git 通过API创建签名提交

fcwjkofz  于 2022-12-10  发布在  Git
关注(0)|答案(1)|浏览(133)

我正在GitHub工作流程中通过API创建签名提交,因此我刚刚阅读了文档https://developer.github.com/v3/git/commits/#create-a-commit
我正在使用示例数据树创建有效负载文件

827efc6d56897b048c772eb4087f854f46256132 parent
7d1b31e74ee336d15cbd21741bc88a537ed063a0 author Mona Octocat
<octocat@github.com> 1215576810 +1200 committer Mona Octocat
<octocat@github.com> 1215576810 +1200

my commit message

但我在签名提交中得到无效,我想知道通过API进行签名提交实际上需要什么,因为我无法找到任何博客或帖子。

bhmjp9jg

bhmjp9jg1#

首先,你应该试着理解Git commit是如何签名的。
要保存一些文本,请参考What data is being signed when you git commit --gpg-sign=<key-id>?以了解签名数据的详细信息--我在这里只会复制它。显然你不会有GitHub的私钥,所以你必须带上自己的密钥。在GitHub settings中上传它,这样它就成为“受信任的”了。
首先,在本地执行待签名的提交,这样你就有了提交数据。例如,我在写这个答案的时候使用的是我的仓库的the HEAD commit

~ $ cd iBug-source
~/iBug-source $ git log -1 HEAD
commit 351e7fe08176e35a9e4c91be2122921ada3cac3a (HEAD -> master, origin/master, origin/HEAD)
Author: iBug <git@ibugone.com>
Date:   Mon Nov 16 02:51:19 2020 +0800

    Force redirect

从Git中提取GPG签名的有效载荷(消息部分)。你需要去掉尾部的换行符(就像我对perl所做的那样)。

~/iBug-source $ git cat-file commit HEAD
tree fe9d12667f47065738ebcb3f6dd665a4150be267
parent fb4c5fb11f79142fc1f6f86fd7442274839626fb
author iBug <git@ibugone.com> 1605466279 +0800
committer iBug <git@ibugone.com> 1605466626 +0800

Force redirect
~/iBug-source $ git cat-file commit HEAD | perl -pe 'chomp if eof' > commit

现在我在commit文件中有了消息有效负载。我想用我自己的密钥创建一个签名。
因为Git需要一个SHA-1的签名算法,我为CLI调用提供了--digest-algo SHA1。我还添加了--clear-sign(仅签名,不包括消息正文)和--armor(输出ASCII装甲格式)

~/iBug-source $ gpg --clear-sign --digest-algo SHA1 --armor --local-user 0xA2C63304 commit

上述命令生成了包含以下内容的文件commit.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBAgAdFiEE1KqdrSj5MOe58w687j9yiKLGMwQFAl+ynVQACgkQ7j9yiKLG
MwR21BAAp3pzyUhA2/5tn/DrO+bbD9X9BQ6GHLHtiaG8gjuWmaGHzjR2XUugTrRl
aOluWR6//yNR9Uf3qIyxZahRYWYVy3Pl2UK8C+4s4alo7IjiF/7oKD3OVu5bjLvm
GcbUfeyJQtOkNNH5o0o/einIoqhNCNgiFWjjsLcxPsG2bsNnF5Kmb8ONS3gArJQB
7wT68sdj/oH82zCJU6bgEXohv3f+ZS82e8jX5jJBRL+ljz3crUl3DsgjsoKJiiUp
ZjcfNffNQu4wEB6XK2zca5IgGfcBO3MF0yA13sh1JwKa54ZEikAI4T5lVfRkjUn7
LPkwpMhw3033NyyrTFXF48i9oRSoMocJYmDOncY8Mgc+CJArvn/fT34bZ9rXH01Y
qpeSAZv7AgyXc3jSQHZPjo76i/C9BwwZ1EoGUm4svom/0ejnOteM1Ff3grVnqipX
Xo78a1BYHr0aLBxPpPaHMRlOdcMo0UYnqIm+P7VXtY0WxvPjXgemtSsXYrAMKSaa
sAJ5Dv0jqYwhbQcVb5sGLC8zg+QmSbhV4HbrXmOcP8QC9H89EJSPzLQivQePGZrQ
284vWTueNk68NyUQ5BUfXLIjYX/n6kgOeISNcvhDCVgWkvZNfN57fEOtq2FTsFKz
Dg4ukCQkabA+lFB3AiVdhhLZT5ucjSFFfnLUkwaULRP5XEgQhH8=
=YxhM
-----END PGP SIGNATURE-----

这是您希望在signature JSON字段中使用的签名,如GitHub文档所示。
构造API有效负载JSON:

