通过 API 创建签名提交
Creating a signed commit via API
我正在 GitHub 工作流程中通过 API 创建签名提交,所以我只阅读文档 https://developer.github.com/v3/git/commits/#create-a-commit
我正在创建一个带有示例数据树的负载文件
827efc6d56897b048c772eb4087f854f46256132 parent
7d1b31e74ee336d15cbd21741bc88a537ed063a0 author Mona Octocat
<octocat@github.com> 1215576810 +1200 committer Mona Octocat
<octocat@github.com> 1215576810 +1200
my commit message
但是我在签名提交中变得无效 我想知道通过 API 进行签名提交实际上需要什么,因为我找不到任何博客或 post.
首先,您应该尝试了解 Git 提交是如何签名的。
要保存一些文本,请参阅 What data is being signed when you `git commit --gpg-sign=<key-id>`? for details of the signed data - I'm going to only reproduce it here. Apparently you won't have GitHub's private key, so you must bring your own key. Upload it in GitHub settings 使其成为“可信”。
首先,在本地执行 to-be-signed 提交,以便获得提交数据。例如,在撰写此答案时,我正在使用存储库的 the HEAD
commit:
~ $ cd iBug-source
~/iBug-source $ git log -1 HEAD
commit 351e7fe08176e35a9e4c91be2122921ada3cac3a (HEAD -> master, origin/master, origin/HEAD)
Author: iBug <git@ibugone.com>
Date: Mon Nov 16 02:51:19 2020 +0800
Force redirect
从 Git 中提取 GPG 签名的有效负载(消息部分)。您需要去掉尾随的换行符(就像我对 perl
所做的那样)。
~/iBug-source $ git cat-file commit HEAD
tree fe9d12667f47065738ebcb3f6dd665a4150be267
parent fb4c5fb11f79142fc1f6f86fd7442274839626fb
author iBug <git@ibugone.com> 1605466279 +0800
committer iBug <git@ibugone.com> 1605466626 +0800
Force redirect
~/iBug-source $ git cat-file commit HEAD | perl -pe 'chomp if eof' > commit
现在我在 commit
文件中有了消息负载。我想使用我自己的密钥创建签名。
因为 Git 需要 SHA-1 签名算法,所以我向 CLI 调用提供了 --digest-algo SHA1
。我还添加了--clear-sign
(仅签名,不包括消息body)和--armor
(输出ASCII装甲格式)
~/iBug-source $ gpg --clear-sign --digest-algo SHA1 --armor --local-user 0xA2C63304 commit
上述命令生成了包含以下内容的文件 commit.asc
:
-----BEGIN PGP SIGNATURE-----
iQIzBAEBAgAdFiEE1KqdrSj5MOe58w687j9yiKLGMwQFAl+ynVQACgkQ7j9yiKLG
MwR21BAAp3pzyUhA2/5tn/DrO+bbD9X9BQ6GHLHtiaG8gjuWmaGHzjR2XUugTrRl
aOluWR6//yNR9Uf3qIyxZahRYWYVy3Pl2UK8C+4s4alo7IjiF/7oKD3OVu5bjLvm
GcbUfeyJQtOkNNH5o0o/einIoqhNCNgiFWjjsLcxPsG2bsNnF5Kmb8ONS3gArJQB
7wT68sdj/oH82zCJU6bgEXohv3f+ZS82e8jX5jJBRL+ljz3crUl3DsgjsoKJiiUp
ZjcfNffNQu4wEB6XK2zca5IgGfcBO3MF0yA13sh1JwKa54ZEikAI4T5lVfRkjUn7
