[Whonix-devel] git log --pretty="format:%H$t%aN$t%s$t%G?" --show-signature

Patrick Schleizer patrick-mailinglists at whonix.org
Thu Dec 4 18:21:06 CET 2014


Dear git mailing list,
Dear Mike Gerwitz,

according to http://mikegerwitz.com/papers/git-horror-story#script-trust
the output of:

git log --pretty="format:%H$t%aN$t%s$t%G?" --show-signature

should look like this:

-----

f72924356896ab95a542c495b796555d016cbddd       Mike Gerwitz    Yet
another foo
gpg: Signature made Sun 22 Apr 2012 01:37:26 PM EDT using RSA key ID
8EE30EAB
gpg: Good signature from "Mike Gerwitz (Free Software Developer)
<mike at mikegerwitz.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 2217 5B02 E626 BC98 D7C0  C2E5 F22B B815 8EE3 0EAB
afb1e7373ae5e7dae3caab2c64cbb18db3d96fba       Mike Gerwitz    Modified
bar    G

-----

But when I run that command, spaces are missing. (Using a user that does
not know my gpg public key for testing purposes.) See output:

-----

user2 at host:/home/user/testrepo$ git log
--pretty="format:%H$t%aN$t%s$t%G?" --show-signature
gpg: Signature made Thu 04 Dec 2014 04:37:58 PM UTC using RSA key ID
77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos at riseup.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC  7A2A 8D66 066A 2EEA CCDA
     Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30  AFA1 CB8D 50BB 77BB 3C48
529bbc076f05c13023580ea7be7ba63aba3e9672Patrick Schleizersigned commit 2U
gpg: Signature made Thu 04 Dec 2014 04:29:32 PM UTC using RSA key ID
77BB3C48
gpg: Good signature from "Patrick Schleizer <adrelanos at riseup.net>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC  7A2A 8D66 066A 2EEA CCDA
     Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30  AFA1 CB8D 50BB 77BB 3C48
ea1615ac1a9fe9f957f91f54a33a60d57828a32fPatrick Schleizersigned commitU
75e79a211963907afd3a6d2f28c3571d37140231Patrick Schleizerreal long
commit msg Please enter the commit message for your changes. Lines
starting with '#' will be ignored, and an empt
30096d1633ef22463c1a770288755ae5325f1242Patrick Schleizer2N
e7be12378d2805bebe531bd01cbec9dec1f79032Patrick Schleizerinitial commitN
(END)

-----

Any idea? Am I doing something wrong?

I am asking, because therefore Mike Gerwitz's Quote "Signature Check
Script With Web Of Trust" verification script (
http://mikegerwitz.com/papers/git-horror-story#script-trust ) does not
work for me.

Mike, could you please put your various git commit verification helper
scripts into a publicly visible?

By the way, any chance that these useful helper scripts could make their
way into the official distribution of git as a stopgap until native git
commit verification support gets improved?

Cheers,
Patrick


More information about the Whonix-devel mailing list