diff --git a/builtin-tag.c b/builtin-tag.c index 517419fd3d..274901a408 100644 --- a/builtin-tag.c +++ b/builtin-tag.c @@ -236,14 +236,18 @@ static const char tag_template[] = "# Write a tag message\n" "#\n"; +static void set_signingkey(const char *value) +{ + if (strlcpy(signingkey, value, sizeof(signingkey)) >= sizeof(signingkey)) + die("signing key value too long (%.10s...)", value); +} + static int git_tag_config(const char *var, const char *value) { if (!strcmp(var, "user.signingkey")) { if (!value) die("user.signingkey without value"); - if (strlcpy(signingkey, value, sizeof(signingkey)) - >= sizeof(signingkey)) - die("user.signingkey value too long"); + set_signingkey(value); return 0; } @@ -396,6 +400,10 @@ int cmd_tag(int argc, const char **argv, const char *prefix) argc = parse_options(argc, argv, options, git_tag_usage, 0); + if (keyid) { + sign = 1; + set_signingkey(keyid); + } if (sign) annotate = 1; diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh index c7130c4dcc..09d56e0839 100755 --- a/t/t7004-tag.sh +++ b/t/t7004-tag.sh @@ -640,6 +640,46 @@ test_expect_success 'creating a signed tag with -m message should succeed' ' git diff expect actual ' +get_tag_header u-signed-tag $commit commit $time >expect +echo 'Another message' >>expect +echo '-----BEGIN PGP SIGNATURE-----' >>expect +test_expect_success 'sign with a given key id' ' + + git tag -u committer@example.com -m "Another message" u-signed-tag && + get_tag_msg u-signed-tag >actual && + git diff expect actual + +' + +test_expect_success 'sign with an unknown id (1)' ' + + ! git tag -u author@example.com -m "Another message" o-signed-tag + +' + +test_expect_success 'sign with an unknown id (2)' ' + + ! git tag -u DEADBEEF -m "Another message" o-signed-tag + +' + +cat >fakeeditor <<'EOF' +#!/bin/sh +test -n "$1" && exec >"$1" +echo A signed tag message +echo from a fake editor. +EOF +chmod +x fakeeditor + +get_tag_header implied-sign $commit commit $time >expect +./fakeeditor >>expect +echo '-----BEGIN PGP SIGNATURE-----' >>expect +test_expect_success '-u implies signed tag' ' + GIT_EDITOR=./fakeeditor git-tag -u CDDE430D implied-sign && + get_tag_msg implied-sign >actual && + git diff expect actual +' + cat >sigmsgfile <fakeeditor <<'EOF' -#!/bin/sh -test -n "$1" && exec >"$1" -echo A signed tag message -echo from a fake editor. -EOF -chmod +x fakeeditor get_tag_header implied-annotate $commit commit $time >expect ./fakeeditor >>expect echo '-----BEGIN PGP SIGNATURE-----' >>expect