-
Notifications
You must be signed in to change notification settings - Fork 2
Registry Authentication
You authenticate to the registery via the auth attributes of mntner objects. auth attributes define a public key that is used to verify the maintainers identity and authenticate changes to registry objects.
Pull requests are signed via the git commit has with the submitter's private key. The registry maintainers verify the signature of this commit against the public key listed in the registry. If it passes then the request is approved and the changes are merged.
git log lists all recent commits and will show the commit hash:
commit ec770c23787e206f83a65893bd6c9d935158e1d4 (HEAD -> master, origin/master, origin/HEAD)
Author: someone <[email protected]>
Date: Sat Sep 29 23:23:32 2020 +0000
Update
The only authentication method supported is with PHP keys. You may upload keys to a public keyserver for verification or add them to the registry.
Use the following auth attribute in your mntner object:
auth: pgp-fingerprint <fingerprint>
<fingerprint> is your 40-digit public key fingerprint without spaces
Upload your public key to one of the following public keyservers: keys.openpgp.org, pgp.mit.edu, keyserver.ubuntu.com, sks-keyservers.net
Use the following auth attribute in your mntner object:
auth: PGPKEY-<fprint>
<fprint> is the last 8 digits from your key fingerprint.
Create a key-cert object in data/key-cert/ for your public key named PGPKEY-<fprint>. Browse the registry for examples.
Use git commit -S to commit and sign your change.
You can sign already committed changes using:
git commit --amend --no-edit -S
Use git log --show-signature to show recent commits and signatures.