我正在试图弄清楚如何手动签署/验证提交,但我无法弄清楚正在签署哪些数据来创建签名.换句话说,我想不出什么在
gpg --verify
需求如此.
这是git源代码的相关部分:https://github.com/git/git/blob/master/commit.c#L1047-L1231但我也是C.的新手.
这是一些示例数据:
在一个新的git仓库中,我创建了一个文件ledger.txt
并使用签名提交提交它:
git config --global user.signingkey 7E482429
git init
echo "EAC5-531F-38E8-9670-81AE-4E77-C7AA-5FC3-7E48-2429 1\n" > ledger.txt
git add ledger.txt
git commit -m "Initial commit" --gpg-sign=7E482429
在这里它是在日志中:
git log --show-signature
commit 876793da21833b5b8197b08462523fd6aad3e5ba
gpg: Signature made Fri May 9 20:01:55 2014 CDT using RSA key ID 7E482429
gpg: Good signature from "Dan Neumann "
Author: Dan Neumann
Date: Fri May 9 20:01:55 2014 -0500
Initial commit
这是漂亮的打印提交对象(它存在于.git/objects/87/6793da21833b5b8197b08462523fd6aad3e5ba
):
git cat-file -p 876793da21833b5b8197b08462523fd6aad3e5ba
tree 70e7c184c3a89c749174b4987830c287fd78952d
author Dan Neumann 1399683715 -0500
committer Dan Neumann 1399683715 -0500
gpgsig -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJTbXqDAAoJEMeqX8N+SCQpTBIH/3zCpf0w0+xp8hkwz7dTV9Bw
ercZp4UpxKV1HgqCxu2r/nGIuZyabLwTis1rcwXOVC4DgRxO0f2BiP0xnyL3OhJu
CKh8l+HZvvGqVH3Dopm0D/kOxDAWHcjokbyzWBbYJX6WhvT8OI7SSYmwuF4r610h
hkZ1xgjo4p1x9WegY296PzA1wEe6yy9BvvdIpJHoqBVKClgFrZvtE5PidbrAyLGF
Kl/2f0K3peBdo6XP0Zaml8NyQlFmAlCV831hHgUmZsBSRpgh/WNvrDSNILTlFJgY
BOPb2yPP+tiJOXYB66MsjQY9GlX7n43miu5wMtdk1AGqh+26OExbSrZcYVFLk4w=
=sRee
-----END PGP SIGNATURE-----
Initial commit
以下是提交对象文件的实际内容:
hexdump .git/objects/87/6793da21833b5b8197b08462523fd6aad3e5ba | \
zlib-decompress | \
bin-to-ascii
commit 671\0tree 70e7c184c3a89c749174b4987830c287fd78952d\nauthor Dan Neumann 1399683715 -0500\ncommitter Dan Neumann 1399683715 -0500\ngpgsig -----BEGIN PGP SIGNATURE-----\n Version: GnuPG v1\n \n iQEcBAABAgAGBQJTbXqDAAoJEMeqX8N+SCQpTBIH/3zCpf0w0+xp8hkwz7dTV9Bw\n ercZp4UpxKV1HgqCxu2r/nGIuZyabLwTis1rcwXOVC4DgRxO0f2BiP0xnyL3OhJu\n CKh8l+HZvvGqVH3Dopm0D/kOxDAWHcjokbyzWBbYJX6WhvT8OI7SSYmwuF4r610h\n hkZ1xgjo4p1x9WegY296PzA1wEe6yy9BvvdIpJHoqBVKClgFrZvtE5PidbrAyLGF\n Kl/2f0K3peBdo6XP0Zaml8NyQlFmAlCV831hHgUmZsBSRpgh/WNvrDSNILTlFJgY\n BOPb2yPP+tiJOXYB66MsjQY9GlX7n43miu5wMtdk1AGqh+26OExbSrZcYVFLk4w=\n =sRee\n -----END PGP SIGNATURE-----\n\nInitial commit\n
PoKo.. 5
在读取commit_tree_extended中的代码后,似乎用于签名的数据是从"树"到注释末尾的部分,当然不包括签名.
在您的示例中,它应该是:
tree 70e7c184c3a89c749174b4987830c287fd78952d
author Dan Neumann 1399683715 -0500
committer Dan Neumann 1399683715 -0500
Initial commit
来自git源码:
缓冲区的初始化:
strbuf_init(&buffer, 8192); /* should avoid reallocs for the headers */ strbuf_addf(&buffer, "tree %s\n", sha1_to_hex(tree));
父提交遍历:
/* * NOTE! This ordering means that the same exact tree merged with a * different order of parents will be a _different_ changeset even * if everything else stays the same. */ while (parents) { struct commit_list *next = parents->next; struct commit *parent = parents->item; strbuf_addf(&buffer, "parent %s\n", sha1_to_hex(parent->object.sha1)); free(parents); parents = next; }
人/日期信息:
if (!author) author = git_author_info(IDENT_STRICT); strbuf_addf(&buffer, "author %s\n", author); strbuf_addf(&buffer, "committer %s\n", git_committer_info(IDENT_STRICT)); if (!encoding_is_utf8) strbuf_addf(&buffer, "encoding %s\n", git_commit_encoding); while (extra) { add_extra_header(&buffer, extra); extra = extra->next; } strbuf_addch(&buffer, '\n');
评论和编码检查:
/* And add the comment */ strbuf_addbuf(&buffer, msg); /* And check the encoding */ if (encoding_is_utf8 && !verify_utf8(&buffer)) fprintf(stderr, commit_utf8_warn);
这就是签约发生的地方.标题将在标题后添加.
if (sign_commit && do_sign_commit(&buffer, sign_commit)) return -1;
如果您的提交有一些,那么也会有父信息.