[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22883: Authenticating a Git checkout
|
From: |
Ludovic Courtès |
|
Subject: |
bug#22883: Authenticating a Git checkout |
|
Date: |
Tue, 24 Oct 2017 16:30:02 -0700 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Hello,
Just a note for later…
address@hidden (Ludovic Courtès) skribis:
> With the quick-hack libgit2 bindings attached, I can run this program,
> which authenticates HEAD:
[...]
> So I think we can go from here. Our repo would contain a Scheme list of
> authorized OpenPGP fingerprints, and we’d check whether the fingerprint
> that shows up in ‘valid-signature’ above is among them
Storing the list of authorized keys in a file in the repo is
inconvenient: simply to retrieve it, you’d need to make a checkout. So
for each commit we verify, we have to check out the whole repo, which is
inefficient.
While reading
<http://karl.kornel.us/2017/10/welp-there-go-my-git-signatures/>, I
realized we could store in empty Git commit messages, which would
address the above problem (we could use a custom object type too, but
that would be less convenient.)
So the special commit could look like:
Authorization
(commit-authorizations
(authorization-commit (KEY1 KEY2 …))
(files ("hydra.gnu.org.pub") (KEY1 KEY2 …))
(files _ (KEY1 KEY2 …))) ;all other files
That way, to authenticate a commit, we first fetch the latest
authorization commit, read the authorization rules from there, and make
sure that the changes it makes match the rules.
Thoughts?
Ludo’.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#22883: Authenticating a Git checkout,
Ludovic Courtès <=