Scoop: git config --global merge.verifySignatures true breaks Scoop updates

Created on 6 Nov 2020  路  2Comments  路  Source: lukesampson/scoop

Issue

A user might set git config --global merge.verifySignatures true according to their typical Git workflow. Enabling this setting breaks Scoop's git pull since buckets typically do not sign Git commits.

Solution

Set git config --local merge.verifySignatures false in ~/scoop/buckets repositories or run git pull --no-verify-signatures when performing updates.

picture 0x326
👍1

Most helpful comment

@magneticflux- That's true, but I still don't think that the package manager should break when it's easily avoidable, a user could just set that not having Scoop in mind.

Scoop should clone repos with the flags -c merge.verifySignatures=false or set the config locally, just in case.

picture FriendlyNeighborhoodShane on 16 Dec 2020
👍2

All 2 comments

Globally requiring signatures would break _many_ Git repos, so I don't think it's really an issue with Scoop in particular. I would instead recommend setting merge.verifySignatures on a per-repository basis, especially if you work with other Git repos.

As a workaround, you might be able to run git config --local merge.verifySignatures false in each of the buckets' clones to disable signature verification.

magneticflux- picture magneticflux- on 26 Nov 2020
😄1

@magneticflux- That's true, but I still don't think that the package manager should break when it's easily avoidable, a user could just set that not having Scoop in mind.

Scoop should clone repos with the flags -c merge.verifySignatures=false or set the config locally, just in case.

FriendlyNeighborhoodShane picture FriendlyNeighborhoodShane on 16 Dec 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

muhlpachr picture muhlpachr  路  3Comments
vpratfr picture vpratfr  路  3Comments
mpro7 picture mpro7  路  3Comments
borekb picture borekb  路  3Comments
yetangye picture yetangye  路  3Comments