Create signed tags and verify those

[NicoHood]

Hi,
I need to create and verify gpg signed tags. It seems there is no such option yet, but is an extremely critical feature for my application. Is there a chance to see this implemented?

[ankostis]

But signing tags should work with something like this:

    repo.create_tag(tagname, 
                    message=tag_txt,
                    sign=True, 
                    local_user=master_key)

[NicoHood]

@ankostis Thanks, I will try. Can you please tell me from where you got this information. I cannot find this in the API reference at all. Also the local_user option is missing:
https://gitpython.readthedocs.io/en/stable/reference.html

[NicoHood]

I made it half working with this. But it still throws a lot of errors:

        self.repo.create_tag(self.config['tag'],
            message=self.config['message'],
            sign=True,
            local_user=self.config['fingerprint'])

        self.repo.create_tag(self.config['tag'],
            verify=True)

  File "/home/arch/.local/lib/python3.6/site-packages/git/repo/base.py", line 352, in create_tag
    return TagReference.create(self, path, ref, message, force, **kwargs)
  File "/home/arch/.local/lib/python3.6/site-packages/git/refs/tag.py", line 83, in create
    repo.git.tag(*args, **kwargs)
  File "/home/arch/.local/lib/python3.6/site-packages/git/cmd.py", line 425, in <lambda>
    return lambda *args, **kwargs: self._call_process(name, *args, **kwargs)
  File "/home/arch/.local/lib/python3.6/site-packages/git/cmd.py", line 877, in _call_process
    return self.execute(call, **exec_kwargs)
  File "/home/arch/.local/lib/python3.6/site-packages/git/cmd.py", line 688, in execute
    raise GitCommandError(command, status, stderr_value, stdout_value)
git.exc.GitCommandError: Cmd('git') failed due to: exit code(1)
  cmdline: git tag --verify 1.4.0 HEAD
  stdout: 'object f265d1725f27581069addbc75a1a323616dd147f
type commit
tag 1.4.0
tagger NicoHood <[email protected]> 1489822467 +0100

Release 1.4.0

Created with GPGit
https://github.com/NicoHood/gpgit'
  stderr: 'gpg: Signature made Sat Mar 18 08:34:27 2017 CET
gpg:                using RSA key 97312D5EB9D7AE7D0BD4307351DAE9B7C1AE9161
gpg: Good signature from "NicoHood <[email protected]>" [ultimate]
[additional uids removed]
error: tag 'HEAD' not found.'

Edit:
Solution is:

        try:
            self.repo.create_tag(self.config['tag'],
                verify=True,
                ref=None)
            print('okay')
        except:
            print('not okay')

[Byron]

@NicoHood Does this resolve your issue? If so, I would think closing the issue is the way to go.
In another note, I would advise against using GitPython just because it has certain issues that are unlikely to ever be properly resolved.

[NicoHood]

@Byron It is solved like that if one knows this information. A simple wrapper function to verify a tag would be appreciated. Then users dont need to find this issue via google and can use a more common way.

[Byron]

@NicoHood You are welcome to contribute this helper function :).