(Apologies if you receive multiple copies, there is something wrong with my mail client today)
Hi Alexander, I don't know much about the interaction of darcs & PGP, specifically I don't know how to sign individual patches. FWIW here are my thoughts on this. What you should be able to do is sign and verify specific patch bundles. For instance, if you do `darcs send --sign`, it should create a patch bundle signed with your PGP key. (See `darcs help send` for mor options). Then the bundle can be verified with `gpg --verify whatever.dpatch`. Actually, `darcs apply` should check the signature for you, and it will give you an error message if you try to apply a corrupt bundle. Here is what happened when I tried to sneak in a typo in my signed bundle: > $ darcs apply ../*.dpatch > > darcs failed: Patch bundle failed hash! > This probably means that the patch has been corrupted by a mailer. > The most likely culprit is CRLF newlines. However, I don't think this signature is recorded anywhere in the repository. I might be wrong. Hope this helps, - Dan PS: this information should really be available in the FAQ, which doesn't really say much about signing patches. I will update the page if someone will nag me at some point :) On Mon, Jun 6, 2016 at 2:57 PM, Alexander Berntsen <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi. > > With git I rely heavily on OpenPGP-signing every commit with GPG, so > that users can confidently checkout any snapshot of the repository. > > As far as I understand with Darcs, patches can be signed using GPG. > However, I cannot find out how to actually find them. How do I, using > darcs log or similar, actually see the signatures? > > As an aside, as a git user and complete Darcs newbie, my understanding > of the ramifications of patches as first-class citizens is admittedly > lacking, so I am not entirely certain how OpenPGP signatures should > work with Darcs. I just want to make sure I can distribute my software > and patches with a certain guarantee for end-users regarding things > like MitM. If anyone has any documentation or guides I should look at > for this, that would be appreciated. > - -- > Alexander > [email protected] > https://secure.plaimi.net/~alexander > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCgAGBQJXVXNAAAoJENQqWdRUGk8B8bUQAIFOJkbdy/6rur6ZlJ4kg5Ls > pV81mvUFz/IGlO+oxTDD5B9nSpfN7bsC/XxrX4bKpzsfFmQKRoL1dJuH6YowxpZH > qbQ5D4RXJHb2YhqtlraBvtBKEfMT3m191UzABRQtB/ZNUN/jG6KrBRcoXtga1SNB > 4qDkzHgxyPrXsTOekg+9onSPH0ULjLY2LfCkbChSZNFj7i2ZMfUV+jVLmFtICKH2 > dSS3W/h51VY+QuaYM0OgAx1An6SAcJ48kU9byQTy3b3WYAF75qPuwr9kSsHkOIwg > VKGN4bH5HedAko0z+hvKKYsBJXXAr7YEknA45ujn8rRLnx8YIXGZIXravpCi4ff0 > ZHIWi3TGwEsGrsNIvmVF77LbUN7l0eXg/+CsaS5SuNUHLpBaNaRNBNIUNsyWLl62 > CJ41H0sB+A5kBTmEcmEKU3g5WdIqp/r1o7Rl6ZfmkSmkBi5I6dMeHZfTEB2EdU+H > hc2PC9AQI/GQwqzz2FAKu1uIiHNWxN3X/JuBwn80hX5sJAx7lmY886vUVPaRNylL > 1aK1Vhb1b5/L2TaHEhxmUI52ltmTDiBPFGNhBOmVQDCaI8pzttnHB16CwGnt9ySf > 2ym3i12EHBKpJTZmgoKVgS8zQYZ+RdXHiCLBLRsxxV9cSrUeUXLAV63B7+QTE61l > eiZadEKiFfNzMiynv+zY > =jjxR > -----END PGP SIGNATURE----- > _______________________________________________ > darcs-users mailing list > [email protected] > http://lists.osuosl.org/mailman/listinfo/darcs-users >
_______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
