From: Jeff King <peff@peff.net>
To: GIT <git@vger.kernel.org>
Subject: Re: Signinig a commit with multiple signatures
Date: Tue, 19 Aug 2014 04:05:11 -0400 [thread overview]
Message-ID: <20140819080510.GC7712@peff.net> (raw)
In-Reply-To: <DED50992A39F4A07ACD997A65602991E@black>
On Sun, Aug 17, 2014 at 09:30:47AM -0400, Jason Pyeron wrote:
> I am working on an open source project right now where we are looking
> to enforce a N of M audit approval process. It turns out that git
> supports verifying multiple signatures because gpg supports signature
> merging.
In the scheme you propose, the commit object is actually rewritten. So
whoever made and signed it first will then need to rebase on top of the
rewritten multi-signed version.
Is there a reason not to use detached signatures, and let each person
add them after the fact? You can store them in git-notes and then push
them along with the other commits (you can even check in a pre-receive
hook that the commits meet your N of M criteria, as long as everybody
has pushed up their signature notes).
> $ cat write-commit.ruby
> #!/usr/bin/irb
> require 'fileutils'
> file = File.open(ARGV[0], "rb")
> content = file.read
> header = "commit #{content.length}\0"
> store = header + content
> require 'digest/sha1'
> sha1 = Digest::SHA1.hexdigest(store)
> require 'zlib'
> zlib_content = Zlib::Deflate.deflate(store)
> path = '.git/objects/' + sha1[0,2] + '/' + sha1[2,38]
> FileUtils.mkdir_p(File.dirname(path))
> File.open(path, 'w') { |f| f.write zlib_content }
I think this is just "git hash-object -w -t commit <file>", isn't it?
-Peff
next prev parent reply other threads:[~2014-08-19 8:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-11 4:59 Sharing merge conflict resolution between multiple developers Chris Packham
2014-08-11 18:44 ` Junio C Hamano
2014-08-11 23:29 ` Chris Packham
2014-08-12 1:57 ` Junio C Hamano
[not found] ` <CAP8UFD0_zfB_D-9EVZ4K=Zdq_G+9C-QhX7WED53zExV+Nv8Arg@mail.gmail.com>
2014-08-11 18:57 ` Christian Couder
2014-08-11 19:33 ` Nico Williams
2014-08-17 7:52 ` Jeff King
2014-08-17 13:30 ` Signinig a commit with multiple signatures Jason Pyeron
2014-08-19 8:05 ` Jeff King [this message]
2014-08-19 13:09 ` Jason Pyeron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140819080510.GC7712@peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).