Skip to content

Instantly share code, notes, and snippets.

@Nervengift

Nervengift/post-receive

Last active February 25, 2016 15:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Nervengift/5170b07d3ffbf673e8d6 to your computer and use it in GitHub Desktop.
Save Nervengift/5170b07d3ffbf673e8d6 to your computer and use it in GitHub Desktop.
Download ZIP
Generate a signed timestamp for all git commits using openssl and the DFN server
Raw
post-receive
#!/bin/bash
# install on central git repo as hooks/post-receive
# generates timestamp signatures for all commits
read oldrev newrev refname
mkdir -p timestamps
oldrev=$(git rev-parse $oldrev)
newrev=$(git rev-parse $newrev)
git rev-list "$oldrev..$newrev" | while read commit; do
echo "creating timestamp signature for $commit..."
openssl ts -query -digest $commit -cert -sha1 -no_nonce -out $commit.tsq
cat $commit.tsq |curl -s -S -H 'Content-Type: application/timestamp-query' --data-binary @- http://zeitstempel.dfn.de -o timestamps/$commit.tsr
rm $commit.tsq
done
Raw
timestamp.sh
COMMIT=086d71a7f8ca58113f772f60b448d01e8411cdf0
# Timestamp generation
openssl ts -query -digest $COMMIT -cert -sha1 -no_nonce -out $COMMIT.tsq
cat $COMMIT.tsq |curl -s -S -H 'Content-Type: application/timestamp-query' --data-binary @- http://zeitstempel.dfn.de -o $COMMIT.tsr
rm $COMMIT.tsq
# Verification
wget -O dfn.pem https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt
openssl ts -verify -digest $COMMIT -in $COMMIT.tsr -CAfile dfn.pem&&
openssl ts -reply -in $COMMIT.tsr -text|grep "Time stamp" # show timestamp
@Nervengift
Copy link
Author

Information about the DFN's timestamp service and usage rules can be found here (german): https://www.pki.dfn.de/zeitstempeldienst/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment