public
/
git-sig
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update readme to reflect current function

This commit is contained in:
Lance Vick 2023-01-20 12:57:59 -08:00
parent 45bbee7161
commit 3f732a313f
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@ -1,17 +1,17 @@
# Sig # # sig #
The simple GPG signature toolchain for directories or git repos. The simple code signature toolchain for git repos.
## Features ## Features
* Generate sha256 manifest for all files in directory * Attach any number of signatures to any given git ref
* Use git for listing if available
* Add detached signatures to manifest
* Verify manifest has a minimum threshold of unique detached signatures
* Verify git history contains a minimum threshold of unique commit siguatures * Verify git history contains a minimum threshold of unique commit siguatures
* Verify signatures belong to a defined GPG alias group * Verify signatures belong to a defined GPG alias group
* Verify code changes made since last time minimum valid signatures were present
* Allow user to manually verify new keys and add to alias groups on the fly * Allow user to manually verify new keys and add to alias groups on the fly
* Prompt user to install or upgrade any required tools as needed * Prompt user to install or upgrade any required tools as needed
* Signs aginst git agnostic "tree hash" so signatures survive rebases
* So long as the directory contents at a given ref do not change
## Install ## Install
@ -89,6 +89,12 @@ sig verify --threshold 2
sig verify --threshold 3 --group myteam sig verify --threshold 3 --group myteam
``` ```
#### Show diff between HEAD and last ref with 2 verified unique signatures
```
sig verify --threshold 2 --diff
`
#### Add signature #### Add signature
``` ```