On Fri, Jun 10, 2011 at 7:45 PM, Dan McGee <[email protected]> wrote:
> Thoughts? Other ideas? Things I'm forgetting? I'll withhold my
> preference of option for now to prevent biasing any comments; the
> above should not be seen as order of preference.
I've had the following idea since when I started to help, but never
really tested it. I did it now and it worked. What do you think?
High lever explanation:
1. grab a remote lock by creating a lock directory
2. if previous command succeeded
2.1. locally, scp the repository db file from the remote machine
to the local one
2.2. sign the file locally
2.3. send the signature back to remote
2.4. release the lock
Test implementation:
#!/bin/bash
host="some remote host"
lock="name of lock directory"
filetosign="full path of remote file to sign"
ssh "$host" "mkdir $lock" || res=$?
if [[ -z $res ]] ; then
localfile=$(mktemp)
scp "$host":"$filetosign" "${localfile}"
gpg --detach-sign "${localfile}"
scp "${localfile}".sig "${host}":"${filetosign}".sig
ssh "${host}" "rmdir ${lock}"
fi
I've tested it here and it signed a file from my own machine through
ssh. It had lots of password typing, but that's because I don't use
public key authentication (I don't even start ssh automatically :))
--
A: Because it obfuscates the reading.
Q: Why is top posting so bad?
-------------------------------------------
Denis A. Altoe Falqueto
Linux user #524555
-------------------------------------------
