I am working on an open source project right now where we are looking to 
enforce a N of M audit approval process. It turns out that git supports 
verifying multiple signatures because gpg supports signature merging.

My question is how can this workflow best be added into git and if not added 
atleast supported.

Here are the manual procedures (scripts are in the bundle too):

> Procedures:
> 
> 1. Identify a normal commit.
> 2. create a new commit file as:
> parent commit-id-of-step-1
> tree tree-id-from-git-cat-file-commit-commit-id-of-step-1
> author CipherShed Security Team <secur...@ciphershed.org> 
> timestamp timezone
> committer Actual Person <usern...@ciphershed.org> timestamp timezone
> gpgsig output-from-merge-sig-tool [1]
>  more-output
>  more-output
> 
> Comments for this commit
> ...
> ...
> 
> 3. run ruby script [2] to add commit to git db
> 4. git update-ref refs/heads/BRANCH-NAME new-commit-id

To do this most properly I feel like there needs to be a way to "share" the 
repository state and intterrupt the commit process.

Comments?

1: 
$ cat merge-multisigs.sh
#!/bin/bash
(
 for i in "$@"
 do
  gpg --dearmor < "$i"
 done
) | gpg --enarmor

2:
$ cat write-commit.ruby
#!/usr/bin/irb
require 'fileutils'
file = File.open(ARGV[0], "rb")
content = file.read
header = "commit #{content.length}\0"
store = header + content
require 'digest/sha1'
sha1 = Digest::SHA1.hexdigest(store)
require 'zlib'
zlib_content = Zlib::Deflate.deflate(store)
path = '.git/objects/' + sha1[0,2] + '/' + sha1[2,38]
FileUtils.mkdir_p(File.dirname(path))
File.open(path, 'w') { |f| f.write zlib_content }


P.S. This was inspired by actual events and the parent thread.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

Attachment: multisign.bundle
Description: Binary data

Reply via email to