Hello, This is a follow-up on my previous emails related to the proposal of a new signing interface: https://public-inbox.org/git/CACi-FhDeAZecXSM36zroty6kpf2BCWLS=0R+dUwuB96LqFKuTA@xxxxxxxxxxxxxx/T/#r43cbf31b86642ab5118e6e7b3d4098bade5f5a0a https://public-inbox.org/git/Z2XOTcGuVovMKhcdrrO08KWI2I7L9s0CyFITvvj3jkmGTQPB6FkCiyOtTm6GdYWbnf25dsPD8M08kDCuD37EE1B-sxHQ3se9Kn1zVBrCPZw=@pm.me/T/#u https://public-inbox.org/git/N31G34oKnfr3MVifk42-Kt3YtM_3fHuCp3V1cpGOK5f1jn1vbg1TaSCy9ukI-YD8qRfu4xMcHcPc78xFE0MSwJQWNrSvuQuer9wSNugNRLg=@pm.me/T/#u https://public-inbox.org/git/8AMhjK19PJ35u3LCR57IvtAzOBN5bKK2vUn0Ns-4mmZzK9U14W5CGW5R8aITNXBm78J4Z7nd09RTVKW2pGaB4PnF7p2PireF_vzRST8DngE=@pm.me/T/#u https://public-inbox.org/git/0oTOrSdJdIaEfs3NVkfRmLxjYRvUPkucwwaXPuhCjS2QL3ztRJLfIlBkcpjSRiZQaY70SKSkg8_w20rxnuD4Vu3IbRcGOZM-fht8G7ySEHk=@pm.me/T/#u https://public-inbox.org/git/T4zS1hogOjySpdv7lDjVaZV83KKSeK9fx8m33SIo-e_BH4RtKcm67btmGzTPeflbRnQr7mWjTpObB0hCkX8VkGZElkQbLEgbrETg6Aq4nUg=@pm.me/T/#u https://public-inbox.org/git/74R10RrvOffzj20d_Owd_1WFMh1bWq8mIhEEBSzbhkHfbvW5BLHZj-L-AgHYnpqkxgZdCfW5b72GoIvKHucQz7tdiGZEzietp0IKpU1_wuI=@pm.me/T/#u The main feedback we received from the previous RFCs was that the drivers for external signing tools were still written in C and that we should go more for a configuration based interface. I'v been thinking about how to go about it and would love to have your feedback on my proposed approach: - Implement updated user configuration to define signing tools - Implement a tool-agnostic signing interface in C code - Add the possibility to use bash helper scripts to drive additional tools in case the default interface don't work as intended. - The same configuration aliases can be passed to command line arguments You can find below a detailed description of the proposed config and command line options: https://hackmd.io/ZHsddYXkSmyb6rYajdyGLg https://hackmd.io/yxS9nfiQSvmRZntcfnHOGQ The configuration part would look like this: ``` [signing] format = openpgp [signing "openpgp"] program = "/usr/bin/gpg" keyring = "--keyring pubring.kbx --no-default-keyring" identity = "--local-user \"Jane Committer <jane@xxxxxxxxxxx>\"" sign = "--sign --status-fd=2 --detach-sign --ascii" verify = "--verify --status-fd=2" [signing "openpgp.signature"] regex = "^-----BEGIN PGP SIGNATURE-----$[^-]*^-----END PGP SIGNATURE-----$" multiline = true ``` The equivilent command line to do a digitally signed commit looks like: ``` git commit \ --sign --signing-format=openpgp \ --signing-openpgp-program="/usr/bin/gpg" \ --signing-openpgp-keyring="--keyring pubring.kbx --no-default-keyring" \ --signing-openpgp-identity="--local-user \"Jane Committer <jane@xxxxxxxxxxx>\"" \ --signing-openpgp-sign="--sign --status-fd=2 --detach-sign --ascii" ``` Cheers, Ibrahim