 519B A799 293A 0D76
Author: Adam Ryczkowski <adam@statystyka.net>
Date:   Thu Oct 20 12:42:14 2022 +0200

    Adds another line of code

commit 2de16ead1752dc661904099c34f6b09f495faa94
Author: Adam Ryczkowski <adam@statystyka.net>
Date:   Thu Oct 20 12:42:14 2022 +0200

    Adds another line of code

commit 3d80e8b60eb65378e78fc1bf88e5eed2da703dab
Primary key fingerprint: C076 B904 25BB FE0B 2718  697B 519B A799 293A 0D76
Author: Adam Ryczkowski <adam@statystyka.net>
Date:   Thu Oct 20 12:42:00 2022 +0200

    Adds first line of code

commit cef349f0c89b7a506a5558750310d4cb3dc1f307
Primary key fingerprint: C076 B904 25BB FE0B 2718  697B 519B A799 293A 0D76
Author: Adam Ryczkowski <adam@statystyka.net>
Date:   Thu Oct 20 09:34:57 2022 +0200

    Initial commit in lib1
```

Adam Ryczkowski

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Fwd: Soft bug: No chance to sign synthetic commits when using git subtree External
  2022-10-21  7:52 Soft bug: No chance to sign synthetic commits when using git subtree External Adam Ryczkowski
@ 2022-10-29  7:24 ` Adam Ryczkowski
  2022-10-30  3:09   ` Eric Sunshine
  0 siblings, 1 reply; 3+ messages in thread
From: Adam Ryczkowski @ 2022-10-29  7:24 UTC (permalink / raw)
  To: git

A week passed and my last message did not get any follow ups
(https://lore.kernel.org/git/CAEjZQXRsMaRYrskmpn5zBCrOt3xNOZ5shoVG82kjS7A3MZQtUQ@mail.gmail.com/T/#u).
Since it is my first post to the vger.kernel.org and I am using gmail
(which feels awkward in the context of this list), it lets me to
believe that the message was filtered out from human eyes somehow.

I would appreciate it if someone responds to this email, just to let
me know that the initial message was delivered successfully. Thank
you.

Adam

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Soft bug: No chance to sign synthetic commits when using git subtree External
  2022-10-29  7:24 ` Fwd: " Adam Ryczkowski
@ 2022-10-30  3:09   ` Eric Sunshine
  0 siblings, 0 replies; 3+ messages in thread
From: Eric Sunshine @ 2022-10-30  3:09 UTC (permalink / raw)
  To: Adam Ryczkowski; +Cc: git

On Sat, Oct 29, 2022 at 3:32 AM Adam Ryczkowski
<adam.ryczkowski@statystyka.net> wrote:
> A week passed and my last message did not get any follow ups
> (https://lore.kernel.org/git/CAEjZQXRsMaRYrskmpn5zBCrOt3xNOZ5shoVG82kjS7A3MZQtUQ@mail.gmail.com/T/#u).
> Since it is my first post to the vger.kernel.org and I am using gmail
> (which feels awkward in the context of this list), it lets me to
> believe that the message was filtered out from human eyes somehow.
>
> I would appreciate it if someone responds to this email, just to let
> me know that the initial message was delivered successfully. Thank
> you.

Presence of your initial message in the archive is indicative that it
made it to the list itself. That nobody responded is likely due to
there being very few git-subtree users on the list rather than any
intentional lack of regard for your report. I have, myself, never used
or looked at git-subtree, hence am of no help on the subject.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-10-30  3:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-21  7:52 Soft bug: No chance to sign synthetic commits when using git subtree External Adam Ryczkowski
2022-10-29  7:24 ` Fwd: " Adam Ryczkowski
2022-10-30  3:09   ` Eric Sunshine

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).