[maintainer-tools PATCH] dim: Sign commits in addition to tags

[Sean Paul]

Expanding on Jani's work to sign tags, this patch adds signing for git
commit/am.

Signed-off-by: Sean Paul <seanpaul at chromium.org>
---

This has been lightly tested with dim apply-branch/dim push-branch.

Sean

 dim | 78 +++++++++++++++++++++++++++++++++++++++++++++------------------------
 1 file changed, 51 insertions(+), 27 deletions(-)

diff --git a/dim b/dim
index 527989aff9ad..cd5e41f89a3a 100755
--- a/dim
+++ b/dim
@@ -67,9 +67,6 @@ DIM_TEMPLATE_SIGNATURE=${DIM_TEMPLATE_SIGNATURE:-$HOME/.dim.template.signature}
 # dim pull-request tag summary template
 DIM_TEMPLATE_TAG_SUMMARY=${DIM_TEMPLATE_TAG_SUMMARY:-$HOME/.dim.template.tagsummary}
 
-# GPG key id for signing tags. If unset, don't sign.
-DIM_GPG_KEYID=${DIM_GPG_KEYID:+-u $DIM_GPG_KEYID}
-
 #
 # Internal configuration.
 #
@@ -104,6 +101,20 @@ test_request_recipients=(
 # integration configuration
 integration_config=nightly.conf
 
+# GPG key id for signing tags. If unset, don't sign.
+function gpg_keyid_for_tag
+{
+	echo "${DIM_GPG_KEYID:+-u $DIM_GPG_KEYID}"
+	return 0
+}
+
+# GPG key id for committing (git commit/am). If unset, don't sign.
+function gpg_keyid_for_commit
+{
+	echo "${DIM_GPG_KEYID:+-S$DIM_GPG_KEYID}"
+	return 0
+}
+
 function read_integration_config
 {
 	# clear everything first to allow configuration reload
@@ -473,12 +484,14 @@ EOF
 # append all arguments as tags at the end of the commit message of HEAD
 function dim_commit_add_tag
 {
+	local gpg_keyid
+	gpg_keyid=$(gpg_keyid_for_commit)
 	for arg; do
 		# the first sed deletes all trailing blank lines at the end
 		git log -1 --pretty=%B | \
 			sed -e :a -e '/^\n*$/{$d;N;ba' -e '}' | \
 			sed "\$a${arg}" | \
-			git commit --amend -F-
+			git commit $gpg_keyid --amend -F-
 	done
 }
 
@@ -604,7 +617,7 @@ function update_rerere_cache
 
 function commit_rerere_cache
 {
-	local remote file commit_message
+	local remote file commit_message gpg_keyid
 
 	echo -n "Updating rerere cache... "
 
@@ -640,7 +653,8 @@ function commit_rerere_cache
 		$(git --version)
 		EOF
 
-	if git commit -F $commit_message >& /dev/null; then
+	gpg_keyid=$(gpg_keyid_for_commit)
+	if git commit $gpg_keyid -F $commit_message >& /dev/null; then
 		echo -n "New commit. "
 	else
 		echo -n "Nothing changed. "
@@ -653,13 +667,14 @@ function commit_rerere_cache
 
 function dim_rebuild_tip
 {
-	local integration_branch specfile first rerere repo remote
+	local integration_branch specfile first rerere repo remote gpg_keyid
 
 	integration_branch=drm-tip
 	specfile=$(mktemp)
 	first=1
 
 	rerere=$DIM_PREFIX/drm-rerere
+	gpg_keyid=$(gpg_keyid_for_commit)
 
 	cd $rerere
 	if git status --porcelain | grep -q -v "^[ ?][ ?]"; then
@@ -731,7 +746,7 @@ function dim_rebuild_tip
 
 			# because we filter out fast-forward merges there will
 			# always be something to commit
-			git commit --no-edit --quiet
+			git commit $gpg_keyid --no-edit --quiet
 			echo "Done."
 		fi
 
