git验证可信标签 [英] git verify trusted tags
问题描述
我希望在部署过程中包含 git tag -v
命令来捕获由不可信的GPG密钥签名的未签名标签或标签。
如果标签具有有效签名,但不关心签名密钥是可信的,则该命令返回退出代码 0
或者不是。
我不想诉诸手动查询产生的GPG消息
我还没有尝试过,文档没有提及退出代码,但您可以尝试
git-verify-tag 管道命令
更新没有简单的方法来测试这个,我回顾了源代码:
https://github.com/git/git/blob/ 81b50f3ce40bfdd66e5d96 7bf82be001039a9a98 / builtin / verify-tag.c
它似乎有意识地返回相关的结果代码,所以我期望它能够工作
I would like to include git tag -v
command into the deployment process to catch unsigned tags or tags signed by a non-trusted GPG key.
The command returns with an exit code of 0
if the tag has a valid signature, but does not care wether the signed key is trusted or not.
I don't want to resort to grepping the resulting GPG message manually
I haven't tried it yet, and the documentation doesn't mention exit codes, but you could try
git-verify-tag plumbing command
Update Having no easy way to test this, I've reviewed the source code:
https://github.com/git/git/blob/81b50f3ce40bfdd66e5d967bf82be001039a9a98/builtin/verify-tag.c
It does appear to consciously return the relevant result codes, so I'd expect this to work
这篇关于git验证可信标签的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!