Streamline usage, installation and configuration of ots-git-gpg-wrapper.sh
#121
Conversation
- via `git config opentimestamps.enable` option - via environment variables OPENTIMESTAMPS*
This is more straight-forward than to hard-code /usr/bin/gpg in ots-git-gpg-wrapper and then using `which` in the ots-git-gpg-wrapper.sh to find gpg.
nobodyinperson
force-pushed
the
configure-ots-git-gpg-wrapper-from-outside
branch
from
966482b
to
0cc4cd9
Compare
nobodyinperson
force-pushed
the
configure-ots-git-gpg-wrapper-from-outside
branch
from
0cc4cd9
to
ff6ef6e
Compare
nobodyinperson
changed the title
ots-git-gpg-wrapper.sh
nobodyinperson
changed the title
ots-git-gpg-wrapper.shots-git-gpg-wrapper.sh
|
|
||
| ```bash | ||
| # just specify ots-git-gpg-wrapper.sh and let `git` find it itself | ||
| git config --global gpg.program ots-git-gpg-wrapper.sh |
There was a problem hiding this comment.
By "find it itself" doesn't git just use $PATH as normal?
There was a problem hiding this comment.
Exactly. It is possible to only specify ots-git-gpg-wrapper.sh without a full path if it is in the PATH, which is a convenience as on different machines it can be installed in different places (e.g. ~/.local/bin or /usr/local/bin or /usr/bin/, ...). This is a strong argument for putting it into a standard executable location.
|
|
||
| ```bash | ||
| # Disable OpenTimestamps for the current repository: | ||
| git config opentimestamps.enable false |
There was a problem hiding this comment.
Would it be more useful to disable opentimestamps selectively for just log viewing?
Also, can you set gpg.program on a per-repo basis?
There was a problem hiding this comment.
Also, can you set gpg.program on a per-repo basis?
Yes, you can. Without --global, git config operates only per-repo.
Would it be more useful to disable opentimestamps selectively for just log viewing?
Sure we can add something like git config opentimestamps.on_log and git config opentimestamps.on_commit or git config commit.opentimestamps etc. for more fine-grained control. But AFAIK it is not so simple or elegant to find the current git operation from within the gpg wrapper. We could find the parent git process' command-line and parse it. Doing this in a shell wrapper is not nice, however. Another argument to making ots-git-gpg-wrapper.sh a Python script (or finding a way to have ots-git-gpg-wrapper do this already.)
There was a problem hiding this comment.
Would it be more useful to disable opentimestamps selectively for just log viewing?
In 31c1bde I implemented picking for which git commands the OpenTimestamps wrapper should be active by setting git config opentimestamps.only-for 'commit,show' (in this case the wrapper will then only do anything different during git commit and git show).
But AFAIK it is not so simple or elegant to find the current git operation from within the gpg wrapper. We could find the parent git process' command-line and parse it. Doing this in a shell wrapper is not nice, however.
Finding out which git command is currently active works in the above way, except if one passes options directly to git (like git --no-pager log). To handle this, the wrapper would need to fully parse the git command-line, involving some guesswork. In my current implementation, the wrapper detects this and skips the check, effectively acting as if the user wanted to use OpenTimestamps for all commands.
| @@ -101,4 +101,7 @@ | |||
| 'ots-git-gpg-wrapper = otsclient.git_gpg_wrapper:main', | |||
| ], | |||
| }, | |||
|
|
|||
| # Install the ots-git-gpg-wrapper.sh-script | |||
| scripts = ["ots-git-gpg-wrapper.sh"], | |||
There was a problem hiding this comment.
One issue with installing the script is it'll clutter up tab-completion with another program starting with ots. Is there a better place to put this? Under /usr/lib/ or something?
There was a problem hiding this comment.
See #121 (comment)
Not putting it into PATH forces one to hard-code an absolute path with git config gpg.program. For people synchronizing their .gitconfig for example this is annoying as the wrapper can be installed in different places on different machines.
