Page MenuHomePhabricator
Create Task
Maniphest T11027

Prevent Git from signing commits generated by "arc patch"
Open, Needs TriagePublic
Actions

Description

We are using a Git workflow where everything is signed with GnuPG. This means, among other things, that we have commit.gpgsign = true set in our Git configurations.

When downloading a patch from Differential using arc patch, that gets inserted into the working repository as a new commit. But since we've told Git to sign all commits, the downloaded patch gets signed locally, by the developer who happens to run arc patch. This is wrong for two reasons:

  1. Patches are probably mainly downloaded from Differential for review, not for integration, so they shouldn't be signed at all.
  2. Commits should be signed by the original author of the code, which is probably not the developer running arc patch.

This is not a huge problem, since the commits created by arc patch will get thrown out once they have been reviewed and thus nobody else will se the erroneous signature. However, it is a UI problem, since developers either

  1. Get trained to enter their GnuPG passphrase at any random prompt, or
  2. Turn up the passphrase retention time in their GnuPG agents to ridiculous amounts to avoid thinking about the problem.

We have no PHP developers, but we have managed to patch Arcanist to never sign commits generated by arc patch, simply by editing the command line sent to Git (currently at src/workflow/ArcanistPatchWorkflow.php, line 724) to always include --no-gpg-sign. I expect a proper solution would be to introduce a setting in .arcrc.

Event Timeline

creideiki created this task.May 24 2016, 11:40 AM
creideiki added a project: Arcanist.May 24 2016, 12:26 PM
kaendfinger added a subscriber: kaendfinger.May 25 2016, 2:33 AM

I second this, I sign all my commits too, and only just now discovered (because of this task) that things I have landed are signed by me.

kaendfinger awarded a token.May 25 2016, 2:33 AM
hach-que added a subscriber: hach-que.May 26 2016, 3:21 AM

@kaendfinger This task is about arc patch. arc land is separate, and I don't believe there's anything Arcanist can do (other than not signing at all) because it must mutate the commits in order to land them. Since you don't have the original author's private key when landing, it can't be signed correctly when you do arc land.

kaendfinger added a comment.May 26 2016, 3:58 AM

@hach-que My bad, misread the title. Thanks for the clarification :)

epriestley moved this task from Backlog to arc patch on the Arcanist board.Jul 8 2016, 2:49 PM
J5lx added a subscriber: J5lx.Sep 5 2016, 7:51 PM
Info-Screen added a subscriber: Info-Screen.Nov 29 2016, 6:48 AM
Info-Screen removed a subscriber: Info-Screen.Apr 18 2017, 9:49 PM
pasik added a subscriber: pasik.May 12 2018, 2:00 PM
Phabricator · Built by Phacility