{
  "message": "Force redirect",
  "author": {
    "name": "iBug",
    "email": "git@ibugone.com",
    "date": "2020-11-16T02:51:19+08:00"
  },
  "committer": {
    "name": "iBug",
    "email": "git@ibugone.com",
    "date": "2020-11-16T02:57:06+08:00"
  },
  "parents": [
    "fb4c5fb11f79142fc1f6f86fd7442274839626fb"
  ],
  "tree": "fe9d12667f47065738ebcb3f6dd665a4150be267",
  "signature": "-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBAgAdFiEE1KqdrSj5MOe58w687j9yiKLGMwQFAl+ynVQACgkQ7j9yiKLG\nMwR21BAAp3pzyUhA2/5tn/DrO+bbD9X9BQ6GHLHtiaG8gjuWmaGHzjR2XUugTrRl\naOluWR6//yNR9Uf3qIyxZahRYWYVy3Pl2UK8C+4s4alo7IjiF/7oKD3OVu5bjLvm\nGcbUfeyJQtOkNNH5o0o/einIoqhNCNgiFWjjsLcxPsG2bsNnF5Kmb8ONS3gArJQB\n7wT68sdj/oH82zCJU6bgEXohv3f+ZS82e8jX5jJBRL+ljz3crUl3DsgjsoKJiiUp\nZjcfNffNQu4wEB6XK2zca5IgGfcBO3MF0yA13sh1JwKa54ZEikAI4T5lVfRkjUn7\nLPkwpMhw3033NyyrTFXF48i9oRSoMocJYmDOncY8Mgc+CJArvn/fT34bZ9rXH01Y\nqpeSAZv7AgyXc3jSQHZPjo76i/C9BwwZ1EoGUm4svom/0ejnOteM1Ff3grVnqipX\nXo78a1BYHr0aLBxPpPaHMRlOdcMo0UYnqIm+P7VXtY0WxvPjXgemtSsXYrAMKSaa\nsAJ5Dv0jqYwhbQcVb5sGLC8zg+QmSbhV4HbrXmOcP8QC9H89EJSPzLQivQePGZrQ\n284vWTueNk68NyUQ5BUfXLIjYX/n6kgOeISNcvhDCVgWkvZNfN57fEOtq2FTsFKz\nDg4ukCQkabA+lFB3AiVdhhLZT5ucjSFFfnLUkwaULRP5XEgQhH8=\n=YxhM\n-----END PGP SIGNATURE-----\n"
}

发送到GitHub API:

~/iBug-source $ curl -X POST \
  -H 'Authorization: token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
  -H 'Accept: application/vnd.github.v3+json' \
  -H 'Content-Type: application/json' \
  --data @payload.json \
  https://api.github.com/repos/iBug/iBug-source/git/commits

请参见响应(截断):

{
  "sha": "36105785c8665a400226c54a16cc4583b8f28ebd",
  // Truncated
}

在GitHub网站上查看the commitarchive)的实际应用!

很明显,以上所有步骤都可以用你喜欢的工具链来完成,你甚至不需要执行git commit。例如,手动构造的Git对象如下所示,没有尾随的换行符:

tree fe9d12667f47065738ebcb3f6dd665a4150be267
parent fb4c5fb11f79142fc1f6f86fd7442274839626fb
author iBug <git@ibugone.com> 1605466279 +0800
committer iBug <git@ibugone.com> 1605466626 +0800
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAEBAgAdFiEE1KqdrSj5MOe58w687j9yiKLGMwQFAl+ynVQACgkQ7j9yiKLG
 MwR21BAAp3pzyUhA2/5tn/DrO+bbD9X9BQ6GHLHtiaG8gjuWmaGHzjR2XUugTrRl
 aOluWR6//yNR9Uf3qIyxZahRYWYVy3Pl2UK8C+4s4alo7IjiF/7oKD3OVu5bjLvm
 GcbUfeyJQtOkNNH5o0o/einIoqhNCNgiFWjjsLcxPsG2bsNnF5Kmb8ONS3gArJQB
 7wT68sdj/oH82zCJU6bgEXohv3f+ZS82e8jX5jJBRL+ljz3crUl3DsgjsoKJiiUp
 ZjcfNffNQu4wEB6XK2zca5IgGfcBO3MF0yA13sh1JwKa54ZEikAI4T5lVfRkjUn7
 LPkwpMhw3033NyyrTFXF48i9oRSoMocJYmDOncY8Mgc+CJArvn/fT34bZ9rXH01Y
 qpeSAZv7AgyXc3jSQHZPjo76i/C9BwwZ1EoGUm4svom/0ejnOteM1Ff3grVnqipX
 Xo78a1BYHr0aLBxPpPaHMRlOdcMo0UYnqIm+P7VXtY0WxvPjXgemtSsXYrAMKSaa
 sAJ5Dv0jqYwhbQcVb5sGLC8zg+QmSbhV4HbrXmOcP8QC9H89EJSPzLQivQePGZrQ
 284vWTueNk68NyUQ5BUfXLIjYX/n6kgOeISNcvhDCVgWkvZNfN57fEOtq2FTsFKz
 Dg4ukCQkabA+lFB3AiVdhhLZT5ucjSFFfnLUkwaULRP5XEgQhH8=
 =YxhM
 -----END PGP SIGNATURE-----
 

Force redirect

在文件上使用git hash-object -t commit,将重新生成相同的提交SHA。
正在尝试将此精心编制的提交对象存储到Git数据库中。
在前面加上对象类型标头:

~/iBug-source $ printf 'commit %s\0' $(wc -c < commit) | cat - commit > object

获取完整对象的哈希值:

~/iBug-source $ sha1sum object
36105785c8665a400226c54a16cc4583b8f28ebd

为对象创建目录:

~/iBug-source $ mkdir -p .git/objects/36/

使用zlib(.zz)算法压缩对象并保存对象:

~/iBug-source $ pigz -cz object > .git/objects/36/105785c8665a400226c54a16cc4583b8f28ebd

尝试Git是否识别此特制对象:

~/iBug-source $ git log -1 36105785c8665a400226c54a16cc4583b8f28ebd
commit 36105785c8665a400226c54a16cc4583b8f28ebd
Author: iBug <git@ibugone.com>
Date:   Mon Nov 16 02:51:19 2020 +0800

    Force redirect

相关问题