= Commitsigs Extension = '''This extension is not distributed with Mercurial.''' ''Author: Martin Geisler'' Repository: https://foss.heptapod.net/mercurial/commitsigs <> == Overview == This extension allows you to digitally sign changesets as you create them. Mercurial already embeds a username in each changeset, but there is nothing that prevents users from impersonating each other since the username is freely configurable. Putting a digital signature into each changeset solves this problem by ensuring that only the owner of the private key could have made the changeset. The GpgExtension already allows signing of changesets. However, this is done by committing changes to a {{{.hgsigs}}} file in the root of the working copy and so it requires extra changesets to be made. This makes it infeasible to sign all changesets. The {{{.hgsigs}}} file must also be merged like any other file when branches are merged. On the other hand, editing a {{{.hgsigs}}} file makes it possible to sign old changesets after the fact, something which this extension does not support by design. == Configuration == Configure your ''`.hgrc`'' to enable the extension by adding following lines: {{{ [extensions] commitsigs = ~/path/to/commitsigs.py }}} You must now choose a signature scheme to use: either {{{gnupg}}} or {{{openssl}}}. The first will use your GPG key to sign changesets, the latter will use a X509 certificate. Please see {{{hg help commitsigs}}} after enabling the extension for details. == Using Hooks == Currently, there are two different hooks you can use to ensure commits pushed to your repository have valid signatures: * ''verifyallhook'': Ensure all incoming changesets have valid signatures. * ''verifyheadshook'': Ensure at least the incoming changsets denoting heads have valid signatures. To make sure all incoming changesets have valid signatures use the `verifyallhook` by adding the following lines to your ''`hgrc`'' file: {{{ [hooks] pretxnchangegroup.verifyall = python:commitsigs.verifyallhook }}} To ensure at least all incoming changesets denoting heads have valid signatures, use the `verifyheadshook`: {{{ [hooks] pretxnchangegroup.verifyheads = python:commitsigs.verifyheadshook }}} ---- CategoryExtensionsByOthers