LPkwpMhw3033NyyrTFXF48i9oRSoMocJYmDOncY8Mgc+CJArvn/fT34bZ9rXH01Y
qpeSAZv7AgyXc3jSQHZPjo76i/C9BwwZ1EoGUm4svom/0ejnOteM1Ff3grVnqipX
Xo78a1BYHr0aLBxPpPaHMRlOdcMo0UYnqIm+P7VXtY0WxvPjXgemtSsXYrAMKSaa
sAJ5Dv0jqYwhbQcVb5sGLC8zg+QmSbhV4HbrXmOcP8QC9H89EJSPzLQivQePGZrQ
284vWTueNk68NyUQ5BUfXLIjYX/n6kgOeISNcvhDCVgWkvZNfN57fEOtq2FTsFKz
Dg4ukCQkabA+lFB3AiVdhhLZT5ucjSFFfnLUkwaULRP5XEgQhH8=
=YxhM
-----END PGP SIGNATURE-----
这是您在 signature
JSON 字段中想要的签名,由 GitHub documentation 提供。
构造API有效载荷JSON:
{
"message": "Force redirect",
"author": {
"name": "iBug",
"email": "git@ibugone.com",
"date": "2020-11-16T02:51:19+08:00"
},
"committer": {
"name": "iBug",
"email": "git@ibugone.com",
"date": "2020-11-16T02:57:06+08:00"
},
"parents": [
"fb4c5fb11f79142fc1f6f86fd7442274839626fb"
],
"tree": "fe9d12667f47065738ebcb3f6dd665a4150be267",
"signature": "-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBAgAdFiEE1KqdrSj5MOe58w687j9yiKLGMwQFAl+ynVQACgkQ7j9yiKLG\nMwR21BAAp3pzyUhA2/5tn/DrO+bbD9X9BQ6GHLHtiaG8gjuWmaGHzjR2XUugTrRl\naOluWR6//yNR9Uf3qIyxZahRYWYVy3Pl2UK8C+4s4alo7IjiF/7oKD3OVu5bjLvm\nGcbUfeyJQtOkNNH5o0o/einIoqhNCNgiFWjjsLcxPsG2bsNnF5Kmb8ONS3gArJQB\n7wT68sdj/oH82zCJU6bgEXohv3f+ZS82e8jX5jJBRL+ljz3crUl3DsgjsoKJiiUp\nZjcfNffNQu4wEB6XK2zca5IgGfcBO3MF0yA13sh1JwKa54ZEikAI4T5lVfRkjUn7\nLPkwpMhw3033NyyrTFXF48i9oRSoMocJYmDOncY8Mgc+CJArvn/fT34bZ9rXH01Y\nqpeSAZv7AgyXc3jSQHZPjo76i/C9BwwZ1EoGUm4svom/0ejnOteM1Ff3grVnqipX\nXo78a1BYHr0aLBxPpPaHMRlOdcMo0UYnqIm+P7VXtY0WxvPjXgemtSsXYrAMKSaa\nsAJ5Dv0jqYwhbQcVb5sGLC8zg+QmSbhV4HbrXmOcP8QC9H89EJSPzLQivQePGZrQ\n284vWTueNk68NyUQ5BUfXLIjYX/n6kgOeISNcvhDCVgWkvZNfN57fEOtq2FTsFKz\nDg4ukCQkabA+lFB3AiVdhhLZT5ucjSFFfnLUkwaULRP5XEgQhH8=\n=YxhM\n-----END PGP SIGNATURE-----\n"
}
发送到 GitHub API:
~/iBug-source $ curl -X POST \
-H 'Authorization: token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
-H 'Accept: application/vnd.github.v3+json' \
-H 'Content-Type: application/json' \
--data @payload.json \
https://api.github.com/repos/iBug/iBug-source/git/commits
查看回复(截断):
{
"sha": "36105785c8665a400226c54a16cc4583b8f28ebd",
// Truncated
}
请参阅 GitHub 网站上的 the commit (archive) 正在运行!