@@ -743,7 +758,7 @@ function dim_rebuild_tip
 	echo -n "Adding integration manifest $integration_branch: $dim_timestamp... "
 	mv $specfile integration-manifest
 	git add integration-manifest
-	git commit --quiet -m "$integration_branch: $dim_timestamp integration manifest"
+	git commit $gpg_keyid --quiet -m "$integration_branch: $dim_timestamp integration manifest"
 	echo "Done."
 
 	remote=$(repo_to_remote drm-tip)
@@ -848,7 +863,7 @@ function dim_push
 
 function apply_patch #patch_file
 {
-	local patch message_id committer_email patch_from sob rv
+	local patch message_id committer_email patch_from sob rv gpg_keyid
 
 	patch="$1"
 	shift
@@ -860,7 +875,8 @@ function apply_patch #patch_file
 		sob=-s
 	fi
 
-	git am --scissors -3 $sob "$@" $patch
+	gpg_keyid=$(gpg_keyid_for_commit)
+	git am --scissors -3 $sob $gpg_keyid "$@" $patch
 
 	if [ -n "$message_id" ]; then
 		dim_commit_add_tag "Link: https://patchwork.freedesktop.org/patch/msgid/$message_id"
@@ -911,7 +927,7 @@ function dim_apply_branch
 
 function dim_apply_pull
 {
-	local branch file message_id pull_branch rv
+	local branch file message_id pull_branch rv gpg_keyid
 
 	branch=${1:?$usage}
 	file=$(mktemp)
@@ -929,7 +945,8 @@ function dim_apply_pull
 
 	message_id=$(message_get_id $file)
 
-	git commit --amend -s --no-edit
+	gpg_keyid=$(gpg_keyid_for_commit)
+	git commit $gpg_keyid --amend -s --no-edit
 	if [ -n "$message_id" ]; then
 		dim_commit_add_tag "Link: https://patchwork.freedesktop.org/patch/msgid/$message_id"
 	else
@@ -945,7 +962,7 @@ function dim_apply_pull
 
 function dim_backmerge
 {
-	local branch upstream patch_file
+	local branch upstream patch_file gpg_keyid
 
 	branch=${1:?$usage}
 	upstream=${2:?$usage}
@@ -990,8 +1007,9 @@ function dim_backmerge
 		echoerr "   git commit -a"
 	fi
 
+	gpg_keyid=$(gpg_keyid_for_commit)
 	git add -u
-	git commit -s
+	git commit $gpg_keyid -s
 }
 
 function dim_add_link
@@ -1227,7 +1245,7 @@ function dim_magic_patch
 
 function dim_create_branch
 {
-	local branch repo remote
+	local branch repo remote gpg_keyid
 
 	branch=${1:?$usage}
 	start=${2:-HEAD}
@@ -1250,13 +1268,14 @@ function dim_create_branch
 	cd $DIM_PREFIX/drm-rerere
 	$DRY sed -i "s/^\() # DO NOT CHANGE THIS LINE\)$/\t\"$repo\t\t${branch//\//\\\/}\"\n\1/" $integration_config
 
+	gpg_keyid=$(gpg_keyid_for_commit)
 	$DRY git add $integration_config
-	$DRY git commit --quiet -m "Add $repo $branch to $integration_config"
+	$DRY git commit $gpg_keyid --quiet -m "Add $repo $branch to $integration_config"
 }
 
 function dim_remove_branch
 {
-	local branch repo remote
+	local branch repo remote gpg_keyid
 
 	branch=${1:?$usage}
 
@@ -1288,8 +1307,9 @@ function dim_remove_branch
 	cd $DIM_PREFIX/drm-rerere
 	$DRY sed -i "/^[[:space:]]*\"${repo}[[:space:]]\+${branch//\//\\\/}.*$/d" $integration_config
 
