Re: [PATCH 8/8] gpg-interface: handle alternative signature types
- Date: Tue, 10 Apr 2018 18:35:04 +0900
- From: Junio C Hamano <gitster@xxxxxxxxx>
- Subject: Re: [PATCH 8/8] gpg-interface: handle alternative signature types
Ben Toews <mastahyeti@xxxxxxxxx> writes:
> From: Ben Toews <btoews@xxxxxxxxxx>
> Currently you can only sign commits and tags using "gpg".
> have asked before on the list about using OpenBSD signify).
> - Use this custom program instead of "`gpg`" found on `$PATH` when
> - making or verifying a PGP signature. The program must support the
> - same command-line interface as GPG, namely, to verify a detached
> - signature, "`gpg --verify $file - <$signature`" is run, and the
> - program is expected to signal a good signature by exiting with
> - code 0, and to generate an ASCII-armored detached signature, the
> - standard input of "`gpg -bsau $key`" is fed with the contents to be
> + The name of the program on `$PATH` to execute when making or
> + verifying a signature.
I think you do not want "on `$PATH`", as you should be able to
specify a full path /opt/some/where/not/on/my/path/pgp and have it
work just fine. The mention of "found on `$PATH`" in the original
is talking about the behaviour _WITHOUT_ the configuration, i.e. by
default we just invoke "gpg" and expect that it is found in the
usual measure, i.e. being on user's $PATH. What you are describing
in this updated explanation is what happens _WITH_ the configuration.
> + This program will be used for making
> + signatures if `<name>` is configured as `signingtool.default`.
> + This program will be used for verifying signatures whose PEM
> + block type matches `signingtool.<name>.pemtype` (see below). The
> + program must support the same command-line interface as GPG.
> + To verify a detached signature,
> + "`gpg --verify $file - <$signature`" is run, and the program is
> + expected to signal a good signature by exiting with code 0.
> + To generate an ASCII-armored detached signature, the standard
> + input of "`gpg -bsau $key`" is fed with the contents to be
> signed, and the program is expected to send the result to its
> - standard output.
> + standard output. By default, `signingtool.gpg.program` is set to
> + `gpg`.
I do not think the description is wrong per-se, but reading it made
me realize that with this "custom" program, you still require that
the "custom" program MUST accept the command line options as if it
were an implementation of GPG. Most likely you'd write a thin
wrapper to call your custom program with whatever options that are
appropriate when asked to --verify or -bsau (aka "sign")? If that
is the case, I have to wonder if such a wrappper program can also
trivially reformat the --- BEGIN WHATEVER --- block and behave as if
it were an implementation of GPG. That makes the primary point of
this long series somewhat moot, as we won't need that pemtype thing
at all, no?
> + The PEM block type associated with the signing tool named
> + `<name>`. For example, the block type of a GPG signature
> + starting with `-----BEGIN PGP SIGNATURE-----` is `PGP
> + SIGNATURE`. When verifying a signature with this PEM block type
> + the program specified in `signingtool.<name>.program` will be
> + used. By default `signingtool.gpg.pemtype` contains `PGP
> + SIGNATURE` and `PGP MESSAGE`.
As Eric noted elsewhere, I suspect that it is cleaner and more
useful if this were *NOT* "pemtype" but were "boundary", i.e.
letting "-----BEGIN PGP SIGNATURE-----\n" string be specified.
> + The `<name>` of the signing tool to use when creating
> + signatures (e.g., setting it to "foo" will use use the program
> + specified by `signingtool.foo.program`). Defaults to `gpg`.
Will there be a command line option to say "I may usually be using
whatever I configured with signingtool.default, but for this single
invocation only, let me use something else"? Without such a command
line option that overrides such a default, I do not quite get the
point of adding this configuration variable.