-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Streamline usage, installation and configuration of ots-git-gpg-wrapper.sh
#121
base: master
Are you sure you want to change the base?
Changes from all commits
741b0b1
50d4858
116221f
ff6ef6e
31c1bde
9d34cb1
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -112,10 +112,23 @@ To create and verify these signatures we simply wrap the gpg binary with our | |
own code, `ots-git-gpg-wrapper`. Git allows you to override the default GnuPG | ||
binary (`/usr/bin/gpg`) with your own using the `gpg.program` config option. | ||
Unfortunately that option doesn't let you set additional command line flags, so | ||
we use one more wrapper, `ots-git-gpg-wrapper.sh`. You can set all this up with the | ||
following: | ||
|
||
git config --global gpg.program <path to ots-git-gpg-wrapper.sh> | ||
we use one more wrapper, `ots-git-gpg-wrapper.sh`. You can set all this up with | ||
either of the following: | ||
|
||
```bash | ||
# just specify ots-git-gpg-wrapper.sh and let `git` find it itself | ||
git config --global gpg.program ots-git-gpg-wrapper.sh | ||
# manually enter the full path to ots-git-gpg-wrapper.sh | ||
git config --global gpg.program <path/to/ots-git-gpg-wrapper.sh> | ||
# auto-detect the full path using `which` | ||
git config --global gpg.program "`which ots-git-gpg-wrapper.sh`" | ||
``` | ||
|
||
> **Note:** If you get errors that it doesn't find the | ||
> `ots-git-gpg-wrapper.sh`, make sure that your `PATH` includes the | ||
> installation location, e.g. by appending `export | ||
> PATH="$PATH:$HOME/.local/bin"` to your `.bashrc`. You can check the | ||
> installation location with `pip show -f opentimestamps-client`. | ||
|
||
Now try creating a test repository and signing a commit: | ||
|
||
|
@@ -347,3 +360,47 @@ calendar servers: | |
gpg: using RSA key 6399011044E8AFB2 | ||
gpg: Good signature from "Peter Todd <[email protected]>" | ||
gpg: aka "[jpeg image of size 5220]" | ||
|
||
|
||
Configuration | ||
------------- | ||
|
||
The OpenTimestamps GPG wrapper can be configured in the following ways: | ||
|
||
|
||
```bash | ||
# Disable OpenTimestamps for the current repository: | ||
git config opentimestamps.enable false | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Would it be more useful to disable opentimestamps selectively for just log viewing? Also, can you set There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Yes, you can. Without
Sure we can add something like There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
In 31c1bde I implemented picking for which
Finding out which |
||
|
||
# Disable OpenTimestamps by default for all git repositories on this machine: | ||
git config --global opentimestamps.enable false | ||
|
||
# Temporarily (re)enable OpenTimestamps signatures in `git log`: | ||
OPENTIMESTAMPS=true git log --show-signature | ||
|
||
# Temporarily ignore OpenTimestamps signatures in `git log`: | ||
OPENTIMESTAMPS=false git log --show-signature | ||
|
||
# Don't use OpenTimestamps for timestamping for one commit: | ||
OPENTIMESTAMPS=false git commit -m "commit message" | ||
|
||
# Only use OpenTimestamps for `git show` and `git commit` (not e.g. `git log`) | ||
git config --global opentimestamps.only-for show,commit | ||
|
||
# Don't try to use a local Bitcoin node for verification. | ||
# This gets rids of error messages in `git show` and `git log` | ||
# when you don't have a Bitcoin node running. | ||
git config --global opentimestamps.flags '--no-bitcoin' | ||
``` | ||
|
||
Troubleshooting | ||
--------------- | ||
|
||
You can troubleshoot the OpenTimestamps process like this: | ||
|
||
```bash | ||
# Debug the OpenTimeStamps process | ||
GIT_TRACE=true OPENTIMESTAMPS_GIT_GPG_WRAPPER_DEBUG=true OPENTIMESTAMPS_GIT_GPG_WRAPPER_FLAGS='-vvvvv' git log --show-signature | ||
``` | ||
|
||
This however does not seem to work properly for `git commit` unfortunately. |
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You need to change the |
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -16,6 +16,7 @@ | |||||
import bitcoin | ||||||
import logging | ||||||
import subprocess | ||||||
import shutil | ||||||
|
||||||
import git | ||||||
from opentimestamps.core.git import GitTreeTimestamper | ||||||
|
@@ -30,7 +31,7 @@ | |||||
def main(): | ||||||
parser = otsclient.args.make_common_options_arg_parser() | ||||||
|
||||||
parser.add_argument("-g", "--gpg-program", action="store", default="/usr/bin/gpg", | ||||||
parser.add_argument("-g", "--gpg-program", action="store", default=shutil.which("gpg") or "/usr/bin/gpg", | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
Looks like There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Okay. But then it was also unnecessary to provide --gpg-program "`which gpg`" in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. A nice side-effect of specifying the |
||||||
help="Path to the GnuPG binary (default %(default)s)") | ||||||
|
||||||
parser.add_argument('-c','--calendar', metavar='URL', dest='calendar_urls', action='append', type=str, | ||||||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -101,4 +101,7 @@ | |
'ots-git-gpg-wrapper = otsclient.git_gpg_wrapper:main', | ||
], | ||
}, | ||
|
||
# Install the ots-git-gpg-wrapper.sh-script | ||
scripts = ["ots-git-gpg-wrapper.sh"], | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. One issue with installing the script is it'll clutter up tab-completion with another program starting with ots. Is there a better place to put this? Under /usr/lib/ or something? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. See #121 (comment) Not putting it into There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If only the namespace cluttering is the problem with putting the |
||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By "find it itself" doesn't git just use
$PATH
as normal?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Exactly. It is possible to only specify
ots-git-gpg-wrapper.sh
without a full path if it is in thePATH
, which is a convenience as on different machines it can be installed in different places (e.g.~/.local/bin
or/usr/local/bin
or/usr/bin/
, ...). This is a strong argument for putting it into a standard executable location.