public
/
git-sig
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

address readme comments by @daurnimator

This commit is contained in:
Lance Vick 2023-01-25 18:03:59 -08:00
parent 0301738246
commit 087756fdfc
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -23,18 +23,18 @@ The simple code signature toolchain for git repos.
2. Review source code and signatures manually 2. Review source code and signatures manually
Using sig to verify the signatures of sig itself is not recommended. Using `sig` to verify the signatures of `sig` itself is not recommended.
Consider using the following one liner which is much faster to review: Consider using the following one liner which is much faster to review:
``` ```
while read -r line; do \ while read -r line; do \
gpg --verify \ gpg --verify \
<(printf $line | sed 's/.*pgp://g'| openssl base64 -d -A) \ <(printf "$line" | sed 's/.*pgp://g'| openssl base64 -d -A) \
<(printf $line | sed 's/pgp:.*/pgp/g'); \ <(printf "$line" | sed 's/pgp:.*/pgp/g'); \
done < <(git notes --ref=signatures show) done < <(git notes --ref=signatures show)
``` ```
3. Copy to $PATH 3. Copy to `$PATH`
``` ```
cp sig ~/.local/bin/ cp sig ~/.local/bin/
@ -43,7 +43,7 @@ The simple code signature toolchain for git repos.
## Usage ## Usage
* sig verify [-g,--group=<group>] [-t,--threshold=<N>] [-r,--ref=<ref> ] [-d,--diff=<branch>] * sig verify [-g,--group=<group>] [-t,--threshold=<N>] [-r,--ref=<ref> ] [-d,--diff=<branch>]
* Verify m-of-n signatures by given group are present for a git repo or ref * Verify m-of-n signatures by given group are present for a given git ref.
* sig add * sig add
* Add signature to this git ref * Add signature to this git ref
* sig fetch [-g,--group=<group>] * sig fetch [-g,--group=<group>]