source/gitolite/transparency-log.rst - pub/scm/docs/docsko/korg - Git at Google

 Gitolite transparency log
 =========================
 All git-receive operations are logged in the transparency log, published
 at https://git.kernel.org/pub/scm/infra/transparency-logs/gitolite/git/.
 The repository is in the public-inbox v2 format and each operation is
 recorded as a separate RFC822 message with the body in YAML format.

 * https://public-inbox.org/public-inbox-v2-format.html

 Others are invited to clone this repository and update it periodically
 in order to preserve a distributed tamper-evident log of all write
 activity to the kernel.org source repositories.

 Sample record
 -------------
 Below is the annotated sample record.

 ::

     Content-Type: multipart/mixed; boundary="===============9216280479104659071=="
     MIME-Version: 1.0
     From: Gitolite <devnull@kernel.org>
     Subject: post-receive: pub/scm/linux/kernel/git/mricon/hook-test
     Date: Sun, 01 Nov 2020 14:30:04 -0000

 The Date field is the time when gitolite received the push, not the time
 of any of the commits.

 ::

     Message-Id: <160424100444.28613.2392504408513983803@gitolite.kernel.org>

     --===============9216280479104659071==
     Content-Type: text/plain; charset="us-ascii"
     MIME-Version: 1.0
     Content-Transfer-Encoding: 7bit

 If there are any attachments, the message will be multipart/mixed,
 otherwise it will be a simple text/plain message.

 ::

     ---
     service: git-receive-pack
     repo: pub/scm/linux/kernel/git/mricon/hook-test
     user: mricon
     git_push_cert_status: G

 If the push was signed, the ``git_push_cert_status`` field will be
 present and the push certificate will be attached as a separate file
 (see further).

 ::

     changes:
       - ref: refs/heads/main
         old: 29000644713a1a7ecea7871b433cf83f2740da90
         new: fe6ba5369e98005e5f0d76442447a966aa70d0dc
         log: |
              fe6ba5369e98005e5f0d76442447a966aa70d0dc Another push to test transparency log

 The ``changes`` field is an array of values per each of the refs pushed
 during the single git-receive-pack invocation. The ``log`` field is the
 enumeration of commits from the previous tip to the new tip. If it is
 less than 1024KB in size, the contents will be listed in the YAML body
 itself. If larger, they will be attached as a separate file, with the
 name of the attached file listed instead.

 ::

     --===============9216280479104659071==
     Content-Type: text/plain; charset="us-ascii"
     MIME-Version: 1.0
     Content-Transfer-Encoding: 7bit
     Content-Disposition: attachment; filename=git-push-certificate.txt

     certificate version 0.1
     pusher B6C41CE35664996C! 1604241004 -0500
     pushee gitolite.kernel.org:pub/scm/linux/kernel/git/mricon/hook-test
     nonce 1604241004-62dd093c179451c97bdae81a969305afa7e5d0c3

     29000644713a1a7ecea7871b433cf83f2740da90 fe6ba5369e98005e5f0d76442447a966aa70d0dc refs/heads/main
     -----BEGIN PGP SIGNATURE-----

     iHUEABYIAB0WIQR2vl2yUnHhSB5njDW2xBzjVmSZbAUCX57GbAAKCRC2xBzjVmSZ
     bDqdAQDvt+AXjrWKuEHRf9fh4+2UyyuGApeS7vS8wl8FoZZN4QEApgZeaokAJFQG
     1QG+be1u+RFC6CDIEh0vx/nThhaZDgI=
     =Bpxo
     -----END PGP SIGNATURE-----

     --===============9216280479104659071==--

 If a push certificate is present, it will be attached to the body of the
 message.

 Signing your pushes
 -------------------
 Since several members of the Linux Foundation IT team have direct
 backend access to the gitolite server, any one of them (or anyone in
 possession of their compromised account) can fake a push record. If you
 would like to help hedge against this risk, you are invited to sign your
 pushes.

 You can enable push signing by adding the following to your
 ``.git/config`` (or ``~/.gitconfig``, if you want to enable this
 globally, but keep in mind that this will result in errors or warning
 messages when you push to remotes that do not support signed pushes)::

     [push]
         gpgSign = if-asked

 See ``git-push`` for more information on this feature:

 * https://git-scm.com/docs/git-push#Documentation/git-push.txt---signedtruefalseif-asked

 Note: we only add the certificates to the transparency log at this time
 without applying any other kinds of tests or making any allow/deny decisions.
	Gitolite transparency log
	=========================
	All git-receive operations are logged in the transparency log, published
	at https://git.kernel.org/pub/scm/infra/transparency-logs/gitolite/git/.
	The repository is in the public-inbox v2 format and each operation is
	recorded as a separate RFC822 message with the body in YAML format.

	* https://public-inbox.org/public-inbox-v2-format.html

	Others are invited to clone this repository and update it periodically
	in order to preserve a distributed tamper-evident log of all write
	activity to the kernel.org source repositories.

	Sample record
	-------------
	Below is the annotated sample record.

	::

	Content-Type: multipart/mixed; boundary="===============9216280479104659071=="
	MIME-Version: 1.0
	From: Gitolite <devnull@kernel.org>
	Subject: post-receive: pub/scm/linux/kernel/git/mricon/hook-test
	Date: Sun, 01 Nov 2020 14:30:04 -0000

	The Date field is the time when gitolite received the push, not the time
	of any of the commits.

	::

	Message-Id: <160424100444.28613.2392504408513983803@gitolite.kernel.org>

	--===============9216280479104659071==
	Content-Type: text/plain; charset="us-ascii"
	MIME-Version: 1.0
	Content-Transfer-Encoding: 7bit

	If there are any attachments, the message will be multipart/mixed,
	otherwise it will be a simple text/plain message.

	::

	---
	service: git-receive-pack
	repo: pub/scm/linux/kernel/git/mricon/hook-test
	user: mricon
	git_push_cert_status: G

	If the push was signed, the ``git_push_cert_status`` field will be
	present and the push certificate will be attached as a separate file
	(see further).

	::

	changes:
	- ref: refs/heads/main
	old: 29000644713a1a7ecea7871b433cf83f2740da90
	new: fe6ba5369e98005e5f0d76442447a966aa70d0dc
	log: \|
	fe6ba5369e98005e5f0d76442447a966aa70d0dc Another push to test transparency log

	The ``changes`` field is an array of values per each of the refs pushed
	during the single git-receive-pack invocation. The ``log`` field is the
	enumeration of commits from the previous tip to the new tip. If it is
	less than 1024KB in size, the contents will be listed in the YAML body
	itself. If larger, they will be attached as a separate file, with the
	name of the attached file listed instead.

	::

	--===============9216280479104659071==
	Content-Type: text/plain; charset="us-ascii"
	MIME-Version: 1.0
	Content-Transfer-Encoding: 7bit
	Content-Disposition: attachment; filename=git-push-certificate.txt

	certificate version 0.1
	pusher B6C41CE35664996C! 1604241004 -0500
	pushee gitolite.kernel.org:pub/scm/linux/kernel/git/mricon/hook-test
	nonce 1604241004-62dd093c179451c97bdae81a969305afa7e5d0c3

	29000644713a1a7ecea7871b433cf83f2740da90 fe6ba5369e98005e5f0d76442447a966aa70d0dc refs/heads/main
	-----BEGIN PGP SIGNATURE-----

	iHUEABYIAB0WIQR2vl2yUnHhSB5njDW2xBzjVmSZbAUCX57GbAAKCRC2xBzjVmSZ
	bDqdAQDvt+AXjrWKuEHRf9fh4+2UyyuGApeS7vS8wl8FoZZN4QEApgZeaokAJFQG
	1QG+be1u+RFC6CDIEh0vx/nThhaZDgI=
	=Bpxo
	-----END PGP SIGNATURE-----

	--===============9216280479104659071==--

	If a push certificate is present, it will be attached to the body of the
	message.

	Signing your pushes
	-------------------
	Since several members of the Linux Foundation IT team have direct
	backend access to the gitolite server, any one of them (or anyone in
	possession of their compromised account) can fake a push record. If you
	would like to help hedge against this risk, you are invited to sign your
	pushes.

	You can enable push signing by adding the following to your
	``.git/config`` (or ``~/.gitconfig``, if you want to enable this
	globally, but keep in mind that this will result in errors or warning
	messages when you push to remotes that do not support signed pushes)::

	[push]
	gpgSign = if-asked

	See ``git-push`` for more information on this feature:

	* https://git-scm.com/docs/git-push#Documentation/git-push.txt---signedtruefalseif-asked

	Note: we only add the certificates to the transparency log at this time
	without applying any other kinds of tests or making any allow/deny decisions.