From 3f732a313ff7b503dada09a81fe666676a8675b1 Mon Sep 17 00:00:00 2001 From: "Lance R. Vick" Date: Fri, 20 Jan 2023 12:57:59 -0800 Subject: [PATCH] Update readme to reflect current function --- README.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c30fbfc..f067d76 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,17 @@ -# Sig # +# sig # -The simple GPG signature toolchain for directories or git repos. +The simple code signature toolchain for git repos. ## Features - * Generate sha256 manifest for all files in directory - * Use git for listing if available - * Add detached signatures to manifest - * Verify manifest has a minimum threshold of unique detached signatures + * Attach any number of signatures to any given git ref * Verify git history contains a minimum threshold of unique commit siguatures * Verify signatures belong to a defined GPG alias group + * Verify code changes made since last time minimum valid signatures were present * Allow user to manually verify new keys and add to alias groups on the fly * Prompt user to install or upgrade any required tools as needed + * Signs aginst git agnostic "tree hash" so signatures survive rebases + * So long as the directory contents at a given ref do not change ## Install @@ -89,6 +89,12 @@ sig verify --threshold 2 sig verify --threshold 3 --group myteam ``` +#### Show diff between HEAD and last ref with 2 verified unique signatures + +``` +sig verify --threshold 2 --diff +` + #### Add signature ```