显然,上述所有步骤都可以使用您最喜欢的工具链完成,您甚至不必执行 git commit
。例如,manually-constructed Git object 如下所示,没有尾随换行符:
tree fe9d12667f47065738ebcb3f6dd665a4150be267
parent fb4c5fb11f79142fc1f6f86fd7442274839626fb
author iBug <git@ibugone.com> 1605466279 +0800
committer iBug <git@ibugone.com> 1605466626 +0800
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAEBAgAdFiEE1KqdrSj5MOe58w687j9yiKLGMwQFAl+ynVQACgkQ7j9yiKLG
MwR21BAAp3pzyUhA2/5tn/DrO+bbD9X9BQ6GHLHtiaG8gjuWmaGHzjR2XUugTrRl
aOluWR6//yNR9Uf3qIyxZahRYWYVy3Pl2UK8C+4s4alo7IjiF/7oKD3OVu5bjLvm
GcbUfeyJQtOkNNH5o0o/einIoqhNCNgiFWjjsLcxPsG2bsNnF5Kmb8ONS3gArJQB
7wT68sdj/oH82zCJU6bgEXohv3f+ZS82e8jX5jJBRL+ljz3crUl3DsgjsoKJiiUp
ZjcfNffNQu4wEB6XK2zca5IgGfcBO3MF0yA13sh1JwKa54ZEikAI4T5lVfRkjUn7
LPkwpMhw3033NyyrTFXF48i9oRSoMocJYmDOncY8Mgc+CJArvn/fT34bZ9rXH01Y
qpeSAZv7AgyXc3jSQHZPjo76i/C9BwwZ1EoGUm4svom/0ejnOteM1Ff3grVnqipX
Xo78a1BYHr0aLBxPpPaHMRlOdcMo0UYnqIm+P7VXtY0WxvPjXgemtSsXYrAMKSaa
sAJ5Dv0jqYwhbQcVb5sGLC8zg+QmSbhV4HbrXmOcP8QC9H89EJSPzLQivQePGZrQ
284vWTueNk68NyUQ5BUfXLIjYX/n6kgOeISNcvhDCVgWkvZNfN57fEOtq2FTsFKz
Dg4ukCQkabA+lFB3AiVdhhLZT5ucjSFFfnLUkwaULRP5XEgQhH8=
=YxhM
-----END PGP SIGNATURE-----
Force redirect
在文件上使用 git hash-object -t commit
,复制相同的提交 SHA。
现在尝试将此精心制作的提交 object 存储到 Git 数据库中。
添加 object 类型 header:
~/iBug-source $ printf 'commit %s[=18=]' $(wc -c < commit) | cat - commit > object
获取完整的散列object:
~/iBug-source $ sha1sum object
36105785c8665a400226c54a16cc4583b8f28ebd
为 object 创建目录:
~/iBug-source $ mkdir -p .git/objects/36/
使用 zlib (.zz
) 算法压缩 object 并保存 object:
~/iBug-source $ pigz -cz object > .git/objects/36/105785c8665a400226c54a16cc4583b8f28ebd
如果 Git 认出了这个精心制作的 object:
~/iBug-source $ git log -1 36105785c8665a400226c54a16cc4583b8f28ebd
commit 36105785c8665a400226c54a16cc4583b8f28ebd
Author: iBug <git@ibugone.com>
Date: Mon Nov 16 02:51:19 2020 +0800
Force redirect
我正在 GitHub 工作流程中通过 API 创建签名提交,所以我只阅读文档 https://developer.github.com/v3/git/commits/#create-a-commit
我正在创建一个带有示例数据树的负载文件
827efc6d56897b048c772eb4087f854f46256132 parent
7d1b31e74ee336d15cbd21741bc88a537ed063a0 author Mona Octocat
<octocat@github.com> 1215576810 +1200 committer Mona Octocat
<octocat@github.com> 1215576810 +1200
my commit message
但是我在签名提交中变得无效 我想知道通过 API 进行签名提交实际上需要什么,因为我找不到任何博客或 post.
首先,您应该尝试了解 Git 提交是如何签名的。
要保存一些文本,请参阅 What data is being signed when you `git commit --gpg-sign=<key-id>`? for details of the signed data - I'm going to only reproduce it here. Apparently you won't have GitHub's private key, so you must bring your own key. Upload it in GitHub settings 使其成为“可信”。
首先,在本地执行 to-be-signed 提交,以便获得提交数据。例如,在撰写此答案时,我正在使用存储库的 the HEAD
commit:
~ $ cd iBug-source
~/iBug-source $ git log -1 HEAD
commit 351e7fe08176e35a9e4c91be2122921ada3cac3a (HEAD -> master, origin/master, origin/HEAD)
Author: iBug <git@ibugone.com>
Date: Mon Nov 16 02:51:19 2020 +0800
Force redirect
从 Git 中提取 GPG 签名的有效负载(消息部分)。您需要去掉尾随的换行符(就像我对 perl
所做的那样)。
~/iBug-source $ git cat-file commit HEAD
tree fe9d12667f47065738ebcb3f6dd665a4150be267
parent fb4c5fb11f79142fc1f6f86fd7442274839626fb
