Signing revisions in place
Jens Alfke
jens at mooseyard.com
Wed Oct 3 16:50:45 CDT 2007
On 3 Oct '07, at 1:49 PM, Dustin Sallings wrote:
> It's unclear how you'd sign your own changeset in your changeset,
> though. In the case of gnu arch, the signature was a separate file
> from the patch tarball itself. If it's possible to do something
> similar in mercurial, then it'd make sense.
That's what I tried to describe in the email that started this thread...
In a nutshell: When creating the revlog entry for a revision (the
manifest hash + metadata + checkin comment), generate a signature of
the entry and then append the signature to the entry, before adding it
to the revlog. So in effect, every checkin comment would end with a
bit of hex containing the signature.
To verify the signature: Get the revlog entry corresponding to the
changeset, cut out the last sizeof(signature) bytes, then validate
that those bytes form a valid signature of the remaining bytes.
--Jens
More information about the Mercurial
mailing list