There was a problem hiding this comment.
If only the namespace cluttering is the problem with putting the ots-git-gpg-wrapper.sh into a location in PATH, we could just rename it to something like opentimestamps-git-gpg-wrapper.sh, or gpg-opentimestamps-wrapper.sh. This will work around tab-completition with shells that get winy if there are multiple possible commands (instead of just completing up to the common stem like zsh does).
| @@ -30,7 +31,7 @@ | |||
| def main(): | |||
| parser = otsclient.args.make_common_options_arg_parser() | |||
|
|
|||
| parser.add_argument("-g", "--gpg-program", action="store", default="/usr/bin/gpg", | |||
| parser.add_argument("-g", "--gpg-program", action="store", default=shutil.which("gpg") or "/usr/bin/gpg", | |||
There was a problem hiding this comment.
| parser.add_argument("-g", "--gpg-program", action="store", default=shutil.which("gpg") or "/usr/bin/gpg", | |
| parser.add_argument("-g", "--gpg-program", action="store", default="gpg", |
Looks like Popen already searches in $PATH for us, so if we're going to use $PATH we don't need to figure it out ourselves.
There was a problem hiding this comment.
Okay. But then it was also unnecessary to provide
--gpg-program "`which gpg`"in ots-git-gpg-wrapper.sh.
There was a problem hiding this comment.
A nice side-effect of specifying the shutil.which()-found path is that the help page will show exactly which gpg program will be used. This wouldn't be the case if we just let Popen find it.
|
In 31c1bde I introduced the |
|
I noticed that Probably we do indeed need to parse git's flags with |
Options directly passed to git (like `git -c config.bla` or
`git --git-dir=...`) caused the first argument to show up before the PGP
signature, breaking git {log,show} --show-signature and thus also OTS
verification. This was especially annyoing as `git annex sync` or
`datalad save` pass options like this to git when committing.
With quite some `strace`ing and debugging I was finally
able to track down this bug to this missing `-q` to that one grep in the
OTS shell wrapper 🤦
It might be a good idea to ditch the shell wrapper and use a proper
Python for this. Wouldn't have happened with Python...
|
I've been working with this PR's changes for over a year now on a daily basis and feel quite confident that it adds value to this package. Do you need something else to merge it? |
|
Thanks for the heads up! I didn't notice all the new stuff you've done. If I don't get back to you in a week or so with a response, bother me again. :) |
There was a problem hiding this comment.
You need to change the #!/bin/sh to #!/bin/bash, as you're using bash-specific commands; newer linux distros like Debian don't put bash in /bin/sh any more.
|
In addition to my comment, let's go ahead and rename |
These changes improve the
ots-git-gpg-wrapper.shscript by making it configurable:git config opentimestamps.{enable,debug,flags}optionsOPENTIMESTAMPS*This makes it possible to do the following:
OPENTIMESTAMPS=false git commit -m "Message"git config opentimestamps.enable falsegit config --global opentimestamps.enable trueOPENTIMESTAMPS_GIT_GPG_WRAPPER_DEBUG=true OPENTIMESTAMPS_GIT_GPG_WRAPPER_FLAGS=-vvvvvvv git log --show-signaturegit config --global opentimestamps.flags '--no-bitcoin'The backwards-compatible default is still to just use OpenTimestamps.
Furthermore, the
ots-git-gpg-wrappernow usesshutil.whichto find thegpgbinary as the default value for--gpg-program, so this option does not need to be set from theots-git-gpg-wrapper.sh-wrapper anymore.As proposed in #67, the
ots-git-gpg-wrapper.shis now installed as a script and doesn't need to be manually downloaded by the users, which renders #68 obsolete. Concerning Windows users (if this solution doesn't work with Git Bash), we might add and install a separate.bat-file later.The documentation
doc/git-integration.mdwas updated to reflect the changes.closes #64 #68 #74