[Cryptech Tech] Fwd: Second hash via EIM

Rob Austein sra at hactrn.net
Thu Feb 19 21:14:40 UTC 2015


At Thu, 12 Feb 2015 12:42:25 +0300, Шатов Павел wrote:
> 
> Yes, I'd be glad to continue working on this project. Last time we discussed
> this, it was told that I must sign all the code that I upload. Could someone
> give me an instruction on how to do this properly and not break anything,
> please? Unfortunately I'm only familiar with SVN, but not Git.

Apologies for delay in answer this (skiing holiday followed by various
weather-related distractions at home).

There are a number of git tutorials for basic stuff, I can dig out
URLs, or maybe others have favorites.  One I particularly liked
explains all git core operations using graph theory (git commit
objects are the nodes, repository history forms a digraph).

The most obvious difference between svn and git from the casual user's
point of view is that "commit" and "push" are separate operations in
git: you commit to your own repository, then when you're happy with
what you've committed you push one or more commit objects upstream
(well, actually, you can push them anywhere you like, git gives you
kilometers of rope here, but upstream is the most useful place).
Similarly, fetching commits from upstream and checking them out into
one's own working tree are separate operations, although this is a
common enough combination that "git pull" (sometimes) does both.

Stuff specific to our project: yes, we require all commit objects
pushed to the git.cryptech.is repositories to be signed by a known PGP
key, and yes, we're annoyingly serious about this, because we want a
signed audit trail.  As Joachim discovered the hard way, this
requirement includes commit objects generated by "git merge", so one
must remember to specify "-S" to both "git commit" and "git merge" or
use the option to "git merge" which disables automatic commit; there
are equivalent "git config" variables one can set if one doesn't want
to have to remember to specify such things manually every time.

I think i sent you the setup procedure a few weeks ago, let me know if
you need me to send it again.  Summary: I need your PGP and SSH public
keys, the PGP key must be signed by a key I can validate (Basil is the
obvious choice in your case), and the SSH key must be signed by the
PGP key.

Once you're an authorized user (read: have the ability to push stuff
to existing repositories and create new ones), you can just use the
ssh interface:

  $ ssh git at git.cryptech.is help
  $ git clone git at git.cryptech.is:foo/bar.git
  ...

If you have existing clones of our repositories you can switch them
using "git remote", or just clone them again, whatever's easiest.

No doubt we should collect this and all the previous git discussions
in the mailing list archives into a Wiki page when someone has time.



More information about the Tech mailing list