On Wednesday 24. October 2012 11:46:15 Michael J Gruber wrote: > Mat Arge venit, vidit, dixit 22.10.2012 15:38: > > Hy! > > > > I would like to sign each commit with a X.509 certificate and a private > > key > > stored on a PKCS#11 token. I assume that that should be possible somehow > > using a hook which calls openssl. Does somebody know a working > > implementation of this? > > > > cheers > > Mat > > In principle, we have an almost pluggable architecture. See for example > the latter part of the 2nd post in > > http://article.gmane.org/gmane.comp.version-control.git/175127 > > Unless you want to change git itself, you're probably better off storing > your non-gpg signatures in a note (or a self-created signed tag). So, there is no possibility to modify the commit itself via a hook, and add a, say, "opensslsig" instead of a gpgsig tag? > To > sign the commit rev, you could sign the output of "git cat-file commit > rev" (or of "git rev-parse rev") and store that signature in a note that > commit. To verify, you verify the note against the commit. > > Michael But if I crete/modify a signature file while commiting, that file wouldn't be commited itself, so the signatur-file would always be one commit behind. Or am I missing something? I'm quite new to git (or DVCSs in general), so sorry if this is a dumb question. cheers Mat -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html