Versions Compared

Old Version 3

changes.mady.by.user Min Yu

Saved on

compared with

New Version 4

changes.mady.by.user Richard Esplin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Richard Esplin, richard.esplin@evernym.com, esplinr, Evernym

Dave Huseby, dhuseby@linuxfoundation.org, dhuseby, Hyperledger

...

Project Plan

Git integration with external signing tools

Currently git supports signing / verifying commits and tags using GPG only. The goal of this project is to make the git signing interface compatible with external signing tools and with DIDs (Distributed Identities) using programs such as bettersign for example.

This project will be the continuation of the work already done by David Huseby on the subject. His previous work is here:

This project's working fork:

The main sections of the project are updating the user configuration and the command handling when a signing or verifying operation occur. The actions needed in each section can be listed below and will be evolving as the project evolves.

Milestones

  • Submit project proposal (June 18)
  • Review previous work (June 25)
  • RFC with the technical design document sent to git mailing list (July 15)
  • Receive feedback (August 31)
  • RFC patchbomb to the mailing list (September 30)
  • Refine implementation and follow through to landing (November 30)

Detailed Steps

Update documentation

  •  Git man page
  •  Other documentation

Update user configuration handling

  •  Change existing configuration keys to a more normalized new organization (commit.gpgSign to commit.sign, gpg.program to signing.openpgp.program, gpg.<format>.program to signing.<format>.program)
    •  Debug the git_signing_config and the openpgp_config/x509_config functions and verify that all unit tests pass.
    •  Add new unit tests to verify that all deprecated aliases work as expected and produce good warnings.
    •  Add new unit tests to verify that all new configuration keys work.

Update git script and command handling

  •  Re-organize the commands to normalized naming (git-am --sign, git-cherry-pick --sign, git-commit-tree --sign, git-commit-tree --no-sign, git-commit --sign, git-commit --no-sign, git-rebase --sign, git-revert --sign, merge --sign)
  •  Deprecate old commands and alias them to the new commands (git-am --gpg-sign, git-cherry-pick --gpg-sign, git-commit-tree --gpg-sign, git-commit-tree --no-gpg-sign, git-commit --gpg-sign, git-commit --no-gpg-sign, git-rebase --gpg-sign, git-revert --gpg-sign, merge --gpg-sign)

Testing

  •  Integration testing
  •  Manual testing git with new functionalities and signing programs

Back-burner Tasks

These are secondary tasks to do while waiting for feedback or assistance, or finished early:

  • Learn Rust
  • Learn about Indy SDK, Indy CLI, and Verifiable Credentials
  • Signing through the Indy CLI
  • Contribute to BetterSign