List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Fri, Jun 1, 2012 at 11:12 AM, Andreas K. Huettel
> Now, does the "signed data" also contain the parent sha?
So, I was working on a lengthy email which now would be fairly
repetitive of what Kent posted.
Suffice it to say I managed to rip out a commit from the kde overlay,
deflate it, and compared that the signature:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
-----END PGP SIGNATURE-----
does in fact verify for the payload:
author Johannes Huber <email@example.com> 1338501525 +0200
committer Johannes Huber <firstname.lastname@example.org> 1338501525 +0200
[kde-base/kdelibs] Sync with live.
(Portage version: 2.2.0_alpha108/git/Linux i686, unsigned Manifest commit)
Dump those into a text file and run gpg for yourself... The full
commit contains the gpg signature in a field as already posted by
And while I appreciate the performance boost and space savings
provided by all the compression/packing/etc, I've learned to almost
hate those features with a passion this morning... Getting a cloned
repo unpacked, and the commit decompressed was a bit pita. The other
issue is that the header in the commit file is stripped before it is
signed, the actual start of the commit is "commit 830tree..."