Allow "-u" flag to tag signing

The current "git tag -s" thing always uses the tagger name as the signing user key, which is very irritating, since my key is under my email address, but the tagger key obviously contains the actual machine name too. Now, I could just use "GIT_COMMITTER_EMAIL" and force it to be my real email, but I actually think that it's nice to see which machine I use for my work. So rather than force my tagger ID to have to match the gpg key name, just support the "-u" flag to "git tag" instead. It implicitly enables signing, since it doesn't make any sense without it. Thus: git tag -u <gpg-key-name> <tag-name> [<tagged-object>] will use the named gpg key for signing. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
2024-06-03 11:06:10 +02:00 · 2005-10-06 14:10:39 -07:00 · 2005-10-06 14:10:39 -07:00 · bc162e40ea
parent 12aac5de3d
commit bc162e40ea
2 changed files with 29 additions and 11 deletions
--- a/Documentation/git-tag.txt
+++ b/Documentation/git-tag.txt
@ -10,19 +10,27 @@ git-tag -  Create a tag object signed with GPG

 SYNOPSIS
 --------
-'git-tag' [-s | -a] [-f] <name>
+'git-tag' [-a | -s | -u <key-id>] [-f] [-m <msg>] <name>

 DESCRIPTION
 -----------
-Adds a "tag" reference in .git/refs/tags/
+Adds a 'tag' reference in .git/refs/tags/

-Unless "-f" is given, the tag must not yet exist in ".git/refs/tags"
+Unless `-f` is given, the tag must not yet exist in
+`.git/refs/tags/` directory.

-If "-s" or "-a" is passed, the user will be prompted for a tag message.
-and a tag object is created.  Otherwise just the SHA1 object
-name of the commit object is written.
+If one of `-a`, `-s`, or `-u <key-id>` is passed, the command
+creates a 'tag' object, and requires the tag message.  Unless
+`-m <msg>` is given, an editor is started for the user to type
+in the tag message.

-A GnuPG signed tag object will be created when "-s" is used.
+Otherwise just the SHA1 object name of the commit object is
+written (i.e. an lightweight tag).
+
+A GnuPG signed tag object will be created when `-s` or `-u
+<key-id>` is used.  When `-u <key-id>` is not used, the
+committer identity for the current user is used to find the
+GnuPG key for signing.


 Author
--- a/git-tag.sh
+++ b/git-tag.sh
@ -4,7 +4,7 @@
 . git-sh-setup || die "Not a git archive"

 usage () {
-    echo >&2 "Usage: git-tag [-a | -s] [-f] [-m "tag message"] tagname"
+    echo >&2 "Usage: git-tag [-a | -s | -u <key-id>] [-f] [-m <msg>] <tagname>"
    exit 1
 }

@ -12,6 +12,7 @@ annotate=
 signed=
 force=
 message=
+username=
 while case "$#" in 0) break ;; esac
 do
    case "$1" in
@ -30,6 +31,12 @@ do
 	shift
 	message="$1"
 	;;
+    -u)
+	annotate=1
+	signed=1
+	shift
+	username="$1"
+	;;
    -*)
        usage
 	;;
@ -50,6 +57,7 @@ shift
 object=$(git-rev-parse --verify --default HEAD "$@") || exit 1
 type=$(git-cat-file -t $object) || exit 1
 tagger=$(git-var GIT_COMMITTER_IDENT) || exit 1
+: ${username:=$(expr "$tagger" : '\(.*>\)')}

 trap 'rm -f .tmp-tag* .tagmsg .editmsg' 0

@ -65,13 +73,15 @@ if [ "$annotate" ]; then

    grep -v '^#' < .editmsg | git-stripspace > .tagmsg

-    [ -s .tagmsg ] || exit
+    [ -s .tagmsg ] || {
+	echo >&2 "No tag message?"
+	exit 1
+    }

    ( echo -e "object $object\ntype $type\ntag $name\ntagger $tagger\n"; cat .tagmsg ) > .tmp-tag
    rm -f .tmp-tag.asc .tagmsg
    if [ "$signed" ]; then
-	me=$(expr "$tagger" : '\(.*>\)') &&
-	gpg -bsa -u "$me" .tmp-tag &&
+	gpg -bsa -u "$username" .tmp-tag &&
 	cat .tmp-tag.asc >>.tmp-tag ||
 	die "failed to sign the tag with GPG."
    fi