[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnu-arch-users] crypto signing take 2
From: |
Tom Lord |
Subject: |
[Gnu-arch-users] crypto signing take 2 |
Date: |
Mon, 8 Dec 2003 12:51:18 -0800 (PST) |
First) I get the message that tla should _not_ read passphrases.
Second) Here is an alternative approach:
1) As before, the existence of =meta-info/signed-archive
indicates that files are supposed to be signed.
2) A user can have files:
~/.arch-params/=gpg/=default
~/.arch-params/=gpg/<archive-name>
containing the commands to use to sign by default or for
a particular archive. The contents of those files would be
something like:
agpg --detatch-sign --local-user FOO %F
where tla replaces %F by a file name.
(The default default command should presumably be
gpg --detatch-sign %F
)
3) (internals) the arch_pfs_put_file routine will sign files
a new arch_pfs_put_atomic routine will be added
If a regular file is being written to a signed archive,
it gets signed.
In two cases, arch_pfs_put_file is currently used in
combination with arch_pfs_rename as
put_file to temp name
rename from temp name to real name
A convenience function, arch_pfs_put_atomic will be
created that performs those two steps, but knows to
rename the .sig file too.
(Also, as before, native fs support should be modified
to go through the pfs abstraction.)
and that's it.
Two big things are different in this proposal:
1) no special handling of push-mirror
2) no reading of the passphrase by tla
One upshot of this is that if you _don't_ use apgp or some other
agent, you'll get prompted for your passphrase a lot. Oh well.
Another upshot of this is that it lacks a facility for copying
signatures during a push-mirror operation. I'm not sure that that's
really a problem, though -- an rsync hack can be used to update
mirrors where signature copying is desirable.
-t
- [Gnu-arch-users] crypto signing take 2,
Tom Lord <=
Re: [Gnu-arch-users] crypto signing take 2, Karel Gardas, 2003/12/08