Versions Compared

Old Version 15

changes.mady.by.user Ibrahim El Rhezzali

Saved on

compared with

New Version Current

changes.mady.by.user Ry Jones

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Page properties


TitleGit signing with DIDs
Status

Status
colourBlueGreen
titleProject in ProgressCompleted

Difficulty

Status
colourGreen
titleLOW


...

Dave Huseby, dhuseby@linuxfoundation.org, dhuseby, Hyperledger

Mentee

Ibrahim El Rhezzali

...

Project Plan

Git integration with external signing tools

...

The main sections of the project are updating the user configuration and the command handling when a signing or verifying operation occur. The actions needed in each section can be listed below and will be evolving as the project evolves.

UPDATE: The request for proposal has been sent to the git mailing list and can be tracked here:

https://public-inbox.org/git/CACi-FhDeAZecXSM36zroty6kpf2BCWLS=0R+dUwuB96LqFKuTA@mail.gmail.com/T/#u

The commits that will be submitted as a patch can be found here:

https://github.com/ibrahimel/did-git-impl/commits/did-git-impl-signing-patch


After receiving feedback from the git community, we opted for a config based approch and a tool-agnostic signing interface. Below is the explained approach sent to the mailing list:

https://public-inbox.org/git/R3X1WzWH0sgOh85GuUmXwsTC6CPKysi4TRzN_BPecDVGr__ET2-mitZ2DZA0_bpKkzLRtnTtoomIWxZtL52_1XkihYBVBAuWMpSdwoboixY=@pm.me/T/#u


The user configuration would define the signing tool and other parameters as keys, identity and keychain. It would look like this:

[signing]
  format = openpgp

[signing "openpgp"]
  program = /usr/bin/gpg
	keyring = "--keyring pubring.kbx --no-default-keyring"
	identity = "--local-user \"Jane Committer <jane@hackers.com>\""
	sign = "$program --sign --status-fd=2 --detach-sign --ascii"
	verify = $program --verify --status-fd=2"

[signing "openpgp.signature"]
	regex = "^-----BEGIN PGP SIGNATURE-----$[^-]*^-----END PGP SIGNATURE-----$"
	multiline = true


And the same goes for the command line:

git commit \
  --sign
	--signing-format=openpgp \
	--signing-openpgp-program="/usr/bin/gpg" \
	--signing-openpgp-keyring="--keyring pubring.kbx --no-default-keyring" \
	--signing-openpgp-identity="--local-user \"Jane Committer <jane@hackers.com>\"" \
	--signing-openpgp-sign="--sign --status-fd=2 --detach-sign --ascii"


As for tool that don't work natively with the signing interface, a support for helper bash or python scripts will be added.


Below in an illustrative model of the expected outcome:

Image Added

Image Added

Milestones

  •  Submit project proposal (June 18 2019)
  •  Review previous work (June 25)
  •  RFC with the technical design document sent to git mailing list (July 15 2019)
  •  Receive feedback (August 31)
  •  RFC patchbomb to the mailing list (September 30 2019)
  •  Second RFC to the mailing list (October 22 2019)
  •  Reveive Feedback (November 10 2019)
  •  Update code to support the config based approach (November 10 2019)
  •  Implement a Python Indy signing tool for DIDs (November 15 2019)
  •  Refine implementation and follow through to landing (November 3015 2019)

Deliverables

  •  Git documentation
  •  Git signing plugin
  •  Project description and model
  •  Helper signing script template
  •  Stretch deliverable: Indy signing tool
  •  Project presentation
  •  Recorded presentation

Detailed Steps

Update documentation

  •  Git man page
  •  Other documentation

Update user configuration handling

  •  Change existing configuration keys to a more normalized new organization (commit.gpgSign to commit.sign, gpg.program to signing.openpgp.program, gpg.<format>.program to signing.<format>.program)
    •  Debug the git_signing_config and the openpgp_config/x509_config functions and verify that all unit tests pass.
    •  Add new unit tests to verify that all deprecated aliases work as expected and produce good warnings.
    •  Add new unit tests to verify that all new configuration keys work.

Update git script and command handling

  •  Re-organize the commands to normalized naming (git-am --sign, git-cherry-pick --sign, git-commit-tree --sign, git-commit-tree --no-sign, git-commit --sign, git-commit --no-sign, git-rebase --sign, git-revert --sign, merge --sign)
  •  Deprecate old commands and alias them to the new commands (git-am --gpg-sign, git-cherry-pick --gpg-sign, git-commit-tree --gpg-sign, git-commit-tree --no-gpg-sign, git-commit --gpg-sign, git-commit --no-gpg-sign, git-rebase --gpg-sign, git-revert --gpg-sign, merge --gpg-sign)
  •  Implement a config based signing interface


Add Helper scripts template

  •  Bash template
  •  Python template

Testing

  •  Integration testing
  •  Manual testing git with new functionalities and signing programs

...

These are secondary tasks to do while waiting for feedback or assistance, or finished early:

  •  Learn Rust
  •  Learn about Indy SDK, Indy CLI, and Verifiable Credentials
  •  Signing through the Indy CLI
  •  Contribute to BetterSign