-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Streamline usage, installation and configuration of ots-git-gpg-wrapper.sh
#121
base: master
Are you sure you want to change the base?
Streamline usage, installation and configuration of ots-git-gpg-wrapper.sh
#121
Conversation
- via `git config opentimestamps.enable` option - via environment variables OPENTIMESTAMPS*
This is more straight-forward than to hard-code /usr/bin/gpg in ots-git-gpg-wrapper and then using `which` in the ots-git-gpg-wrapper.sh to find gpg.
966482b
to
0cc4cd9
Compare
0cc4cd9
to
ff6ef6e
Compare
ots-git-gpg-wrapper.sh
ots-git-gpg-wrapper.sh
ots-git-gpg-wrapper.sh
|
||
```bash | ||
# just specify ots-git-gpg-wrapper.sh and let `git` find it itself | ||
git config --global gpg.program ots-git-gpg-wrapper.sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By "find it itself" doesn't git just use $PATH
as normal?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Exactly. It is possible to only specify ots-git-gpg-wrapper.sh
without a full path if it is in the PATH
, which is a convenience as on different machines it can be installed in different places (e.g. ~/.local/bin
or /usr/local/bin
or /usr/bin/
, ...). This is a strong argument for putting it into a standard executable location.
|
||
```bash | ||
# Disable OpenTimestamps for the current repository: | ||
git config opentimestamps.enable false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be more useful to disable opentimestamps selectively for just log viewing?
Also, can you set gpg.program
on a per-repo basis?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, can you set gpg.program on a per-repo basis?
Yes, you can. Without --global
, git config
operates only per-repo.
Would it be more useful to disable opentimestamps selectively for just log viewing?
Sure we can add something like git config opentimestamps.on_log
and git config opentimestamps.on_commit
or git config commit.opentimestamps
etc. for more fine-grained control. But AFAIK it is not so simple or elegant to find the current git
operation from within the gpg wrapper. We could find the parent git
process' command-line and parse it. Doing this in a shell wrapper is not nice, however. Another argument to making ots-git-gpg-wrapper.sh
a Python script (or finding a way to have ots-git-gpg-wrapper
do this already.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be more useful to disable opentimestamps selectively for just log viewing?
In 31c1bde I implemented picking for which git
commands the OpenTimestamps wrapper should be active by setting git config opentimestamps.only-for 'commit,show'
(in this case the wrapper will then only do anything different during git commit
and git show
).
But AFAIK it is not so simple or elegant to find the current git operation from within the gpg wrapper. We could find the parent git process' command-line and parse it. Doing this in a shell wrapper is not nice, however.
Finding out which git
command is currently active works in the above way, except if one passes options directly to git
(like git --no-pager log
). To handle this, the wrapper would need to fully parse the git
command-line, involving some guesswork. In my current implementation, the wrapper detects this and skips the check, effectively acting as if the user wanted to use OpenTimestamps for all commands.
@@ -101,4 +101,7 @@ | |||
'ots-git-gpg-wrapper = otsclient.git_gpg_wrapper:main', | |||
], | |||
}, | |||
|
|||
# Install the ots-git-gpg-wrapper.sh-script | |||
scripts = ["ots-git-gpg-wrapper.sh"], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One issue with installing the script is it'll clutter up tab-completion with another program starting with ots. Is there a better place to put this? Under /usr/lib/ or something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See #121 (comment)
Not putting it into PATH
forces one to hard-code an absolute path with git config gpg.program
. For people synchronizing their .gitconfig
for example this is annoying as the wrapper can be installed in different places on different machines.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If only the namespace cluttering is the problem with putting the ots-git-gpg-wrapper.sh
into a location in PATH
, we could just rename it to something like opentimestamps-git-gpg-wrapper.sh
, or gpg-opentimestamps-wrapper.sh
. This will work around tab-completition with shells that get winy if there are multiple possible commands (instead of just completing up to the common stem like zsh
does).
@@ -30,7 +31,7 @@ | |||
def main(): | |||
parser = otsclient.args.make_common_options_arg_parser() | |||
|
|||
parser.add_argument("-g", "--gpg-program", action="store", default="/usr/bin/gpg", | |||
parser.add_argument("-g", "--gpg-program", action="store", default=shutil.which("gpg") or "/usr/bin/gpg", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
parser.add_argument("-g", "--gpg-program", action="store", default=shutil.which("gpg") or "/usr/bin/gpg", | |
parser.add_argument("-g", "--gpg-program", action="store", default="gpg", |
Looks like Popen
already searches in $PATH
for us, so if we're going to use $PATH
we don't need to figure it out ourselves.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay. But then it was also unnecessary to provide
--gpg-program "`which gpg`"
in ots-git-gpg-wrapper.sh
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A nice side-effect of specifying the shutil.which()
-found path is that the help page will show exactly which gpg program will be used. This wouldn't be the case if we just let Popen
find it.
In 31c1bde I introduced the |
I noticed that Probably we do indeed need to parse git's flags with |
Options directly passed to git (like `git -c config.bla` or `git --git-dir=...`) caused the first argument to show up before the PGP signature, breaking git {log,show} --show-signature and thus also OTS verification. This was especially annyoing as `git annex sync` or `datalad save` pass options like this to git when committing. With quite some `strace`ing and debugging I was finally able to track down this bug to this missing `-q` to that one grep in the OTS shell wrapper 🤦 It might be a good idea to ditch the shell wrapper and use a proper Python for this. Wouldn't have happened with Python...
I've been working with this PR's changes for over a year now on a daily basis and feel quite confident that it adds value to this package. Do you need something else to merge it? |
Thanks for the heads up! I didn't notice all the new stuff you've done. If I don't get back to you in a week or so with a response, bother me again. :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to change the #!/bin/sh
to #!/bin/bash
, as you're using bash-specific commands; newer linux distros like Debian don't put bash in /bin/sh
any more.
In addition to my comment, let's go ahead and rename |
These changes improve the
ots-git-gpg-wrapper.sh
script by making it configurable:git config opentimestamps.{enable,debug,flags}
optionsOPENTIMESTAMPS*
This makes it possible to do the following:
OPENTIMESTAMPS=false git commit -m "Message"
git config opentimestamps.enable false
git config --global opentimestamps.enable true
OPENTIMESTAMPS_GIT_GPG_WRAPPER_DEBUG=true OPENTIMESTAMPS_GIT_GPG_WRAPPER_FLAGS=-vvvvvvv git log --show-signature
git config --global opentimestamps.flags '--no-bitcoin'
The backwards-compatible default is still to just use OpenTimestamps.
Furthermore, the
ots-git-gpg-wrapper
now usesshutil.which
to find thegpg
binary as the default value for--gpg-program
, so this option does not need to be set from theots-git-gpg-wrapper.sh
-wrapper anymore.As proposed in #67, the
ots-git-gpg-wrapper.sh
is now installed as a script and doesn't need to be manually downloaded by the users, which renders #68 obsolete. Concerning Windows users (if this solution doesn't work with Git Bash), we might add and install a separate.bat
-file later.The documentation
doc/git-integration.md
was updated to reflect the changes.closes #64 #68 #74