mirror of
https://github.com/git/git.git
synced 2024-05-24 15:26:10 +02:00
29b315778e
Implements the actual sign_buffer_ssh operation and move some shared cleanup code into a strbuf function Set gpg.format = ssh and user.signingkey to either a ssh public key string (like from an authorized_keys file), or a ssh key file. If the key file or the config value itself contains only a public key then the private key needs to be available via ssh-agent. gpg.ssh.program can be set to an alternative location of ssh-keygen. A somewhat recent openssh version (8.2p1+) of ssh-keygen is needed for this feature. Since only ssh-keygen is needed it can this way be installed seperately without upgrading your system openssh packages. Signed-off-by: Fabian Stelzer <fs@gigacodes.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
36 lines
1.5 KiB
Plaintext
36 lines
1.5 KiB
Plaintext
gpg.program::
|
|
Use this custom program instead of "`gpg`" found on `$PATH` when
|
|
making or verifying a PGP signature. The program must support the
|
|
same command-line interface as GPG, namely, to verify a detached
|
|
signature, "`gpg --verify $signature - <$file`" is run, and the
|
|
program is expected to signal a good signature by exiting with
|
|
code 0, and to generate an ASCII-armored detached signature, the
|
|
standard input of "`gpg -bsau $key`" is fed with the contents to be
|
|
signed, and the program is expected to send the result to its
|
|
standard output.
|
|
|
|
gpg.format::
|
|
Specifies which key format to use when signing with `--gpg-sign`.
|
|
Default is "openpgp". Other possible values are "x509", "ssh".
|
|
|
|
gpg.<format>.program::
|
|
Use this to customize the program used for the signing format you
|
|
chose. (see `gpg.program` and `gpg.format`) `gpg.program` can still
|
|
be used as a legacy synonym for `gpg.openpgp.program`. The default
|
|
value for `gpg.x509.program` is "gpgsm" and `gpg.ssh.program` is "ssh-keygen".
|
|
|
|
gpg.minTrustLevel::
|
|
Specifies a minimum trust level for signature verification. If
|
|
this option is unset, then signature verification for merge
|
|
operations require a key with at least `marginal` trust. Other
|
|
operations that perform signature verification require a key
|
|
with at least `undefined` trust. Setting this option overrides
|
|
the required trust-level for all operations. Supported values,
|
|
in increasing order of significance:
|
|
+
|
|
* `undefined`
|
|
* `never`
|
|
* `marginal`
|
|
* `fully`
|
|
* `ultimate`
|