From 279906dd1e6d0a38e00dffe8390e4dfa90e86df5 Mon Sep 17 00:00:00 2001 From: Leandro Lucarella Date: Tue, 10 Nov 2020 10:16:35 +0100 Subject: [PATCH] Don't include PGP signatures of commits in messages When creating a pull request or using a commit message in any way, if the commit was PGP-signed and the user had git configured to always show signatures (`git config log.showsignature=true`), then the message would include the signature verification text, which is not really something you usually want to include. Now `--no-show-signature` is always used when retrieving commit messages. --- git-hub | 6 ++++-- relnotes/pgp-signatures.bug.md | 9 +++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 relnotes/pgp-signatures.bug.md diff --git a/git-hub b/git-hub index 4527ce1..8bf924b 100755 --- a/git-hub +++ b/git-hub @@ -1447,7 +1447,8 @@ class PullUtil (IssueUtil): 'branch.%s.description' % branch_name, '', '') if msg: return msg - return git('log -1 --pretty=format:%s%n%n%b ' + branch_ref) + return git('log -1 --no-show-signature --pretty=format:%s%n%n%b ' + + branch_ref) @classmethod def get_local_remote_heads(cls, parser, args): @@ -1967,7 +1968,8 @@ class RebaseCmd (PullUtil): head_hash = git('rev-parse FETCH_HEAD') cls.git_fetch(base_url, base_ref) base_hash = git('rev-parse FETCH_HEAD') - parents = git('show --quiet --format=%P ' + head_hash).split() + parents = git('show --quiet --no-show-signature --format=%P ' + + head_hash).split() is_merge = len(parents) > 1 # Last commit is a merge commit, so ask the user to merge instead if is_merge: diff --git a/relnotes/pgp-signatures.bug.md b/relnotes/pgp-signatures.bug.md new file mode 100644 index 0000000..aa75f2e --- /dev/null +++ b/relnotes/pgp-signatures.bug.md @@ -0,0 +1,9 @@ +### PGP signatures of commits are not included in messages anymore + +When creating a pull request or using a commit message in any way, if the +commit was PGP-signed and the user had git configured to always show signatures +(`git config log.showsignature=true`), then the message would include the +signature verification text, which is not really something you usually want to +include. + +Now `--no-show-signature` is always used when retrieving commit messages.