0

warn on expired gpg signing keys instead of just failing

Aron 1 month ago updated 4 weeks ago 1

Currently when a signing key expires, smartgit only shows the attached message.
The log file also only outputs that gpg2 failed to sign a commit.

I'm not sure if you actually get more output by git/gpg if it fails to sign a commit with an expired key. If so showing that info or logging it at least would be nice.
In either way it would also be nice if smartgit does warn that this might be the reason, or could just make a quick check in the settings dialog if the specified key is still valid.

I know that it's a little bit of extra feature, but this really threw me off when it just stopped working after some years and the "user experience" is really bad. I just happened to invoke gpg2 -k and finding that the entry for my key is actually expired. Just re-running the smartgit command displayed below to debug it by yourself is obviously not possible as the tmp file is gone.

When gpg signing failed, run gpg -k and see if an entry like this exists
pub rsa2048 2017-04-09 [SC] [expired: 2021-09-12]
40D865333C9491494D7B17317DA50F9C2CA6CF10
uid [ expired] Blub

Here a valid entry
pub rsa4096 2021-12-13 [SC] [expires: 2023-12-12]
40D865333C9491494D7B17317DA50F9C2CA6CF10
uid [ unknown]Blub

Note that 40D865333C9491494D7B17317DA50F9C2CA6CF10 is the key id specified in the smartgit settings.
I sadly could not find a CLI argument to get only data for a specific key id.