[ANN] autosign extension
Arne Babenhauserheide
arne_bab at web.de
Wed May 13 14:32:44 CDT 2009
On Wednesday, 13. May 2009 16:52:12 Hans Meine wrote:
> That was also my first thought, but wouldn't that make the implementation
> of checksigs difficult? I.e. every sig would have to be checked with the
> corresponding .hgkeys from the previous revision.
That's true, but I see it as the only way to be able to ensure a repositories
integrity.
It could be optimized by caching the .hgkeys as long as no other revision
changes it (.hgkeys shouldn't change too often).
In pseudocode (DOESN'T RUN!):
res = []
keycache = []
for rev in revlog.walk("null", "tip"):
parent = rev.parent() # TODO: Take care of merges
parent_files = (hg log -r parent --template="{files}").split()
if ".hgkeys" in parent_files and is_signed(parent):
keycache = load_keycache(rev=parent)
r = verify(ref, keycache)
res.append(r)
Doing that in real code should provide full verification and could also be
used to verify incoming changes (and to reject them if the signatures aren't
valid).
This scheme requires trust in all whose keys are in the .hgkeys (since they
can change the trusted keys). But it really ensures that the committers are
the ones who own the respective private keys (and it's always possible to
track who added which key - at least one owner of a known key will be
identifiable).
Best wishes,
Arne
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
- singing a part of the history of free software -
http://infinite-hands.draketo.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://selenic.com/pipermail/mercurial/attachments/20090513/3a7bbfda/attachment.pgp
More information about the Mercurial
mailing list