Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New feat: verify gpg signature on commits, merge, tag #42

Merged
merged 1 commit into from
May 19, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .bashlava_env.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ CFG_USER_IS="${USER}"
CFG_EDGE_EXTENTED="false" # not coded yet
CFG_LOG_LINE_NBR_SHORT="4" # log() default line number
CFG_LOG_LINE_NBR_LONG="12" # log() default line number
CFG_TAG_ARE_SIGNED="false"
CFG_RELEASE_POPUP="false" # not coded yet

CFG_TEST_SHOW_VARS="false" # test extension
Expand Down
3 changes: 2 additions & 1 deletion .bashlava_env_override.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,5 @@ APP_NAME="bashlava"
GITHUB_USER="firepress-org"
APP_VERSION="1.47.0"

CFG_USE_PRIVATE_DIRECTORY="true"
CFG_USE_PRIVATE_DIRECTORY="true"
CFG_TAG_ARE_SIGNED="true"
42 changes: 32 additions & 10 deletions bashlava.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,15 @@ PRIORITY 1 _____________________________________________________________________


TODO
## New feat: gc() one core fct + 5 childs to use git-crypt
- gc h(), add /docs/help_gitcrypt.md
- (h) update /docs/help.md
New feat: verify gpg signature on commits, merge, tag
- Add config: CFG_TAG_ARE_SIGNED
- update dummy()
- update commit()
- in ~/.gitconfig
- signingKey = 466798446A36CC66A9AA58BEBEF00F535005628E
- gpgsign = true
- Impact on: #4, #8

## Minor
- Update README.md

TODO
gc()
CONFIG: is if key is: symetric OR pub/priv
Expand Down Expand Up @@ -221,7 +222,19 @@ function commit { # User_
Condition_Attr_2_Must_Be_Provided
_from_fct="c"

git status && git add -A && git commit -m "${input_2}" && git push
git status && git add -A

if [[ "${CFG_TAG_ARE_SIGNED}" == "true" ]]; then
git commit -S -m "${input_2}"
echo "WIP commit should be signed"
elif [[ "${CFG_TAG_ARE_SIGNED}" == "false" ]]; then
git commit -m "${input_2}"
echo "WIP commit is NOT signed"
else
my_message="FATAL: tag" && Print_Fatal
fi

git push

Show_What_Was_Done
git --no-pager log --decorate=short --pretty=oneline --abbrev-commit -n"${CFG_LOG_LINE_NBR_SHORT}"
Expand Down Expand Up @@ -353,7 +366,16 @@ function tag { # User_
#Condition_Attr_2_Must_Be_Empty
_from_fct="t"

git tag ${APP_VERSION} && git push --tags && echo
if [[ "${CFG_TAG_ARE_SIGNED}" == "true" ]]; then
git tag -s "${APP_VERSION}" -m "tag: {APP_VERSION} using bashlava"
elif [[ "${CFG_TAG_ARE_SIGNED}" == "false" ]]; then
git tag "${APP_VERSION}"
else
my_message="FATAL: tag" && Print_Fatal
fi

git push --tags
echo
Show_Version
Show_Tag

Expand Down Expand Up @@ -473,10 +495,10 @@ function dummy { # User_
_from_fct="d"
_in_file="./docs/DUMMY.md"

# create a commit X time the update
# create two commits in a row
for lineID in $(seq 1 2); do
date_nano="$(date +%Y-%m-%d_%HH%Ms%S-%N)"
_hash=$(echo ${date_nano} | sha256sum | awk '{print $1}')
_hash=$(echo "${date_nano} ${lineID}" | sha256sum | awk '{print $1}')
_hash_four_last="${_hash: -4}"
echo "Dummy Commit ${lineID} - $(date +%Y-%m-%d_%HH%M_%S) - ${_hash}" >> "${_in_file}"
git add -A && git commit -m "Dummy Commit ${lineID} - ${_hash_four_last}"
Expand Down
12 changes: 7 additions & 5 deletions docs/help_gitcrypt.md
Original file line number Diff line number Diff line change
Expand Up @@ -131,12 +131,12 @@ You should use public/private keys which is much more secure.

## As a USER_DEV

As a USER_DEV must create a key
`gpg --gen-key`

As a USER_DEV, check the gpg keys
`gpg --list-keys`

As a USER_DEV must create a key
`gpg --gen-key`

As a USER_DEV, check the gpg keys and list the keys and copy the key ID (KEY_ID ex: 9F9VD135y67289ACGGD349E8S345TSRY4ECC53):

`gpg --list-keys`
Expand Down Expand Up @@ -184,8 +184,8 @@ Symetric steup: It's a good idea to have ../git-crypt-key as an absolut path to
export/backup your keys:

```
gpg --output public.pgp --armor --export [email protected]
gpg --output private.pgp --armor --export-secret-key [email protected]
gpg --output public.pgp --armor --export [email protected]
gpg --output private.pgp --armor --export-secret-key [email protected]
```

source: https://unix.stackexchange.com/a/482559
Expand All @@ -195,6 +195,8 @@ source: https://unix.stackexchange.com/a/482559
- https://hackernoon.com/things-you-must-know-about-git-crypt-to-successfully-protect-your-secret-data-kyi3wi6
- https://buddy.works/guides/git-crypt
- https://medium.com/@ahmed.kamel/git-crypt-unattended-unlock-with-gpg-passphrase-in-docker-f0aa39b85a
- manage gpg key to sign commits on github - https://www.youtube.com/watch?v=4166ExAnxmo
- code ~/.gitconfig

## What is great

Expand Down