All of lore.kernel.org
 help / color / mirror / Atom feed
* [RFC] Proposal for a new config-based git signing interface
@ 2019-10-23 18:46 Ibrahim El
  0 siblings, 0 replies; only message in thread
From: Ibrahim El @ 2019-10-23 18:46 UTC (permalink / raw)
  To: git; +Cc: brian m. carlson, skinne, djm

Hello,

This is a follow-up on my previous emails related to the proposal of a new signing interface:

https://public-inbox.org/git/CACi-FhDeAZecXSM36zroty6kpf2BCWLS=0R+dUwuB96LqFKuTA@mail.gmail.com/T/#r43cbf31b86642ab5118e6e7b3d4098bade5f5a0a
https://public-inbox.org/git/Z2XOTcGuVovMKhcdrrO08KWI2I7L9s0CyFITvvj3jkmGTQPB6FkCiyOtTm6GdYWbnf25dsPD8M08kDCuD37EE1B-sxHQ3se9Kn1zVBrCPZw=@pm.me/T/#u
https://public-inbox.org/git/N31G34oKnfr3MVifk42-Kt3YtM_3fHuCp3V1cpGOK5f1jn1vbg1TaSCy9ukI-YD8qRfu4xMcHcPc78xFE0MSwJQWNrSvuQuer9wSNugNRLg=@pm.me/T/#u
https://public-inbox.org/git/8AMhjK19PJ35u3LCR57IvtAzOBN5bKK2vUn0Ns-4mmZzK9U14W5CGW5R8aITNXBm78J4Z7nd09RTVKW2pGaB4PnF7p2PireF_vzRST8DngE=@pm.me/T/#u
https://public-inbox.org/git/0oTOrSdJdIaEfs3NVkfRmLxjYRvUPkucwwaXPuhCjS2QL3ztRJLfIlBkcpjSRiZQaY70SKSkg8_w20rxnuD4Vu3IbRcGOZM-fht8G7ySEHk=@pm.me/T/#u
https://public-inbox.org/git/T4zS1hogOjySpdv7lDjVaZV83KKSeK9fx8m33SIo-e_BH4RtKcm67btmGzTPeflbRnQr7mWjTpObB0hCkX8VkGZElkQbLEgbrETg6Aq4nUg=@pm.me/T/#u
https://public-inbox.org/git/74R10RrvOffzj20d_Owd_1WFMh1bWq8mIhEEBSzbhkHfbvW5BLHZj-L-AgHYnpqkxgZdCfW5b72GoIvKHucQz7tdiGZEzietp0IKpU1_wuI=@pm.me/T/#u

The main feedback we received from the previous RFCs was that the drivers for external signing tools were still written in C and that we should go more for a configuration based interface.

I'v been thinking about how to go about it and would love to have your feedback on my proposed approach:

- Implement updated user configuration to define signing tools
- Implement a tool-agnostic signing interface in C code
- Add the possibility to use bash helper scripts to drive additional tools in case the default interface don't work as intended.
- The same configuration aliases can be passed to command line arguments

You can find below a detailed description of the proposed config and command line options:

https://hackmd.io/ZHsddYXkSmyb6rYajdyGLg
https://hackmd.io/yxS9nfiQSvmRZntcfnHOGQ

The configuration part would look like this:

```
[signing]
  format = openpgp

[signing "openpgp"]
  program = "/usr/bin/gpg"
	keyring = "--keyring pubring.kbx --no-default-keyring"
	identity = "--local-user \"Jane Committer <jane@hackers.com>\""
	sign = "--sign --status-fd=2 --detach-sign --ascii"
	verify = "--verify --status-fd=2"

[signing "openpgp.signature"]
	regex = "^-----BEGIN PGP SIGNATURE-----$[^-]*^-----END PGP SIGNATURE-----$"
	multiline = true
```

The equivilent command line to do a digitally signed commit looks like:

```
git commit \
  --sign
	--signing-format=openpgp \
	--signing-openpgp-program="/usr/bin/gpg" \
	--signing-openpgp-keyring="--keyring pubring.kbx --no-default-keyring" \
	--signing-openpgp-identity="--local-user \"Jane Committer <jane@hackers.com>\"" \
	--signing-openpgp-sign="--sign --status-fd=2 --detach-sign --ascii"
```

Cheers,


Ibrahim



^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2019-10-23 18:46 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-23 18:46 [RFC] Proposal for a new config-based git signing interface Ibrahim El

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.