Git commit signing #1394
Git commit signing #1394
Conversation
There was a problem hiding this comment.
This is a really thorough job and consequently, easy to review. Thank you.
I have entered a couple of queries as comments, but honestly I am happy for this to be merged and to work any of that stuff out afterwards. See what you think of the comments @scjudd; I'll aim to merge next week, either way.
squaremo
added
the
blocked-rebase
|
@scjudd, this PR has been stale for a while now and we would like to get it merged! Are you still interested in finishing it up or do you want me to take over the remaining part? |
|
Rebased -- almost all the conflicts were trivial (unrelated changes that happened to touch adjacent lines). The exceptions:
|
|
I'm implementing the "inline the GPG key import into fluxd" option; working in git-signing in this repo for now (i.e., it won't appear here yet) |
|
Please feel free to finish this up, sorry for not being able to contribute recently! Thank you all! |
squaremo
added
blocked
and removed
blocked-rebase
hiddeco
force-pushed
the
git-signing
branch
5 times, most recently
from
ccfeab6 to
39b220b
Compare
hiddeco
force-pushed
the
git-signing
branch
4 times, most recently
from
15e80fd to
c0e34ad
Compare
|
Looks good -- I am evaluating at a second or third derivative, now -- Fons, mind having a fresh look? |
|
Will do! I am off today though. |
|
Let's go for the environment variable then!
…On Fri, Mar 1, 2019, 22:45 Hidde Beydals ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In git/working.go
<#1394 (comment)>:
> SetAuthor bool
SkipMessage string
+ GPGHomeDir string
I have been playing around with the idea (after the brief discussion we
had in private) and I think GNUPGHOME should still be configurable from
*outside* the package.
Overwriting the var in a test in the git package is great but prevents
packages using the machinery to sign commits as they have no control over
GNUPGHOME.
This leaves us with two options; we either put it into the Config struct
or we allow inheritance of the GNUPGHOME env variable. The latter being a
lot cleaner and even helpful to our users as they now have control over
where their imported keys are stored.
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#1394 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ACQOJFJSwOGj7K2oO-UMoFPnZz0sOZFBks5vSa2lgaJpZM4W67cE>
.
|
This is needed in order to set GNUPGHOME during testing.
Currently needed only for testing, since we will be creating a temporary GPG keyring and will need to be able to signal that it should be used for signed commits.
We will be testing that this value equals the expected signing key.
Accidentally left this in from a previous iteration. Derp.
The working checkout already holds the configuration for git, which includes the key that should be used when doing signing operations with git. Default to the one in the configuration but leave the option open to pass along a different key for specific operations.
Besides code reduction this gives more control to the user as they can now set an alternative path where we import their precious keys. In theory they could even skip the import and just configure the GNUPGHOME to a directory pre-loaded with keys.
|
@scjudd it only took us 5 months but this has finally landed in |
This adds support for flux to sign git commits made to the central config repo. This is important for security-minded users who want to make sure that all commits to the config repo come from an authenticated source, and is the first step towards the larger goal of optionally having flux only apply changes if the latest config has a valid signature from a trusted key.