From 9e54f169eae8db3984302171d7772795deac9513 Mon Sep 17 00:00:00 2001
From: Guido Guenther <agx@sigxcpu.org>
Date: Fri, 8 Dec 2006 16:32:32 +0100
Subject: support signed tags

---
 debian/changelog             |  9 +++++++++
 gbp.conf                     |  4 ++++
 git-buildpackage             |  6 +++++-
 git-import-dsc               | 19 ++++++++++++-------
 git-import-orig              |  6 +++++-
 git_buildpackage/__init__.py | 25 +++++++++++++++++--------
 git_buildpackage/config.py   | 11 +++++++----
 7 files changed, 59 insertions(+), 21 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 3023378..9bee22a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+git-buildpackage (0.2.15) experimental; urgency=low
+
+  * git-buildpackage now supports signed tags via the "sign-tag" and "keyid"
+    options. This allows us to have a nice "trustable" history. See:
+         http://www.kernel.org/pub/software/scm/git/docs/
+    on how this ensured.
+
+ -- Guido Guenther <agx@sigxcpu.org>  Wed,  6 Dec 2006 22:04:41 +0100
+
 git-buildpackage (0.2.14) experimental; urgency=low
 
   * config file parsing to set default branches and build commands
diff --git a/gbp.conf b/gbp.conf
index d7ee621..e8ed3b1 100644
--- a/gbp.conf
+++ b/gbp.conf
@@ -11,6 +11,10 @@
 # Special options for git-buildpackage
 [git-buildpackage]
 #upstream-branch=dfsgclean
+# Uncomment this to automatically sign tags
+#sign-tags = True
+# Keyid to sign tags with
+#keyid = 0xdeadbeef
 
 # Special options for git-import-orig
 [git-import-orig]
diff --git a/git-buildpackage b/git-buildpackage
index f7a5663..83df28c 100755
--- a/git-buildpackage
+++ b/git-buildpackage
@@ -63,6 +63,10 @@ def main(argv):
                       help="command to build the package e.g. default is '%(builder)s'")
     parser.add_config_file_option(option_name="upstream-branch", dest="upstream_branch",
                       help="upstream branch, default is '%(upstream-branch)s'")
+    parser.add_config_file_option(option_name="sign-tags", dest="sign_tag",
+                      help="sign git tags", action="store_true")
+    parser.add_config_file_option(option_name="keyid", dest="keyid",
+                      help="keyid to sign tags with")
     (options, args) = parser.parse_args(args)
 
     if options.verbose:
@@ -95,7 +99,7 @@ def main(argv):
                 return 1
             else:
                 print "Tagging", version
-                if not GitTag()(sanitize_version(version)): return 1
+                if not GitTag(options.sign_tag, options.keyid)(sanitize_version(version)): return 1
     except CommandExecFailed:
         return 1
     return 0
diff --git a/git-import-dsc b/git-import-dsc
index 6c97952..0797fc5 100755
--- a/git-import-dsc
+++ b/git-import-dsc
@@ -31,7 +31,6 @@ from git_buildpackage.config import GBPOptionParser
 
 gitAdd=GitAdd()
 gitCommitAll=GitCommitAll()
-gitTag=GitTag()
 
 class DscPackage(object):
     """Parse the dsc file for verions, package names, etc"""
@@ -71,7 +70,7 @@ class DscPackage(object):
         f.close()
     
 
-def import_upstream(src, dirs, upstream_branch):
+def import_upstream(src, dirs, upstream_branch, tagger):
     try:
         unpackTGZ=UnpackTGZ(src.tgz, dirs['tmp'])
         unpackTGZ()
@@ -86,7 +85,7 @@ def import_upstream(src, dirs, upstream_branch):
         GitInitDB()()
         gitAdd(['.'])
         gitCommitAll(msg="Imported %s version %s" % (['upstream','Debian'][src.native],src.upstream_version,))
-        gitTag(sanitize_version(src.upstream_version))
+        tagger(sanitize_version(src.upstream_version))
         if not src.native:
             GitBranch()(upstream_branch)
     except CommandExecFailed:
@@ -96,12 +95,12 @@ def import_upstream(src, dirs, upstream_branch):
     return 0
 
 
-def apply_debian_patch(src, dirs):
+def apply_debian_patch(src, dirs, tagger):
     try:
         DpkgSourceExtract()(src.dscfile, dirs['dpkg-src'])
         os.chdir(dirs['git'])
         GitLoadDirs()(dirs['dpkg-src'], 'Imported Debian patch')
-        gitTag(sanitize_version('%s-%s' % (src.upstream_version, src.debian_version)))
+        tagger(sanitize_version('%s-%s' % (src.upstream_version, src.debian_version)))
     except CommandExecFailed:
         print >>sys.stderr,"Failed to import Debian package"
         return 1
@@ -123,11 +122,17 @@ def main(argv):
                       help="verbose command execution")
     parser.add_config_file_option(option_name="upstream-branch", dest="upstream_branch",
                       help="upstream branch, default is '%(upstream-branch)s'")
+    parser.add_config_file_option(option_name="sign-tags", dest="sign_tags",
+                      help="sign git tags", action="store_true")
+    parser.add_config_file_option(option_name="keyid", dest="keyid",
+                      help="keyid to sign tags with")
     (options, args) = parser.parse_args(argv[1:])
 
     if options.verbose:
         Command.verbose = True
 
+    gitTag=GitTag(options.sign_tags, options.keyid)
+
     if len(args) != 1:
         parser.print_help()
         return 1
@@ -135,14 +140,14 @@ def main(argv):
         src=DscPackage(args[0])
 
         dirs['tmp']=os.path.abspath(tempfile.mkdtemp(dir='.'))
-        if import_upstream(src, dirs, options.upstream_branch):
+        if import_upstream(src, dirs, options.upstream_branch, gitTag):
             return 1
         os.chdir(dirs['top'])
         if not src.native:
             dirs['unpack']=dirs['tmp']+'/unpack'
             os.mkdir(dirs['unpack'])
             dirs['dpkg-src']="%s/%s-%s-%s" % (dirs['unpack'], src.pkg, src.upstream_version, src.debian_version)
-            if apply_debian_patch(src, dirs):
+            if apply_debian_patch(src, dirs, gitTag):
                 return 1
         os.chdir(dirs['top'])
         move_tree(src, dirs)
diff --git a/git-import-orig b/git-import-orig
index e28d17d..799dfa5 100755
--- a/git-import-orig
+++ b/git-import-orig
@@ -63,6 +63,10 @@ def main(argv):
                       help="branch the debian patch is being developed on, default is '%(debian-branch)s'")
     parser.add_config_file_option(option_name="upstream-branch", dest="upstream",
                       help="upstream branch, default is '%(upstream-branch)s'")
+    parser.add_config_file_option(option_name="sign-tags", dest="sign_tags",
+                      help="sign git tags", action="store_true")
+    parser.add_config_file_option(option_name="keyid", dest="keyid",
+                      help="keyid to sign tags with")
     (options, args) = parser.parse_args(argv[1:])
 
     gitCheckoutUpstream=GitCheckoutBranch(options.upstream)
@@ -112,7 +116,7 @@ def main(argv):
         gitCheckoutUpstream()
         gitShowBranch()
         GitLoadDirs()(origdir)
-        GitTag()(sanitize_version(version))
+        GitTag(options.sign_tags, options.keyid)(sanitize_version(version))
    
         if options.merge:
             print "Merging to %s" % (options.debian,)
diff --git a/git_buildpackage/__init__.py b/git_buildpackage/__init__.py
index 29fe7b2..09a33f8 100644
--- a/git_buildpackage/__init__.py
+++ b/git_buildpackage/__init__.py
@@ -138,24 +138,33 @@ class GitPull(GitCommand):
     """Wrap git-pull"""
     def __init__(self, repo, branch):
         GitCommand.__init__(self,'pull', [repo, branch]) 
-        self.run_error="Couldn't pull %s to %s" % (branch, repo)
+        self.run_error = "Couldn't pull %s to %s" % (branch, repo)
 
 
 class GitTag(GitCommand):
     """Wrap git-tag"""
-    def __init__(self):
-        GitCommand.__init__(self,'tag') 
-
-    def __call__(self, tag):
-        self.run_error="Couldn't tag %s" % (tag,)
-        GitCommand.__call__(self, [tag])
+    def __init__(self, sign_tag=False, keyid=None):
+        GitCommand.__init__(self,'tag')
+        self.sign_tag = sign_tag
+        self.keyid = keyid
+
+    def __call__(self, version, msg="Tagging %(version)s"):
+        self.run_error="Couldn't tag %s" % (version,)
+        if self.sign_tag:
+            if self.keyid:
+                sign_opts = [ '-u', self.keyid ]
+            else:
+                sign_opts = [ '-s' ]
+        else:
+            sign_opts = []
+        GitCommand.__call__(self, sign_opts+[ '-m', msg % locals(), version])
 
 
 class GitAdd(GitCommand):
     """Wrap git-add to add new files"""
     def __init__(self):
         GitCommand.__init__(self,'add')
-        self.run_error="Couldn't add files"
+        self.run_error = "Couldn't add files"
 
 
 class GitCommitAll(GitCommand):
diff --git a/git_buildpackage/config.py b/git_buildpackage/config.py
index 3a2c69d..f909b2f 100644
--- a/git_buildpackage/config.py
+++ b/git_buildpackage/config.py
@@ -22,9 +22,12 @@ class GBPOptionParser(OptionParser):
     @cvar config_files: list of config files we parse
     @type config_files: list
     """
-    defaults={ 'builder':         'debuild',
+    defaults={ 'builder'         : 'debuild',
                'debian-branch'   : 'debian',
                'upstream-branch' : 'upstream',
+               'upstream-branch' : 'upstream',
+	       'sign-tags'	 : '',		# empty means False
+	       'keyid'		 : '',
              }
     config_files=['/etc/git-buildpackage/gbp.conf',
                   os.path.expanduser('~/.gbp.conf'),
@@ -45,7 +48,7 @@ class GBPOptionParser(OptionParser):
         OptionParser.__init__(self, usage=usage)
 
 
-    def add_config_file_option(self, option_name, dest, help):
+    def add_config_file_option(self, option_name, dest, help, **kwargs):
         """
         set a option for the command line parser, the default is read from the config file
         @var option_name: name of the option
@@ -56,6 +59,6 @@ class GBPOptionParser(OptionParser):
         @type help: string
         """
         OptionParser.add_option(self,"--%s%s" % (self.prefix, option_name), dest=dest,
-                                         default=self.config[option_name], help=help % self.config)
-
+                                         default=self.config[option_name], 
+					 help=help % self.config, **kwargs)
 
-- 
cgit v1.2.3