git验证可信标签 [英] git verify trusted tags

问题描述

我希望在部署过程中包含 git tag -v 命令来捕获由不可信的GPG密钥签名的未签名标签或标签。

如果标签具有有效签名，但不关心签名密钥是可信的，则该命令返回退出代码 0 或者不是。

我不想诉诸手动查询产生的GPG消息

解决方案

我还没有尝试过，文档没有提及退出代码，但您可以尝试

git-verify-tag 管道命令

---

更新没有简单的方法来测试这个，我回顾了源代码：

https://github.com/git/git/blob/ 81b50f3ce40bfdd66e5d96 7bf82be001039a9a98 / builtin / verify-tag.c

它似乎有意识地返回相关的结果代码，所以我期望它能够工作

I would like to include git tag -v command into the deployment process to catch unsigned tags or tags signed by a non-trusted GPG key.

The command returns with an exit code of 0 if the tag has a valid signature, but does not care wether the signed key is trusted or not.

I don't want to resort to grepping the resulting GPG message manually

解决方案

I haven't tried it yet, and the documentation doesn't mention exit codes, but you could try

git-verify-tag plumbing command

---

Update Having no easy way to test this, I've reviewed the source code:

https://github.com/git/git/blob/81b50f3ce40bfdd66e5d967bf82be001039a9a98/builtin/verify-tag.c

It does appear to consciously return the relevant result codes, so I'd expect this to work

这篇关于git验证可信标签的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！