From ceb0d2f3ed480bc90ac30227ba06e1c113123d26 Mon Sep 17 00:00:00 2001 From: Ben Grande Date: Fri, 25 Oct 2024 11:22:21 +0200 Subject: [PATCH] doc: verify tags pointing at checked out commit Avoid failing on commits that were created by contributors but has signed tag created by the maintainer. Fix: https://github.com/ben-grande/qusal/issues/106 --- docs/INSTALL.md | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 340bebe..23002ca 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -86,7 +86,23 @@ this procedure](https://www.qubes-os.org/doc/how-to-copy-from-dom0/#copying-to-d ```sh git verify-commit HEAD - git submodule foreach git verify-commit HEAD + ``` + + In case the commit verification failed, you can try to verify if any tag + pointing at that commit succeeds: + + ```sh + tag_list="$(git tag --points-at=HEAD)" + verification=0 + for tag in ${tag_list}; do + if git verify-tag "${tag}" + verification=1 + break + fi + done + if test "${verification}" = "0"; then + false + fi ``` 6. Copy the project to the Salt directories: @@ -134,18 +150,12 @@ with the sys-git formula. git -C ~/src/qusal submodule update --merge ``` -4. Verify the commit or tag signature and expect a good signature, be - surprised otherwise (signature verification on submodules is skipped if - checking out but not merging): - - ```sh - git verify-commit HEAD - git submodule foreach git verify-commit HEAD - ``` +4. Verify the commit or tag signature as shown in + [Dom0 Installation](#dom0-installation). 5. Copy the project to the Salt directories: - ``` + ```sh ~/src/qusal/scripts/setup.sh ``` @@ -176,13 +186,8 @@ files from being tracked and signature verification won't catch it. UPDATES_MAX_FILES=10000 qvm-copy-to-dom0 "${qube}" "${file}" ``` -3. Verify the commit or tag signature and expect a good signature, be - surprised otherwise: - - ```sh - git verify-commit HEAD - git submodule foreach git verify-commit HEAD - ``` +3. Verify the commit or tag signature as shown in + [Dom0 Installation](#dom0-installation). 4. Copy the project to the Salt directories: