repoman: support git commit --gpg-sign

In order to sign commits with git, you will need Git >=1.7.9 and your
key will have to be configured by `git config user.signingkey key_id`.
Also, the repository will need to have "sign-commits = true" in
metadata/layout.conf. This will fix bug #333687.

diff --git a/bin/repoman b/bin/repoman
index 6e9125480aadba669b8ffc966515644a275096ec..bee6661db1593a37e6a6276b4afc5e55b7cd8ba5 100755 (executable)
--- a/bin/repoman
+++ b/bin/repoman
@@ -582,6 +582,13 @@ repo_config = repoman_settings.repositories.get_repo_for_location(repodir)
 portdb.porttrees = list(repo_config.eclass_db.porttrees)
 portdir = portdb.porttrees[0]
 
+if repo_config.sign_commit:
+       if vcs == 'git':
+               # NOTE: It's possible to use --gpg-sign=key_id to specify the key in
+               # the commit arguments. If key_id is unspecified, then it must be
+               # configured by `git config user.signingkey key_id`.
+               vcs_local_opts.append("--gpg-sign")
+
 # In order to disable manifest signatures, repos may set
 # "sign-manifests = false" in metadata/layout.conf. This
 # can be used to prevent merge conflicts like those that

diff --git a/man/make.conf.5 b/man/make.conf.5
index e5a9ae1ed57bb0c57515b5dfffe846681cd277d7..e8777c84050b9fce125f2bdfd25b51185b115f91 100644 (file)
--- a/man/make.conf.5
+++ b/man/make.conf.5
@@ -722,7 +722,9 @@ Defaults to $HOME/.gnupg.
 .TP
 .B PORTAGE_GPG_KEY
 The \fBgpg\fR(1) key used by \fBrepoman\fR(1) to sign manifests
-when \fBsign\fR is in \fBFEATURES\fR.
+when \fBsign\fR is in \fBFEATURES\fR. In order to sign commits with
+\fBgit\fR(1), you will need Git >=1.7.9 and your commit key will have
+to be configured by \fI`git config user.signingkey key_id`\fR.
 .TP
 .B PORTAGE_GPG_SIGNING_COMMAND
 The command used by \fBrepoman\fR(1) to sign manifests when \fBsign\fR is

diff --git a/man/portage.5 b/man/portage.5
index e2ed75404641b838d4e2410643fedd78ca622f2a..dd94a796bcbedaca6215f0856e588a3b12a15fe2 100644 (file)
--- a/man/portage.5
+++ b/man/portage.5
@@ -785,6 +785,9 @@ precedence over settings in \fBlayout.conf\fR, except tools such as
 masters = gentoo java-overlay
 # indicate that this repo can be used as a substitute for foo-overlay
 aliases = foo-overlay
+# sign commits in this repo, which requires Git >=1.7.9, and
+# key configured by `git config user.signingkey key_id`
+sign\-commits = true
 # do not sign manifests in this repo
 sign\-manifests = false
 # thin\-manifests only contain DIST entries

diff --git a/pym/portage/repository/config.py b/pym/portage/repository/config.py
index ebee234c31d654da8b444a7bb8c9fa7fb1187edd..84d97411ec05605bb69db1b410bd9de141177f9d 100644 (file)
--- a/pym/portage/repository/config.py
+++ b/pym/portage/repository/config.py
@@ -49,7 +49,7 @@ class RepoConfig(object):
                'cache_formats', 'create_manifest', 'disable_manifest', 'eapi',
                'eclass_db', 'eclass_locations', 'eclass_overrides', 'format', 'location',
                'main_repo', 'manifest_hashes', 'masters', 'missing_repo_name',
-               'name', 'priority', 'sign_manifest', 'sync', 'thin_manifest',
+               'name', 'priority', 'sign_commit', 'sign_manifest', 'sync', 'thin_manifest',
                'update_changelog', 'user_location', 'portage1_profiles',
                'portage1_profiles_compat')
 
@@ -117,6 +117,9 @@ class RepoConfig(object):
                self.eapi = eapi
                self.name = name
                self.missing_repo_name = missing
+               # sign_commit is disabled by default, since it requires Git >=1.7.9,
+               # and key_id configured by `git config user.signingkey key_id`
+               self.sign_commit = False
                self.sign_manifest = True
                self.thin_manifest = False
                self.allow_missing_manifest = False
@@ -148,7 +151,7 @@ class RepoConfig(object):
 
                        for value in ('allow-missing-manifest', 'cache-formats',
                                'create-manifest', 'disable-manifest', 'manifest-hashes',
-                               'sign-manifest', 'thin-manifest', 'update-changelog'):
+                               'sign-commit', 'sign-manifest', 'thin-manifest', 'update-changelog'):
                                setattr(self, value.lower().replace("-", "_"), layout_data[value])
 
                        self.portage1_profiles = any(x.startswith("portage-1") \
@@ -688,6 +691,9 @@ def parse_layout_conf(repo_location, repo_name=None):
        data['masters'] = masters
        data['aliases'] = tuple(layout_data.get('aliases', '').split())
 
+       data['sign-commit'] = layout_data.get('sign-commits', 'false').lower() \
+               == 'true'
+
        data['sign-manifest'] = layout_data.get('sign-manifests', 'true').lower() \
                == 'true'