summaryrefslogtreecommitdiff
path: root/cgitrc.5.txt
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-07-05 02:38:33 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2018-07-05 02:40:48 +0200
commit22583c4992852fff08559c35fde7bf6f673d1644 (patch)
tree269818f1b13ea032e246f0cd1cb932770d2ed5d3 /cgitrc.5.txt
parent08a2b1b8f812c6d77489467c8ff120979c297bed (diff)
cgitrc.5: add local tar signature example
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'cgitrc.5.txt')
-rw-r--r--cgitrc.5.txt19
1 files changed, 15 insertions, 4 deletions
diff --git a/cgitrc.5.txt b/cgitrc.5.txt
index 6b4efa2..34b351b 100644
--- a/cgitrc.5.txt
+++ b/cgitrc.5.txt
@@ -775,14 +775,25 @@ through use of git notes. For example, the following command may be used to
add a signature to a .tar.xz archive:
git notes --ref=refs/notes/signatures/tar.xz add -C "$(
- gpg --output - --armor --detach-sign cgit-1.1.tar.xz |
- git hash-object -w --stdin
+ gpg --output - --armor --detach-sign cgit-1.1.tar.xz |
+ git hash-object -w --stdin
)" v1.1
If it is instead desirable to attach a signature of the underlying .tar, this
will be linked, as a special case, beside a .tar.* link that does not have its
-own signature.
-
+own signature. For example, a signature of a tarball of the latest tag might
+be added with a similar command:
+
+ tag="$(git describe --abbrev=0)"
+ git notes --ref=refs/notes/signatures/tar add -C "$(
+ git archive --format tar --prefix "cgit-${tag#v}/" "$tag" |
+ gpg --output - --armor --detach-sign |
+ git hash-object -w --stdin
+ )" "$tag"
+
+Since git-archive(1) is expected to produce stable output between versions,
+this allows one to generate a long-term signature of the contents of a given
+tag.
EXAMPLE CGITRC FILE
-------------------