support commit.gpgsign

Support users who have set commit.gpgsign, by disabling gpg signatures for git-annex branch commits and commits made by the assistant. The thinking here is that a user sets commit.gpgsign intending the commits that they manually initiate to be gpg signed. But not commits made in the background, whether by a deamon or implicitly to the git-annex branch. gpg signing those would be at best a waste of CPU and at worst would fail, or flood the user with gpg passphrase prompts, or put their signature on changes they did not directly do. See Debian bug #753720. Also makes all commits done by git-annex go through a few central control points, to make such changes easier in future. Also disables commit.gpgsign in the test suite. This commit was sponsored by Antoine Boegli.
author: Joey Hess <joey@kitenet.net> 2014-07-04 11:36:59 -0400
committer: Joey Hess <joey@kitenet.net> 2014-07-04 11:53:51 -0400
commit: dafe3950f721ce80d9fa8696daed626a071dab01 (patch)
tree: b3bb6eb22628506b356932793daa27a021429d4b /Git
parent: 25e715f48fb1f4caecbcf36f5ea2ff55ecf6c3a9 (diff)
2 files changed, 39 insertions, 10 deletions
diff --git a/Git/Branch.hs b/Git/Branch.hs
index 7c7e44d75..98838ef15 100644
--- a/Git/Branch.hs
+++ b/Git/Branch.hs
@@ -103,6 +103,28 @@ fastForward branch (first:rest) repo =
 			(False, True) -> findbest c rs -- worse
 			(False, False) -> findbest c rs -- same
 
+{- The user may have set commit.gpgsign, indending all their manual
+ - commits to be signed. But signing automatic/background commits could
+ - easily lead to unwanted gpg prompts or failures.
+ -}
+data CommitMode = ManualCommit | AutomaticCommit
+	deriving (Eq)
+
+{- Commit via the usual git command. -}
+commitCommand :: CommitMode -> [CommandParam] -> Repo -> IO Bool
+commitCommand = commitCommand' runBool
+
+{- Commit will fail when the tree is clean. This suppresses that error. -}
+commitQuiet :: CommitMode -> [CommandParam] -> Repo -> IO ()
+commitQuiet commitmode ps = void . tryIO . commitCommand' runQuiet commitmode ps
+
+commitCommand' :: ([CommandParam] -> Repo -> IO a) -> CommitMode -> [CommandParam] -> Repo -> IO a
+commitCommand' runner commitmode ps = runner (Param "commit" : ps')
+  where
+	ps'
+		| commitmode == AutomaticCommit = Param "--no-gpg-sign" : ps
+		| otherwise = ps
+
 {- Commits the index into the specified branch (or other ref), 
  - with the specified parent refs, and returns the committed sha.
  -
@@ -112,8 +134,8 @@ fastForward branch (first:rest) repo =
  - Unlike git-commit, does not run any hooks, or examine the work tree
  - in any way.
  -}
-commit :: Bool -> String -> Branch -> [Ref] -> Repo -> IO (Maybe Sha)
-commit allowempty message branch parentrefs repo = do
+commit :: CommitMode -> Bool -> String -> Branch -> [Ref] -> Repo -> IO (Maybe Sha)
+commit commitmode allowempty message branch parentrefs repo = do
 	tree <- getSha "write-tree" $
 		pipeReadStrict [Param "write-tree"] repo
 	ifM (cancommit tree)
@@ -126,16 +148,18 @@ commit allowempty message branch parentrefs repo = do
 		, return Nothing
 		)
   where
-	ps = concatMap (\r -> ["-p", fromRef r]) parentrefs
+	ps = 
+		(if commitmode == AutomaticCommit then ["--no-gpg-sign"] else [])
+		++ concatMap (\r -> ["-p", fromRef r]) parentrefs
 	cancommit tree
 		| allowempty = return True
 		| otherwise = case parentrefs of
 			[p] -> maybe False (tree /=) <$> Git.Ref.tree p repo
 			_ -> return True
 
-commitAlways :: String -> Branch -> [Ref] -> Repo -> IO Sha
-commitAlways message branch parentrefs repo = fromJust
-	<$> commit True message branch parentrefs repo
+commitAlways :: CommitMode -> String -> Branch -> [Ref] -> Repo -> IO Sha
+commitAlways commitmode message branch parentrefs repo = fromJust
+	<$> commit commitmode True message branch parentrefs repo
 
 {- A leading + makes git-push force pushing a branch. -}
 forcePush :: String -> String
diff --git a/Git/Merge.hs b/Git/Merge.hs
index d661db978..12dfa7c1f 100644
--- a/Git/Merge.hs
+++ b/Git/Merge.hs
@@ -11,14 +11,19 @@ import Common
 import Git
 import Git.Command
 import Git.BuildVersion
+import Git.Branch (CommitMode(..))
 
 {- Avoids recent git's interactive merge. -}
-mergeNonInteractive :: Ref -> Repo -> IO Bool
-mergeNonInteractive branch
+mergeNonInteractive :: Ref -> CommitMode -> Repo -> IO Bool
+mergeNonInteractive branch commitmode
 	| older "1.7.7.6" = merge [Param $ fromRef branch]
-	| otherwise = merge [Param "--no-edit", Param $ fromRef branch]
+	| otherwise = merge $ [Param "--no-edit", Param $ fromRef branch]
   where
-	merge ps = runBool $ Param "merge" : ps
+	merge ps = runBool $ cp ++ [Param "merge"] ++ ps
+	cp
+		| commitmode == AutomaticCommit =
+			[Param "-c", Param "commit.gpgsign=false"]
+		| otherwise = []
 
 {- Stage the merge into the index, but do not commit it.-}
 stageMerge :: Ref -> Repo -> IO Bool
author	Joey Hess <joey@kitenet.net>	2014-07-04 11:36:59 -0400
committer	Joey Hess <joey@kitenet.net>	2014-07-04 11:53:51 -0400
commit	dafe3950f721ce80d9fa8696daed626a071dab01 (patch)
tree	b3bb6eb22628506b356932793daa27a021429d4b /Git
parent	25e715f48fb1f4caecbcf36f5ea2ff55ecf6c3a9 (diff)