+	gpg_keyid=$(gpg_keyid_for_commit)
 	$DRY git add $integration_config
-	$DRY git commit --quiet -m "Remove $repo $branch from $integration_config"
+	$DRY git commit $gpg_keyid --quiet -m "Remove $repo $branch from $integration_config"
 
 	dim_rebuild_tip
 }
@@ -1579,7 +1599,7 @@ function dim_for_each_workdir
 
 function dim_update_next
 {
-	local remote
+	local remote gpg_keyid
 
 	assert_branch drm-intel-next-queued
 
@@ -1597,12 +1617,13 @@ function dim_update_next
 		exit 2
 	fi
 
+	gpg_keyid=$(gpg_keyid_for_commit)
 	driver_date=$(date +%Y%m%d)
 	driver_timestamp=$(date +%s)
 	$DRY sed -i -e "s/^#define DRIVER_DATE.*\"[0-9]*\"$/#define DRIVER_DATE\t\t\"$driver_date\"/; s/^#define DRIVER_TIMESTAMP.*/#define DRIVER_TIMESTAMP\t$driver_timestamp/" \
 	     drivers/gpu/drm/i915/i915_drv.h
 	$DRY git add drivers/gpu/drm/i915/i915_drv.h
-	git commit $DRY_RUN -sm "drm/i915: Update DRIVER_DATE to $driver_date"
+	git commit $DRY_RUN $gpg_keyid -sm "drm/i915: Update DRIVER_DATE to $driver_date"
 
 	gitk drm-intel-next-queued ^$(repo_to_remote drm-upstream)/drm-next &
 
@@ -1614,7 +1635,7 @@ function dim_update_next
 
 function dim_update_next_continue
 {
-	local remote intel_remote req_file suffix tag tag_testing
+	local remote intel_remote req_file suffix tag tag_testing gpg_keyid
 
 	assert_branch drm-intel-next-queued
 
@@ -1630,7 +1651,8 @@ function dim_update_next_continue
 		tag_testing="drm-intel-testing-$dim_today-$((++suffix))"
 	done
 
-	$DRY git tag -a $DIM_GPG_KEYID $tag $intel_remote/drm-intel-next
+	gpg_keyid=$(gpg_keyid_for_tag)
+	$DRY git tag -a $gpg_keyid $tag $intel_remote/drm-intel-next
 	git push $DRY_RUN $intel_remote $tag
 
 	echo "Updating drm-intel-testing to latest drm-tip"
@@ -1655,7 +1677,7 @@ function dim_update_next_continue
 
 function dim_tag_next
 {
-	local intel_remote tag suffix
+	local intel_remote tag suffix gpg_keyid
 
 	cd $DIM_PREFIX/$DIM_REPO
 
@@ -1670,7 +1692,8 @@ function dim_tag_next
 			tag="drm-intel-next-$dim_today-$((++suffix))"
 		done
 
-		$DRY git tag -a $DIM_GPG_KEYID $tag $intel_remote/drm-intel-next
+		gpg_keyid=$(gpg_keyid_for_tag)
+		$DRY git tag -a $gpg_keyid $tag $intel_remote/drm-intel-next
 		git push $DRY_RUN $intel_remote $tag
 	else
 		echo "drm-intel-next not up-to-date, aborting"
@@ -1700,7 +1723,7 @@ function prep_pull_tag_summary
 # dim_pull_request branch upstream
 function dim_pull_request
 {
-	local branch upstream remote repo req_file url_list git_url suffix tag
+	local branch upstream remote repo req_file url_list git_url suffix tag gpg_keyid
 
 	branch=${1:?$usage}
 	upstream=${2:?$usage}
@@ -1731,7 +1754,8 @@ function dim_pull_request
 		done
 		gitk "$branch@{upstream}" ^$upstream &
 		prep_pull_tag_summary | $DRY git tag -F- $tag "$branch@{upstream}"
-		$DRY git tag -a $DIM_GPG_KEYID -f $tag
+		gpg_keyid=$(gpg_keyid_for_tag)
+		$DRY git tag -a $gpg_keyid -f $tag
 		$DRY git push $remote $tag
 		prep_pull_mail $req_file $tag
 
-- 
2.15.0.rc2.357.g7e34df9404-goog