Commit signature skipped when global configuration commit.gpgSign=true
Closed this issue · 6 comments
Describe the bug
Most git UI's and toolkits will respect the global (or repo) commit configuration.
I found with v0.13.0 of gitui that even though my ~/.gitconfig included the following configuration:
[commit]
gpgSign = True
Commits I made from gitui would not try to sign, and produced unsigned commits.
To Reproduce
Steps to reproduce the behavior:
- configure
git config --global commit.gpgSign true - configure a key
git config --global user.signingKey ${PUBKEY_HASH} - make a commit with
gitui
Expected behavior
The commit should have been signed with the default signing key specified by git config --global user.signingKey ${PUBKEY_HASH}.
If key was not already unlocked via the local keyring program, a prompt should have occurred for the GPG key passphrase prior to commiting and signing.
Context (please complete the following information):
- OS/Distro + Version: Arch Linux x86_64
- GitUI Version
v0.13.0 - Rust version:
v1.50.0
I'm new to the codebase, but given a nudge in the right direction I may have time to contribute this improvement myself.
Sounds good thanks, I've subscribed to that one 🖖
Was a dependency on grc added with 0.12.0? I updated GitUI to 0.12.0 on 2021-03-11 while also upgrading git for the security vulnerability update: GHSA-8prw-h3cq-mghm
Prior to then, my commits made with GitUI were signed and verified correctly, but as of 0.12.0 they are not. So is this more of a regression than what looks like a feature request from May 2020 in #97?
Hmmm, maybe I just thought it was signing commits because at work we're required to rebase a lot, which I do from the command line.
They only just made it a requirement to merge PRs that the commits are all verified, so I probably just hadn't noticed that some of my commits weren't actually signed.