[PATCH] build: parsing "git log" breaks with gpg signature verification

Bjørn Mork bjorn at mork.no
Fri Jun 27 02:05:54 PDT 2025 

This is BROKEN, in the exact same way as the other "git log" parsing I
tried to fix with the ignored patch quoted below:


commit e56845fae3c05463a57ba8e0e104d6d8d8cd96ed
Author: Eric Fahlgren <ericfahlgren at gmail.com>
Date:   Sat Feb 1 08:12:07 2025 -0800

    scripts: getver.sh: approximate version from date
    
    When doing package support and management it is often the case that
    knowing the corresponding openwrt repo's release version is useful.
    
    For example, when adding package changes to the ASU server, the
    openwrt revision is used as the cutoff for applying those changes.
    Knowing a package change's hash in its remote feed repo allows us
    to look up its change date, which we can now use with getver.sh
    to approximate the revision in openwrt at which it was made.
    
    Signed-off-by: Eric Fahlgren <ericfahlgren at gmail.com>
    Link: https://github.com/openwrt/openwrt/pull/17817
    Signed-off-by: Robert Marko <robimarko at gmail.com>

diff --git a/scripts/getver.sh b/scripts/getver.sh
index 0659d8004a01..e9a5cca0740d 100755
--- a/scripts/getver.sh
+++ b/scripts/getver.sh
@@ -23,6 +23,9 @@ try_git() {
                BASE_REV="$(git rev-list ${REBOOT}..HEAD 2>/dev/null | wc -l | awk '{print $1}')"
                [ $((BASE_REV - GET_REV)) -ge 0 ] && REV="$(git rev-parse HEAD~$((BASE_REV - GET_REV)))"
                ;;
+       *-*-*)  # ISO date format - for approximating when packages were removed or renamed
+               GET_REV="$(git log -n 1 --format="%h" --until "$GET_REV")"
+               ;&  # FALLTHROUGH
        *)
                BRANCH="$(git rev-parse --abbrev-ref HEAD)"
                ORIGIN="$(git rev-parse --verify --symbolic-full-name ${BRANCH}@{u} 2>/dev/null)"





If you don't believe me, then please try this in an OpenWrt workdir:

 git config log.showSignature true
 export GET_REV=2025-05-27
 GET_REV="$(git log -n 1 --format="%h" --until "$GET_REV")"
 echo "$GET_REV"


See?  A user could also have that setting in their ~/.gitconfig. Now,
try the same using

 GET_REV="$(git log -n 1 --no-show-signature --format="%h" --until "$GET_REV")"
 

Notice the difference? It's a simple workaround.  So why not use that
option, if you insist on parsing git-log output?



Bjørn



Bjørn Mork via openwrt-devel <openwrt-devel at lists.openwrt.org> writes:

> The sender domain has a DMARC Reject/Quarantine policy which disallows
> sending mailing list messages using the original "From" header.
>
> To mitigate this problem, the original message has been wrapped
> automatically by the mailing list software.
>
> From: Bjørn Mork <bjorn at mork.no>
> Subject: [PATCH] build: parsing "git log" breaks with gpg signature verification
> To: openwrt-devel at lists.openwrt.org
> Cc: Bjørn Mork <bjorn at mork.no>
> Date: Tue, 11 Feb 2025 19:05:32 +0100
>
> Parsing "git log" is fragile.  The actual output depends on both global and
> local configuration files. Enabling "log.showSignature" makes "git log" prefix
> signed commits with multiple lines of gpg verify output, regardless of the
> configured log format.
>
> Add "--no-show-signature" to "git log" commands to work around this particular
> issue.
>
> Signed-off-by: Bjørn Mork <bjorn at mork.no>
> ---
>  include/download.mk | 2 +-
>  rules.mk            | 4 ++--
>  scripts/getver.sh   | 2 +-
>  toolchain/Makefile  | 2 +-
>  4 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/include/download.mk b/include/download.mk
> index 7f3430277350..3ed88bb9528d 100644
> --- a/include/download.mk
> +++ b/include/download.mk
> @@ -228,7 +228,7 @@ define DownloadMethod/rawgit
>  	[ \! -d $(SUBDIR) ] && \
>  	git clone $(OPTS) $(URL) $(SUBDIR) && \
>  	(cd $(SUBDIR) && git checkout $(SOURCE_VERSION)) && \
> -	export TAR_TIMESTAMP=`cd $(SUBDIR) && git log -1 --format='@%ct'` && \
> +	export TAR_TIMESTAMP=`cd $(SUBDIR) && git log -1 --no-show-signature --format='@%ct'` && \
>  	echo "Generating formal git archive (apply .gitattributes rules)" && \
>  	(cd $(SUBDIR) && git config core.abbrev 8 && \
>  	git archive --format=tar HEAD --output=../$(SUBDIR).tar.git) && \
> diff --git a/rules.mk b/rules.mk
> index dbc448e1a432..7a5df4109ef1 100644
> --- a/rules.mk
> +++ b/rules.mk
> @@ -507,9 +507,9 @@ ext=$(word $(words $(subst ., ,$(1))),$(subst ., ,$(1)))
>  ##
>  define commitcount
>  $(shell \
> -  if git log -1 >/dev/null 2>/dev/null; then \
> +  if git log -1 --no-show-signature >/dev/null 2>/dev/null; then \
>      if [ -n "$(1)" ]; then \
> -      last_bump="$$(git log --pretty=format:'%h %s' . | \
> +      last_bump="$$(git log --no-show-signature --pretty=format:'%h %s' . | \
>          grep -m 1 -e ': [uU]pdate to ' -e ': [bB]ump to ' | \
>          cut -f 1 -d ' ')"; \
>      fi; \
> diff --git a/scripts/getver.sh b/scripts/getver.sh
> index 0659d8004a01..23ca0f489b15 100755
> --- a/scripts/getver.sh
> +++ b/scripts/getver.sh
> @@ -40,7 +40,7 @@ try_git() {
>  			REV="${UPSTREAM_REV}+$((REV - UPSTREAM_REV))"
>  		fi
>  
> -		REV="${REV:+r$REV-$(git log -n 1 --format="%h" $UPSTREAM_BASE)}"
> +		REV="${REV:+r$REV-$(git log -n 1 --no-show-signature --format="%h" $UPSTREAM_BASE)}"
>  
>  		;;
>  	esac
> diff --git a/toolchain/Makefile b/toolchain/Makefile
> index 09c16f72a780..67b1540117cd 100644
> --- a/toolchain/Makefile
> +++ b/toolchain/Makefile
> @@ -65,7 +65,7 @@ endif
>  ifdef CONFIG_BUILDBOT
>  ifneq ($(wildcard $(TOPDIR)/.git),)
>    $(TOOLCHAIN_DIR)/stamp/.ver_check: $(TMP_DIR)/.build
> -	cd "$(TOPDIR)"; git log --format=%h -1 toolchain > $(TMP_DIR)/.ver_check
> +	cd "$(TOPDIR)"; git log --no-show-signature --format=%h -1 toolchain > $(TMP_DIR)/.ver_check
>  	cmp -s $(TMP_DIR)/.ver_check $@ || { \
>  		rm -rf $(BUILD_DIR) $(STAGING_DIR) $(TOOLCHAIN_DIR) $(BUILD_DIR_TOOLCHAIN); \
>  		mkdir -p $(TOOLCHAIN_DIR)/stamp; \

More information about the openwrt-devel mailing list