linkgit:git-tag[1]. Without the "--sort=<value>" option provided, the
value of this variable will be used as the default.
+tag.gpgSign::
+ A boolean to specify whether all tags should be GPG signed.
+ Use of this option when running in an automated script can
+ result in a large number of tags being signed. It is therefore
+ convenient to use an agent to avoid typing your gpg passphrase
+ several times. Note that this option doesn't affects tag signing
+ behavior enabled by "-u <keyid>" or "--local-user=<keyid>" options.
+
tar.umask::
This variable can be used to restrict the permission bits of
tar archive entries. The default is 0002, which turns off the
-s::
--sign::
Make a GPG-signed tag, using the default e-mail address's key.
+ The default behavior of tag GPG-signing is controlled by `tag.gpgSign`
+ configuration variable if it exists, or disabled oder otherwise.
+ See linkgit:git-config[1].
+
+--no-sign::
+ Override `tag.gpgSign` configuration variable that is
+ set to force each and every tag to be signed.
-u <keyid>::
--local-user=<keyid>::
static unsigned int colopts;
static int force_sign_annotate;
+static int config_sign_tag = -1; /* unspecified */
static int list_tags(struct ref_filter *filter, struct ref_sorting *sorting,
struct ref_format *format)
int status;
struct ref_sorting **sorting_tail = (struct ref_sorting **)cb;
+ if (!strcmp(var, "tag.gpgsign")) {
+ config_sign_tag = git_config_bool(var, value);
+ return 0;
+ }
+
if (!strcmp(var, "tag.sort")) {
if (!value)
return config_error_nonbool(var);
memset(&opt, 0, sizeof(opt));
memset(&filter, 0, sizeof(filter));
filter.lines = -1;
+ opt.sign = -1;
argc = parse_options(argc, argv, prefix, options, git_tag_usage, 0);
- if (keyid) {
- opt.sign = 1;
- set_signing_key(keyid);
- }
- create_tag_object = (opt.sign || annotate || msg.given || msgfile);
-
if (!cmdmode) {
if (argc == 0)
cmdmode = 'l';
if (cmdmode == 'l')
setup_auto_pager("tag", 1);
+ if (opt.sign == -1)
+ opt.sign = cmdmode ? 0 : config_sign_tag > 0;
+
+ if (keyid) {
+ opt.sign = 1;
+ set_signing_key(keyid);
+ }
+ create_tag_object = (opt.sign || annotate || msg.given || msgfile);
+
if ((create_tag_object || force) && (cmdmode != 0))
usage_with_options(git_tag_usage, options);
test_cmp expect actual
'
+get_tag_header gpgsign-enabled $commit commit $time >expect
+echo "A message" >>expect
+echo '-----BEGIN PGP SIGNATURE-----' >>expect
+test_expect_success GPG \
+ 'git tag configured tag.gpgsign enables GPG sign' \
+ 'test_config tag.gpgsign true &&
+ git tag -m "A message" gpgsign-enabled &&
+ get_tag_msg gpgsign-enabled>actual &&
+ test_cmp expect actual
+'
+
+get_tag_header no-sign $commit commit $time >expect
+echo "A message" >>expect
+test_expect_success GPG \
+ 'git tag --no-sign configured tag.gpgsign skip GPG sign' \
+ 'test_config tag.gpgsign true &&
+ git tag -a --no-sign -m "A message" no-sign &&
+ get_tag_msg no-sign>actual &&
+ test_cmp expect actual
+'
+
test_expect_success GPG \
'trying to create a signed tag with non-existing -F file should fail' '
! test -f nonexistingfile &&