@@ -8,12 +8,14 @@ commit.cleanup::
template yourself, if you do this).
commit.gpgSign::
+ Deprecated alias for 'commit.sign'.
- A boolean to specify whether all commits should be GPG signed.
- Use of this option when doing operations such as rebase can
- result in a large number of commits being signed. It may be
- convenient to use an agent to avoid typing your GPG passphrase
- several times.
+commit.sign::
+ A boolean to specify whether all commits should be cryptographically
+ signed. Use of this option when doing operations such as rebase can
+ result in a large number of commits being signed. It may be convenient
+ to use an agent to avoid typing your private key passphrase several
+ times.
commit.status::
A boolean to enable/disable inclusion of status information in the
@@ -1,20 +1,8 @@
gpg.program::
- Use this custom program instead of "`gpg`" found on `$PATH` when
- making or verifying a PGP signature. The program must support the
- same command-line interface as GPG, namely, to verify a detached
- signature, "`gpg --verify $file - <$signature`" is run, and the
- program is expected to signal a good signature by exiting with
- code 0, and to generate an ASCII-armored detached signature, the
- standard input of "`gpg -bsau $key`" is fed with the contents to be
- signed, and the program is expected to send the result to its
- standard output.
+ Deprecated alias for 'signing.openpgp.program'.
gpg.format::
- Specifies which key format to use when signing with `--gpg-sign`.
- Default is "openpgp" and another possible value is "x509".
+ Deprecated alias for 'signing.default'.
gpg.<format>.program::
- Use this to customize the program used for the signing format you
- chose. (see `gpg.program` and `gpg.format`) `gpg.program` can still
- be used as a legacy synonym for `gpg.openpgp.program`. The default
- value for `gpg.x509.program` is "gpgsm".
+ Deprecated alias for 'signing.<format>.program'.
@@ -61,13 +61,18 @@ push.followTags::
`--no-follow-tags`.
push.gpgSign::
+ Deprecated alias for 'push.sign'.
+
+push.sign
May be set to a boolean value, or the string 'if-asked'. A true
- value causes all pushes to be GPG signed, as if `--signed` is
+ value causes all pushes to be signed, as if `--signed` is
passed to linkgit:git-push[1]. The string 'if-asked' causes
pushes to be signed if the server supports it, as if
`--signed=if-asked` is passed to 'git push'. A false value may
override a value from a lower-priority config file. An explicit
- command-line flag always overrides this config option.
+ command-line flag always overrides this config option. The
+ signing format used is specified by 'signing.default' which
+ defaults to "openpgp" and uses "`gpg`" to create the signatures.
push.pushOption::
When no `--push-option=<option>` argument is given from the
new file mode 100644
@@ -0,0 +1,63 @@
+signing.default::
+ The default signing format to use when signing commits and tags.
+ The value must be one of: "openpgp", "x509", or "bettersign".
+ The default value is "openpgp".
++
+The default executable to run for "openpgp" is "`gpg`", for "x509" is
+"`gpgsm`", and for "bettersign" is "`bs`".
++
+The "bettersign" tool can be found here:
+https://github.com/dhuseby/bs
+
+signing.openpgp.program::
+ Use this custom program instead of "`gpg`" found on `$PATH` when
+ making or verifying an OpenPGP signature. The program must support
+ the same command-line interface as GPG, namely, to verify a detached
+ signature, "`gpg --verify $file - <$signature`" is run, and the
+ program is expected to signal a good signature by exiting with
+ code 0, and to generate an ASCII-armored detached signature, the
+ standard input of "`gpg -bsau $key`" is fed with the contents to be
+ signed, and the program is expected to send the result to its
+ standard output.
+
+signing.openpgp.signingIdentity::
+ If linkgit:git-tag[1] or linkgit:git-commit[1] is not selecting
+ automatically the identity you want when creating a signed tag or
+ commit, you may override the default selection with this variable.
+ This option is passed unchanged as the `--local-user` parameter, so
+ you may specify a key using any method that "`gpg`" supports.
+
+signing.openpgp.keyring::
+ Use this to specify the path to a custom keyring of public keys to
+ use when verifying signatures made with OpenPGP. This option is
+ passed unchanged as the `--keyring` parameter to "`gpg`".
+
+signing.opengpg.noDefaultKeyring::
+ When `signing.openpgp.keyring` is set, this boolean, when set to
+ true, causes the `--no-default-keyring` option to be passed to
+ "`gpg`". When set to false, the keyring specified by
+ `signing.openpgp.keyring` will be used in addition to the default
+ public keyring.
+
+signing.x509.program::
+ Use this custom program instead of "`gpgsm`" found on `$PATH` when
+ making or verifying an x.509 signature.
+
+signing.x509.signingIdentity::
+ If linkgit:git-tag[1] or linkgit:git-commit[1] is not selecting
+ automatically the identity you want when creating a signed tag or
+ commit, you may override the default selection with this variable.
+ This option is passed unchanged as the `--local-user` parameter, so
+ you may specify a key using any method that "`gpgsm`" supports.
+
+signing.bettersign.program::
+ Use this custom program instead of "`bs`" found on `$PATH` when making
+ or verifying a bettersign signature.
+
+signing.bettersign.signingIdentity::
+ If linkgit:git-tag[1] or linkgit:git-commit[1] is not selecting
+ automatically the identity you want when creating a signed tag or
+ commit, you may override the default selection with this variable.
+ This option is passed unchanged as the the decentralized identifier
+ (DID) parameter to the "`bs`" executable. This must be a valid
+ decentralized identifier, most likely starting with "did:git".