author iBug <git@ibugone.com> 1605466279 +0800
committer iBug <git@ibugone.com> 1605466626 +0800
Force redirect
~/iBug-source $ git cat-file commit HEAD | perl -pe 'chomp if eof' > commit
现在我在 commit
文件中有了消息负载。我想使用我自己的密钥创建签名。
因为 Git 需要 SHA-1 签名算法,所以我向 CLI 调用提供了 --digest-algo SHA1
。我还添加了--clear-sign
(仅签名,不包括消息body)和--armor
(输出ASCII装甲格式)
~/iBug-source $ gpg --clear-sign --digest-algo SHA1 --armor --local-user 0xA2C63304 commit
上述命令生成了包含以下内容的文件 commit.asc
:
-----BEGIN PGP SIGNATURE-----
iQIzBAEBAgAdFiEE1KqdrSj5MOe58w687j9yiKLGMwQFAl+ynVQACgkQ7j9yiKLG
MwR21BAAp3pzyUhA2/5tn/DrO+bbD9X9BQ6GHLHtiaG8gjuWmaGHzjR2XUugTrRl
aOluWR6//yNR9Uf3qIyxZahRYWYVy3Pl2UK8C+4s4alo7IjiF/7oKD3OVu5bjLvm
GcbUfeyJQtOkNNH5o0o/einIoqhNCNgiFWjjsLcxPsG2bsNnF5Kmb8ONS3gArJQB
7wT68sdj/oH82zCJU6bgEXohv3f+ZS82e8jX5jJBRL+ljz3crUl3DsgjsoKJiiUp
ZjcfNffNQu4wEB6XK2zca5IgGfcBO3MF0yA13sh1JwKa54ZEikAI4T5lVfRkjUn7
LPkwpMhw3033NyyrTFXF48i9oRSoMocJYmDOncY8Mgc+CJArvn/fT34bZ9rXH01Y
qpeSAZv7AgyXc3jSQHZPjo76i/C9BwwZ1EoGUm4svom/0ejnOteM1Ff3grVnqipX
Xo78a1BYHr0aLBxPpPaHMRlOdcMo0UYnqIm+P7VXtY0WxvPjXgemtSsXYrAMKSaa
sAJ5Dv0jqYwhbQcVb5sGLC8zg+QmSbhV4HbrXmOcP8QC9H89EJSPzLQivQePGZrQ
284vWTueNk68NyUQ5BUfXLIjYX/n6kgOeISNcvhDCVgWkvZNfN57fEOtq2FTsFKz
Dg4ukCQkabA+lFB3AiVdhhLZT5ucjSFFfnLUkwaULRP5XEgQhH8=
=YxhM
-----END PGP SIGNATURE-----
这是您在 signature
JSON 字段中想要的签名,由 GitHub documentation 提供。
构造API有效载荷JSON:
{
"message": "Force redirect",
"author": {
"name": "iBug",
"email": "git@ibugone.com",
"date": "2020-11-16T02:51:19+08:00"
},
"committer": {
"name": "iBug",
"email": "git@ibugone.com",
"date": "2020-11-16T02:57:06+08:00"
},
"parents": [
"fb4c5fb11f79142fc1f6f86fd7442274839626fb"
],
"tree": "fe9d12667f47065738ebcb3f6dd665a4150be267",
"signature": "-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBAgAdFiEE1KqdrSj5MOe58w687j9yiKLGMwQFAl+ynVQACgkQ7j9yiKLG\nMwR21BAAp3pzyUhA2/5tn/DrO+bbD9X9BQ6GHLHtiaG8gjuWmaGHzjR2XUugTrRl\naOluWR6//yNR9Uf3qIyxZahRYWYVy3Pl2UK8C+4s4alo7IjiF/7oKD3OVu5bjLvm\nGcbUfeyJQtOkNNH5o0o/einIoqhNCNgiFWjjsLcxPsG2bsNnF5Kmb8ONS3gArJQB\n7wT68sdj/oH82zCJU6bgEXohv3f+ZS82e8jX5jJBRL+ljz3crUl3DsgjsoKJiiUp\nZjcfNffNQu4wEB6XK2zca5IgGfcBO3MF0yA13sh1JwKa54ZEikAI4T5lVfRkjUn7\nLPkwpMhw3033NyyrTFXF48i9oRSoMocJYmDOncY8Mgc+CJArvn/fT34bZ9rXH01Y\nqpeSAZv7AgyXc3jSQHZPjo76i/C9BwwZ1EoGUm4svom/0ejnOteM1Ff3grVnqipX\nXo78a1BYHr0aLBxPpPaHMRlOdcMo0UYnqIm+P7VXtY0WxvPjXgemtSsXYrAMKSaa\nsAJ5Dv0jqYwhbQcVb5sGLC8zg+QmSbhV4HbrXmOcP8QC9H89EJSPzLQivQePGZrQ\n284vWTueNk68NyUQ5BUfXLIjYX/n6kgOeISNcvhDCVgWkvZNfN57fEOtq2FTsFKz\nDg4ukCQkabA+lFB3AiVdhhLZT5ucjSFFfnLUkwaULRP5XEgQhH8=\n=YxhM\n-----END PGP SIGNATURE-----\n"
}
发送到 GitHub API:
~/iBug-source $ curl -X POST \
-H 'Authorization: token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
-H 'Accept: application/vnd.github.v3+json' \
-H 'Content-Type: application/json' \
--data @payload.json \
https://api.github.com/repos/iBug/iBug-source/git/commits
查看回复(截断):
{
"sha": "36105785c8665a400226c54a16cc4583b8f28ebd",
// Truncated
}
请参阅 GitHub 网站上的 the commit (archive) 正在运行!
