On 07.07.21 08:26, Bagas Sanjaya wrote:
On 06/07/21 15.19, Fabian Stelzer via GitGitGadget wrote:
From: Fabian Stelzer <fs@xxxxxxxxxxxx>
set gpg.format = ssh and user.signingkey to a ssh public key string
(like from an
authorized_keys file) and commits/tags can be signed using the private
key from your ssh-agent.
Verification uses a allowed_signers_file (see ssh-keygen(1)) which
defaults to .gitsigners but can be set via gpg.ssh.allowedsigners
A possible gpg.ssh.revocationfile is also passed to ssh-keygen on
verification.
needs openssh>8.2p1
Why did you choose to implement SSH-based signing as GPG interface?
Why not create similar one?
If at later times we need to implement other signing methods (besides
GPG and SSH), we can refactor gpg-interface into generic signing
interface (say `signing.h`) and let each signing methods implement
from it.
I agree that a general purpose "signing" would be cleaner. The GPG
kewords are scattered all over the codebase but all the paths i found
just call the generic sign_buffer / verify_signed_buffer from
gpg-interface.c in the end whose api works quite well for other signing
mechanisms as well. I will rename some struct fields to be more generic
and adjust a few messages printed to the user which currently say things
like "gpg failed to sign the data" or "has a gpg signature" to be
generic. Do we just want to call this "signature" and remove the gpg
prefix or would that be too generic?
Refactoring the whole gpg part to a generic "signing" would be quite
involved and should probably be a different patch even though its mostly
renaming stuff.
If we want to go into that direction i could add the new config keys
under signing.* (signing.format = ssh|gpg, ...) and keep the
compatibility for the older gpg.* keys.
