[darcs-users] Re: signing of patches

Karel Gardas kgardas at objectsecurity.com
Tue Dec 7 12:18:29 UTC 2004 

Hello,

seeing complexity of dealing with signed patches in darcs, I'm more and
more inclined to use as simple as possible model which should be enough
for near future and which should be 100% compatible with current darcs,
i.e. no intrusive darcs repository changes. Thinking about this, I would
like to get back to my most simple proposal which is (described as shell
script) below. IMHO something like that is very simple, compatible with
current darcs, secure and allow us to think about more general and/or
complex solution for future darcs version(s). Limitations are:
single-commiter repositories only (in untrusted domain), rsync usage for
push to untrusted domain. Of course we should use sha1 instead of md5 used
in script below and we probably don't need to check for prefs changes
neither...

What do you think? Especially what do you think about this model
limitations?

Thanks,
Karel

On Sat, 4 Dec 2004, Karel Gardas wrote:

> Well, if the issue is just consistency of repository, then we can also use
> the most simple way like:
>
> thinkpad:~/hacking/_darcs$ find checkpoints/ inventories/ patches/ prefs/ -type f|xargs md5sum > security-context
> thinkpad:~/hacking/_darcs$ md5sum inventory >> security-context
> thinkpad:~/hacking/_darcs$ gpg --sign --detach security-context
>
> You need a passphrase to unlock the secret key for
> user: "Karel Gardas <kgardas at objectsecurity.com>"
> 1024-bit DSA key, ID 727B5086, created 2001-03-28
>
> thinkpad:~/arch/devel/hacking/_darcs$
>
> A verification is then simple reverse process:
>
> thinkpad:~/hacking/_darcs$ gpg --verify security-context.sig
> gpg: Signature made Sat Dec  4 21:49:31 2004 CET using DSA key ID 727B5086
> gpg: Good signature from "Karel Gardas <kgardas at objectsecurity.com>"
> gpg:                 aka "Karel Gardas <kgardas at iol.cz>"
> thinkpad:~/hacking/_darcs$
> thinkpad:~/arch/devel/hacking/_darcs$ md5sum -c security-context
> thinkpad:~/arch/devel/hacking/_darcs$

--
Karel Gardas                  kgardas at objectsecurity.com
ObjectSecurity Ltd.           http://www.objectsecurity.com

More information about the darcs-users mailing list