显然,上述所有步骤都可以使用您最喜欢的工具链完成,您甚至不必执行 git commit
。例如,manually-constructed Git object 如下所示,没有尾随换行符:
tree fe9d12667f47065738ebcb3f6dd665a4150be267
parent fb4c5fb11f79142fc1f6f86fd7442274839626fb
author iBug <git@ibugone.com> 1605466279 +0800
committer iBug <git@ibugone.com> 1605466626 +0800
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAEBAgAdFiEE1KqdrSj5MOe58w687j9yiKLGMwQFAl+ynVQACgkQ7j9yiKLG
MwR21BAAp3pzyUhA2/5tn/DrO+bbD9X9BQ6GHLHtiaG8gjuWmaGHzjR2XUugTrRl
aOluWR6//yNR9Uf3qIyxZahRYWYVy3Pl2UK8C+4s4alo7IjiF/7oKD3OVu5bjLvm
GcbUfeyJQtOkNNH5o0o/einIoqhNCNgiFWjjsLcxPsG2bsNnF5Kmb8ONS3gArJQB
7wT68sdj/oH82zCJU6bgEXohv3f+ZS82e8jX5jJBRL+ljz3crUl3DsgjsoKJiiUp
ZjcfNffNQu4wEB6XK2zca5IgGfcBO3MF0yA13sh1JwKa54ZEikAI4T5lVfRkjUn7
LPkwpMhw3033NyyrTFXF48i9oRSoMocJYmDOncY8Mgc+CJArvn/fT34bZ9rXH01Y
qpeSAZv7AgyXc3jSQHZPjo76i/C9BwwZ1EoGUm4svom/0ejnOteM1Ff3grVnqipX
Xo78a1BYHr0aLBxPpPaHMRlOdcMo0UYnqIm+P7VXtY0WxvPjXgemtSsXYrAMKSaa
sAJ5Dv0jqYwhbQcVb5sGLC8zg+QmSbhV4HbrXmOcP8QC9H89EJSPzLQivQePGZrQ
284vWTueNk68NyUQ5BUfXLIjYX/n6kgOeISNcvhDCVgWkvZNfN57fEOtq2FTsFKz
Dg4ukCQkabA+lFB3AiVdhhLZT5ucjSFFfnLUkwaULRP5XEgQhH8=
=YxhM
-----END PGP SIGNATURE-----
Force redirect
在文件上使用 git hash-object -t commit
,复制相同的提交 SHA。
现在尝试将此精心制作的提交 object 存储到 Git 数据库中。
添加 object 类型 header:
~/iBug-source $ printf 'commit %s[=18=]' $(wc -c < commit) | cat - commit > object
获取完整的散列object:
~/iBug-source $ sha1sum object
36105785c8665a400226c54a16cc4583b8f28ebd
为 object 创建目录:
~/iBug-source $ mkdir -p .git/objects/36/
使用 zlib (.zz
) 算法压缩 object 并保存 object:
~/iBug-source $ pigz -cz object > .git/objects/36/105785c8665a400226c54a16cc4583b8f28ebd
如果 Git 认出了这个精心制作的 object:
~/iBug-source $ git log -1 36105785c8665a400226c54a16cc4583b8f28ebd
commit 36105785c8665a400226c54a16cc4583b8f28ebd
Author: iBug <git@ibugone.com>
Date: Mon Nov 16 02:51:19 2020 +0800
Force redirect