Versions Compared

Old Version 30

changes.mady.by.user Anh Nguyen

Saved on

compared with

New Version 31

changes.mady.by.user Ibrahim El Rhezzali

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Project update

...

https://github.com/ibrahimel/did-git-impl/commits/did-git-impl-signing-patch


After receiving feedback from the git community, we opted for a config based approch and a tool-agnostic signing interface. Below is the explained approach sent to the mailing list:

https://public-inbox.org/git/R3X1WzWH0sgOh85GuUmXwsTC6CPKysi4TRzN_BPecDVGr__ET2-mitZ2DZA0_bpKkzLRtnTtoomIWxZtL52_1XkihYBVBAuWMpSdwoboixY=@pm.me/T/#u


The user configuration would define the signing tool and other parameters as keys, identity and keychain. It would look like this:

[signing]
  format = openpgp

[signing "openpgp"]
  program = /usr/bin/gpg
	keyring = "--keyring pubring.kbx --no-default-keyring"
	identity = "--local-user \"Jane Committer <jane@hackers.com>\""
	sign = "$program --sign --status-fd=2 --detach-sign --ascii"
	verify = $program --verify --status-fd=2"

[signing "openpgp.signature"]
	regex = "^-----BEGIN PGP SIGNATURE-----$[^-]*^-----END PGP SIGNATURE-----$"
	multiline = true


And the same goes for the command line:

git commit \
  --sign
	--signing-format=openpgp \
	--signing-openpgp-program="/usr/bin/gpg" \
	--signing-openpgp-keyring="--keyring pubring.kbx --no-default-keyring" \
	--signing-openpgp-identity="--local-user \"Jane Committer <jane@hackers.com>\"" \
	--signing-openpgp-sign="--sign --status-fd=2 --detach-sign --ascii"


As for tool that don't work natively with the signing interface, a support for helper bash or python scripts will be added.


Below in an illustrative model of the expected outcome:

Image Added

Milestones

  •  Submit project proposal (June 18 2019)
  •  Review previous work (June 25)
  •  RFC with the technical design document sent to git mailing list (July 15 2019)
  •  Receive feedback (August 31)
  •  RFC patchbomb to the mailing list (September 30 2019)
  •  Second RFC to the mailing list (October 22 2019)
  •  Reveive Feedback (November 10 2019)
  •  Update code to support the config based approach (November 10 2019)
  •  Implement a Python Indy signing tool for DIDs (November 15 2019)
  •  Refine implementation and follow through to landing (November 3015 2019)

Deliverables

  •  Git documentation
  •  Git signing plugin
  •  Project description and model
  •  Helper signing script template
  •  Stretch deliverable: Indy signing tool
  •  Project presentation
  •  Recorded presentation

Detailed Steps

Update documentation

  •  Git man page
  •  Other documentation

Update user configuration handling

  •  Change existing configuration keys to a more normalized new organization (commit.gpgSign to commit.sign, gpg.program to signing.openpgp.program, gpg.<format>.program to signing.<format>.program)
    •  Debug the git_signing_config and the openpgp_config/x509_config functions and verify that all unit tests pass.
    •  Add new unit tests to verify that all deprecated aliases work as expected and produce good warnings.
    •  Add new unit tests to verify that all new configuration keys work.

Update git script and command handling

  •  Re-organize the commands to normalized naming (git-am --sign, git-cherry-pick --sign, git-commit-tree --sign, git-commit-tree --no-sign, git-commit --sign, git-commit --no-sign, git-rebase --sign, git-revert --sign, merge --sign)
  •  Deprecate old commands and alias them to the new commands (git-am --gpg-sign, git-cherry-pick --gpg-sign, git-commit-tree --gpg-sign, git-commit-tree --no-gpg-sign, git-commit --gpg-sign, git-commit --no-gpg-sign, git-rebase --gpg-sign, git-revert --gpg-sign, merge --gpg-sign)
  •  Implement a config based signing interface


Add Helper scripts template

  •  Bash template
  •  Python template

Testing

  •  Integration testing
  •  Manual testing git with new functionalities and signing programs

...