{ "info": { "author": "Tom Parker-Shemilt", "author_email": "palfrey@tevp.net", "bugtrack_url": null, "classifiers": [ "Intended Audience :: Developers", "License :: OSI Approved :: GNU Affero General Public License v3", "Programming Language :: Python :: 3", "Topic :: Software Development :: Version Control :: Git" ], "description": "Clincher\n========\n[![Build Status](https://travis-ci.org/lshift/clincher.svg?branch=master)](https://travis-ci.org/lshift/clincher)\n[![Coverage Status](https://coveralls.io/repos/github/lshift/clincher/badge.svg)](https://coveralls.io/github/lshift/clincher)\n![PyPI](https://img.shields.io/pypi/v/clincher.svg)\n![PyPI - License](https://img.shields.io/pypi/l/clincher.svg)\n\n`clincher` is a tool for checking that all the commits in a git repo are signed, or if they're not that someone has signed something afterwards to backfill that.\n\nIt implicitly trusts all the keys that are in the git repository, and dealing with keys that shouldn't be there is currently out of scope.\n\nOptions\n-------\n* `--rev-spec`: to check only the revisions in a git rev spec (as per https://git-scm.com/docs/gitrevisions#_specifying_ranges). Default is to check everything.\n* `--git-path`: specify the root directory of the git repo (defaults to the current directory)\n* `--key-path`: specify the keys path (default is \"keys\")\n* `--manual-signing-path`: specify the manually signed commits path (default is \"manually_signed\")\n\nTrusted keys\n------------\nThe `key-path` folder contains a list of the GPG keys for all trusted users, which will be automatically imported by the tool. To export a key in the format we expect run `gpg --export --armor ` (taking the key id from `gpg --list-keys`) and write it to a file\nin `key-path` ending with \".gpg\". We suggest using the users name and today's date to allow for identification and coping with expired keys.\n\nPlease note that even if a key is expired, if it's been used to sign historical commits prior to it's expiry it should be kept, as otherwise you have a commit we don't know how to verify.\n\nUnsigned commits\n----------------\nIf a commit isn't signed, a file will be generated in the `manual-signing-path` folder corresponding to that commit. This is a representation of the commit that can be signed as a way to backfill the missing signing without editing the git history, and will be treated the same as the commit itself. It is named ` - `.\n\nTo sign the commit, use the following\n\n`gpg --sign --armor --detach-sign `\n\nThis file should be named ` - .asc`\n\nUploading new versions to PyPi\n------------------------------\nWe use [Flit](https://flit.readthedocs.io/en/latest/) for uploading so the following works\n\n`FLIT_USERNAME=\"\" FLIT_PASSWORD=\"\" flit publish`", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/lshift/clincher", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "clincher", "package_url": "https://pypi.org/project/clincher/", "platform": "", "project_url": "https://pypi.org/project/clincher/", "project_urls": { "Homepage": "https://github.com/lshift/clincher" }, "release_url": "https://pypi.org/project/clincher/1.0/", "requires_dist": [ "GitPython", "dateparser" ], "requires_python": ">=3.6,<4", "summary": "Clincher is a tool for checking that all the commits in a git repo are signed", "version": "1.0" }, "last_serial": 4403527, "releases": { "1.0": [ { "comment_text": "", "digests": { "md5": "6bd94788565d8505ad894c99a6840ebf", "sha256": "b49a856b30d201d38732c3e3639f3f905ef85ca42d4474a19ecd4df30338aa50" }, "downloads": -1, "filename": "clincher-1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "6bd94788565d8505ad894c99a6840ebf", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6,<4", "size": 45517, "upload_time": "2018-10-22T19:48:13", "url": "https://files.pythonhosted.org/packages/d9/7c/045d7e37d7114c106ed66ab61a75160dc5271f2f0258b9d87532c5ede5f8/clincher-1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "dce0db2e02bf58b9637bdaa6a7a7ffb3", "sha256": "dbd30bd0fc8172a5efa7b594169866db0a71d538c4bcde622adc9147d680225c" }, "downloads": -1, "filename": "clincher-1.0.tar.gz", "has_sig": false, "md5_digest": "dce0db2e02bf58b9637bdaa6a7a7ffb3", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6,<4", "size": 23919, "upload_time": "2018-10-22T19:48:16", "url": "https://files.pythonhosted.org/packages/53/a2/f13dcc43b32036125911dee963f4f4f776896fcb56455f78f84e8028625f/clincher-1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "6bd94788565d8505ad894c99a6840ebf", "sha256": "b49a856b30d201d38732c3e3639f3f905ef85ca42d4474a19ecd4df30338aa50" }, "downloads": -1, "filename": "clincher-1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "6bd94788565d8505ad894c99a6840ebf", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3.6,<4", "size": 45517, "upload_time": "2018-10-22T19:48:13", "url": "https://files.pythonhosted.org/packages/d9/7c/045d7e37d7114c106ed66ab61a75160dc5271f2f0258b9d87532c5ede5f8/clincher-1.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "dce0db2e02bf58b9637bdaa6a7a7ffb3", "sha256": "dbd30bd0fc8172a5efa7b594169866db0a71d538c4bcde622adc9147d680225c" }, "downloads": -1, "filename": "clincher-1.0.tar.gz", "has_sig": false, "md5_digest": "dce0db2e02bf58b9637bdaa6a7a7ffb3", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3.6,<4", "size": 23919, "upload_time": "2018-10-22T19:48:16", "url": "https://files.pythonhosted.org/packages/53/a2/f13dcc43b32036125911dee963f4f4f776896fcb56455f78f84e8028625f/clincher-1.0.tar.gz" } ] }