| 1 |
On Fri, Jun 1, 2012 at 11:12 AM, Andreas K. Huettel |
| 2 |
<dilfridge@g.o> wrote: |
| 3 |
> Now, does the "signed data" also contain the parent sha? |
| 4 |
> |
| 5 |
|
| 6 |
So, I was working on a lengthy email which now would be fairly |
| 7 |
repetitive of what Kent posted. |
| 8 |
|
| 9 |
Suffice it to say I managed to rip out a commit from the kde overlay, |
| 10 |
deflate it, and compared that the signature: |
| 11 |
|
| 12 |
-----BEGIN PGP SIGNATURE----- |
| 13 |
Version: GnuPG v2.0.18 (GNU/Linux) |
| 14 |
|
| 15 |
iQEcBAABCgAGBQJPx+mcAAoJEO+t9ga+3I3aqLoH/0OrRA1+NPRHGfbbLoQrqMwl |
| 16 |
sB+2It2Pb9LfPjEme+lrQu5WgFY4j7k0qd2ZYdnXM7JdQjsqmpfAMloHh5JN4TAS |
| 17 |
4vk8+u2GJCYgzL/SY5XlPl2l8dT91PhQJSN0yVt4Q9TsoN3nzVpFBjACJCy9R6j2 |
| 18 |
HrXvz/g3+MqY/9VesV8IiVgvQUTVgCdh8zBJ2rVyWAVH0bErsn518aiwEyfzNOxA |
| 19 |
1qJxxgGJLMpXp+nI8rnmhqTAAKiNA+byAKAsTEl3LS7OvQZ51aOCwa4A2GLOn2ef |
| 20 |
5JmuYQG5/FsS0RfXrqk72PiStTBWa3TakHYrgNXOXlslIR5AIB2tYnXqZcdEqYQ= |
| 21 |
=fucY |
| 22 |
-----END PGP SIGNATURE----- |
| 23 |
|
| 24 |
does in fact verify for the payload: |
| 25 |
--start-- |
| 26 |
tree 7d7f97cded40158d0f580ca6fbe97398d5c867f8 |
| 27 |
parent 14d7d9cb2219f64c7a715d8da0bbe48a32c9dad8 |
| 28 |
author Johannes Huber <johu@g.o> 1338501525 +0200 |
| 29 |
committer Johannes Huber <johu@g.o> 1338501525 +0200 |
| 30 |
|
| 31 |
[kde-base/kdelibs] Sync with live. |
| 32 |
|
| 33 |
(Portage version: 2.2.0_alpha108/git/Linux i686, unsigned Manifest commit) |
| 34 |
--end-- |
| 35 |
|
| 36 |
Dump those into a text file and run gpg for yourself... The full |
| 37 |
commit contains the gpg signature in a field as already posted by |
| 38 |
Kent. |
| 39 |
|
| 40 |
And while I appreciate the performance boost and space savings |
| 41 |
provided by all the compression/packing/etc, I've learned to almost |
| 42 |
hate those features with a passion this morning... Getting a cloned |
| 43 |
repo unpacked, and the commit decompressed was a bit pita. The other |
| 44 |
issue is that the header in the commit file is stripped before it is |
| 45 |
signed, the actual start of the commit is "commit 830tree..." |
| 46 |
|
| 47 |
Rich |
Archives