@@ -1,5 +1,7 @@
tag.forceSignAnnotated::
- A boolean to specify whether annotated tags created should be GPG signed.
+ A boolean to specify whether annotated tags created should be
+ cryptographically signed. The signing format is specified by
+ 'signing.default' and defaults to "openpgp" which uses "`gpg`".
If `--annotate` is specified on the command line, it takes
precedence over this option.
@@ -26,8 +26,8 @@ user.useConfigOnly::
Defaults to `false`.
user.signingKey::
- If linkgit:git-tag[1] or linkgit:git-commit[1] is not selecting the
- key you want it to automatically when creating a signed tag or
- commit, you can override the default selection with this variable.
- This option is passed unchanged to gpg's --local-user parameter,
- so you may specify a key using any method that gpg supports.
+ Deprecated alias for `signing.<signing.default>.signingIdentity`. If
+ neither `signing.default` or the deprecated alias `gpg.format` are
+ not set the default value of "openpgp" for `signing.default` will
+ be assumed and the value of `signing.openpgp.signingIdentity` will
+ be used.
@@ -147,10 +147,11 @@ default. You can use `--no-utf8` to override this.
restarting an aborted patch.
-S[<keyid>]::
---gpg-sign[=<keyid>]::
- GPG-sign commits. The `keyid` argument is optional and
- defaults to the committer identity; if specified, it must be
- stuck to the option without a space.
+--sign[=<keyid>]::
+--gpg-sign[=<keyid>] (deprecated)::
+ Sign commits. The `keyid` argument is optional and defaults
+ to the committer identity; if specified, it must be stuck to
+ the option without a space.
--continue::
-r::
@@ -110,10 +110,11 @@ effect to your index in a row.
See the signoff option in linkgit:git-commit[1] for more information.
-S[<keyid>]::
---gpg-sign[=<keyid>]::
- GPG-sign commits. The `keyid` argument is optional and
- defaults to the committer identity; if specified, it must be
- stuck to the option without a space.
+--sign[=<keyid>]::
+--gpg-sign[=<keyid>] (deprecated)::
+ Sign commits. The `keyid` argument is optional and defaults to
+ the committer identity; if specified, it must be stuck to the
+ option without a space.
--ff::
If the current HEAD is the same as the parent of the
@@ -60,14 +60,16 @@ OPTIONS
content of each file becomes its own paragraph.
-S[<keyid>]::
---gpg-sign[=<keyid>]::
- GPG-sign commits. The `keyid` argument is optional and
- defaults to the committer identity; if specified, it must be
- stuck to the option without a space.
-
---no-gpg-sign::
- Do not GPG-sign commit, to countermand a `--gpg-sign` option
- given earlier on the command line.
+--sign[=<keyid>]::
+--gpg-sign[=<keyid>] (deprecated)::
+ Sign commits. The `keyid` argument is optional and defaults to
+ the committer identity; if specified, it must be stuck to the
+ option without a space.
+
+--no-sign::
+--no-gpg-sign (deprecated)::
+ Do not GPG-sign commit, to countermand both `--sign` or the
+ depcrated `--gpg-sign` option given earlier on the command line.
Commit Information
@@ -331,14 +331,17 @@ changes to tracked files.
default commit message.
-S[<keyid>]::
---gpg-sign[=<keyid>]::
- GPG-sign commits. The `keyid` argument is optional and
- defaults to the committer identity; if specified, it must be
- stuck to the option without a space.
-
---no-gpg-sign::
- Countermand `commit.gpgSign` configuration variable that is
- set to force each and every commit to be signed.
+--sign[=<keyid>]::
+--gpg-sign[=<keyid>] (deprecated)::
+ Sign commits. The `keyid` argument is optional and defaults
+ to the committer identity; if specified, it must be stuck to
+ the option without a space.
+
+--no-sign::
+--no-gpg-sign (depecrated)::
+ Countermand both `commit.sign` and deprecated `commit.gpgSign`
+ configuration variables that are set to force each and every
+ commit to be signed.
\--::
Do not interpret any more arguments as options.
@@ -306,10 +306,11 @@ See also INCOMPATIBLE OPTIONS below.
result of auto-conflict resolution if possible.
-S[<keyid>]::
---gpg-sign[=<keyid>]::
- GPG-sign commits. The `keyid` argument is optional and
- defaults to the committer identity; if specified, it must be
- stuck to the option without a space.
+--sign[=<keyid>]::
+--gpg-sign[=<keyid>] (deprecated)::
+ Sign commits. The `keyid` argument is optional and defaults
+ to the committer identity; if specified, it must be stuck
+ to the option without a space.
-q::
--quiet::
@@ -88,10 +88,11 @@ This is useful when reverting more than one commits'
effect to your index in a row.
-S[<keyid>]::
---gpg-sign[=<keyid>]::
- GPG-sign commits. The `keyid` argument is optional and
- defaults to the committer identity; if specified, it must be
- stuck to the option without a space.
+--sign[=<keyid>]::
+--gpg-sign[=<keyid>] (deprecated)::
+ Sign commits. The `keyid` argument is optional and defaults to
+ the committer identity; if specified, it must be stuck to the
+ option without a space.
-s::
--signoff::
@@ -56,8 +56,9 @@ set to `no` at the beginning of them.
resolved as a fast-forward.
-S[<keyid>]::
---gpg-sign[=<keyid>]::
- GPG-sign the resulting merge commit. The `keyid` argument is
+--sign[=<keyid>]::
+--gpg-sign[=<keyid>] (deprecated)::
+ Sign the resulting merge commit. The `keyid` argument is
optional and defaults to the committer identity; if specified,
it must be stuck to the option without a space.
new file mode 100644