global/git
1
0
Fork 0
mirror of https://github.com/git/git.git synced 2026-01-10 10:13:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fast-(import|export): improve on commit signature output format

Browse Source 
A recent commit, d9cb0e6ff8 (fast-export, fast-import: add support for
signed-commits, 2025-03-10), added support for signed commits to
fast-export and fast-import.

When a signed commit is processed, fast-export can output either
"gpgsig sha1" or "gpgsig sha256" depending on whether the signed
commit uses the SHA-1 or SHA-256 Git object format.

However, this implementation has a number of limitations:

  - the output format was not properly described in the documentation,
  - the output format is not very informative as it doesn't even say
    if the signature is an OpenPGP, an SSH, or an X509 signature,
  - the implementation doesn't support having both one signature on
    the SHA-1 object and one on the SHA-256 object.

Let's improve on these limitations by improving fast-export and
fast-import so that:

  - all the signatures are exported,
  - at most one signature on the SHA-1 object and one on the SHA-256
    are imported,
  - if there is more than one signature on the SHA-1 object or on
    the SHA-256 object, fast-import emits a warning for each
    additional signature,
  - the output format is "gpgsig <git-hash-algo> <signature-format>",
    where <git-hash-algo> is the Git object format as before, and
    <signature-format> is the signature type ("openpgp", "x509",
    "ssh" or "unknown"),
  - the output is properly documented.

About the output format:

  - <git-hash-algo> allows to know which representation of the commit
    was signed (the SHA-1 or the SHA-256 version) which helps with
    both signature verification and interoperability between repos
    with different hash functions,

  - <signature-format> helps tools that process the fast-export
    stream, so they don't have to parse the ASCII armor to identify
    the signature type.

It could be even better to be able to import more than one signature
on the SHA-1 object and on the SHA-256 object, but other parts of
Git don't handle that well for now, so this is left for future
improvements.

Helped-by: brian m. carlson <sandals@crustytoothpaste.net>
Helped-by: Elijah Newren <newren@gmail.com>
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Christian Couder
2025-07-09 16:12:53 +02:00
committed by Junio C Hamano
parent cb3b40381e
commit b5b3ddbe5c
7 changed files with 312 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
Documentation/git-fast-export.adoc
View File

@@ -50,6 +50,23 @@ resulting tag will have an invalid signature.
is the same as how earlier versions of this command without
this option behaved.
+
When exported, a signature starts with:
+
gpgsig <git-hash-algo> <signature-format>
+
where <git-hash-algo> is the Git object hash so either "sha1" or
"sha256", and <signature-format> is the signature type, so "openpgp",
"x509", "ssh" or "unknown".
+
For example, an OpenPGP signature on a SHA-1 commit starts with
`gpgsig sha1 openpgp`, while an SSH signature on a SHA-256 commit
starts with `gpgsig sha256 ssh`.
+
While all the signatures of a commit are exported, an importer may
choose to accept only some of them. For example
linkgit:git-fast-import[1] currently stores at most one signature per
Git hash algorithm in each commit.
+
NOTE: This is highly experimental and the format of the data stream may
change in the future without compatibility guarantees.