1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
.\" Man page generated from reStructuredText.
.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "PATATT" 5 "2022-08-22" "0.6.3" "Linux Programmer's Manual"
.SH NAME
patatt \- DKIM-like cryptographic patch attestation
.SH SYNOPSIS
.sp
patatt {sign|validate|genkey|install\-hook} [options]
.SH DESCRIPTION
.sp
This tool allows cryptographically signing patches sent via email
by using DKIM\-like message headers. This approach is both effective and
doesn\(aqt interfere with other code review tools the way inline or
detached PGP signatures do. For a full overview of core concepts and
considerations, please see README.
.sp
If you already have a PGP key configured for signing git tags or
commits, then you should be able to use patatt without any additional
configuration. Try running the following in any git repository:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
git format\-patch \-1 \-\-stdout | patatt sign
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
If patatt is not finding your PGP key, try adding the following to your
~/.gitconfig:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
[user]
signingkey = [yourkeyid]
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
To find out your keyid, run \fBgpg \-\-list\-secret\-keys\fP\&. If you want to
use a specific subkey, you can specify the subkey ID with a \fB!\fP at the
end.
.SH USING AS A GIT HOOK
.sp
If you use \fBgit\-send\-email\fP for sending patches, then you can get
them automatically signed via the \fBsendemail\-validate\fP hook. To install,
run the following command in the repository you want enabled for signing:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ patatt install\-hook
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
Or you can install it manually:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ echo \(aqpatatt sign \-\-hook "${1}"\(aq >> .git/hooks/sendemail\-validate
$ chmod a+x .git/hooks/sendemail\-validate
.ft P
.fi
.UNINDENT
.UNINDENT
.SH SUBCOMMANDS
.INDENT 0.0
.IP \(bu 2
\fIsign\fP: sign stdin or RFC2822 files passed as arguments
.IP \(bu 2
\fIvalidate\fP: basic validation for signed messages
.IP \(bu 2
\fIgenkey\fP: generate a new ed25519 keypair
.IP \(bu 2
\fIinstall\-hook\fP: install sendemail\-validate hook in the current repository
.UNINDENT
.sp
You can run \fBpatatt [subcommand] \-\-help\fP to see a summary of flags for
each subcommand.
.SH SUPPORT
.sp
Please email \fI\%tools@linux.kernel.org\fP with support requests.
.SH AUTHOR
mricon@kernel.org
License: MIT-0
.SH COPYRIGHT
The Linux Foundation and contributors
.\" Generated by docutils manpage writer.
.
|
