On Wednesday 24. October 2012 11:46:15 Michael J Gruber wrote:
> Mat Arge venit, vidit, dixit 22.10.2012 15:38:
> > Hy!
> > 
> > I would like to sign each commit with a X.509 certificate and a private
> > key
> > stored on a PKCS#11 token. I assume that that should be possible somehow
> > using a hook which calls openssl. Does somebody know a working
> > implementation of this?
> > 
> > cheers
> > Mat
> In principle, we have an almost pluggable architecture. See for example
> the latter part of the 2nd post in
> http://article.gmane.org/gmane.comp.version-control.git/175127
> Unless you want to change git itself, you're probably better off storing
> your non-gpg signatures in a note (or a self-created signed tag). 

So, there is no possibility to modify the commit itself via a hook, and add a, 
say, "opensslsig" instead of a gpgsig tag?

> To
> sign the commit rev, you could sign the output of "git cat-file commit
> rev" (or of "git rev-parse rev") and store that signature in a note that
> commit. To verify, you verify the note against the commit.
> Michael

But if I crete/modify a signature file while commiting, that file wouldn't be 
commited itself, so the signatur-file would always be one commit behind. Or am 
I missing something? I'm quite new to git (or DVCSs in general), so sorry if 
this is a dumb question.

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to