On Fri, Jun 10, 2011 at 7:45 PM, Dan McGee <dpmcgee@gmail.com> wrote:
Thoughts? Other ideas? Things I'm forgetting? I'll withhold my preference of option for now to prevent biasing any comments; the above should not be seen as order of preference.
I've had the following idea since when I started to help, but never really tested it. I did it now and it worked. What do you think? High lever explanation: 1. grab a remote lock by creating a lock directory 2. if previous command succeeded 2.1. locally, scp the repository db file from the remote machine to the local one 2.2. sign the file locally 2.3. send the signature back to remote 2.4. release the lock Test implementation: #!/bin/bash host="some remote host" lock="name of lock directory" filetosign="full path of remote file to sign" ssh "$host" "mkdir $lock" || res=$? if [[ -z $res ]] ; then localfile=$(mktemp) scp "$host":"$filetosign" "${localfile}" gpg --detach-sign "${localfile}" scp "${localfile}".sig "${host}":"${filetosign}".sig ssh "${host}" "rmdir ${lock}" fi I've tested it here and it signed a file from my own machine through ssh. It had lots of password typing, but that's because I don't use public key authentication (I don't even start ssh automatically :)) -- A: Because it obfuscates the reading. Q: Why is top posting so bad? ------------------------------------------- Denis A. Altoe Falqueto Linux user #524555 -------------------------------------------