[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22883: Authenticating a Git checkout

From: Ludovic Courtès
Subject: bug#22883: Authenticating a Git checkout
Date: Tue, 24 Oct 2017 16:30:02 -0700
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)


Just a note for later…

address@hidden (Ludovic Courtès) skribis:

> With the quick-hack libgit2 bindings attached, I can run this program,
> which authenticates HEAD:


> So I think we can go from here.  Our repo would contain a Scheme list of
> authorized OpenPGP fingerprints, and we’d check whether the fingerprint
> that shows up in ‘valid-signature’ above is among them

Storing the list of authorized keys in a file in the repo is
inconvenient: simply to retrieve it, you’d need to make a checkout.  So
for each commit we verify, we have to check out the whole repo, which is

While reading
<http://karl.kornel.us/2017/10/welp-there-go-my-git-signatures/>, I
realized we could store in empty Git commit messages, which would
address the above problem (we could use a custom object type too, but
that would be less convenient.)

So the special commit could look like:


    (authorization-commit (KEY1 KEY2 …))
    (files ("hydra.gnu.org.pub") (KEY1 KEY2 …))
    (files _ (KEY1 KEY2 …))) ;all other files

That way, to authenticate a commit, we first fetch the latest
authorization commit, read the authorization rules from there, and make
sure that the changes it makes match the rules.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]