/usr/share/doc/monotone/html/Trust-Evaluation-Hooks.html is in monotone-doc 1.0-3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 | <html lang="en">
<head>
<title>Trust Evaluation Hooks - monotone documentation</title>
<meta http-equiv="Content-Type" content="text/html">
<meta name="description" content="monotone documentation">
<meta name="generator" content="makeinfo 4.13">
<link title="Top" rel="start" href="index.html#Top">
<link rel="up" href="Hooks.html#Hooks" title="Hooks">
<link rel="prev" href="Netsync-Transport-Hooks.html#Netsync-Transport-Hooks" title="Netsync Transport Hooks">
<link rel="next" href="External-Diff-Tools.html#External-Diff-Tools" title="External Diff Tools">
<link href="http://www.gnu.org/software/texinfo/" rel="generator-home" title="Texinfo Homepage">
<meta http-equiv="Content-Style-Type" content="text/css">
<style type="text/css"><!--
pre.display { font-family:inherit }
pre.format { font-family:inherit }
pre.smalldisplay { font-family:inherit; font-size:smaller }
pre.smallformat { font-family:inherit; font-size:smaller }
pre.smallexample { font-size:smaller }
pre.smalllisp { font-size:smaller }
span.sc { font-variant:small-caps }
span.roman { font-family:serif; font-weight:normal; }
span.sansserif { font-family:sans-serif; font-weight:normal; }
--></style>
<link rel="stylesheet" type="text/css" href="texinfo.css">
</head>
<body>
<div class="node">
<a name="Trust-Evaluation-Hooks"></a>
<p>
Next: <a rel="next" accesskey="n" href="External-Diff-Tools.html#External-Diff-Tools">External Diff Tools</a>,
Previous: <a rel="previous" accesskey="p" href="Netsync-Transport-Hooks.html#Netsync-Transport-Hooks">Netsync Transport Hooks</a>,
Up: <a rel="up" accesskey="u" href="Hooks.html#Hooks">Hooks</a>
<hr>
</div>
<h4 class="subsection">6.1.6 Trust Evaluation Hooks</h4>
<p>Monotone makes heavy use of certs to provide descriptive information
about revisions. In many projects, not all developers should have the
same privileges, or be trusted for the same purposes (indeed, some
signers might be automated robots, with very specific purposes).
<p>These hooks allow the user to configure which signers will be trusted to
make which kinds of assertions using certs. Monotone uses these certs when
selecting available revisions for commands such as <samp><span class="command">update</span></samp>.
<p>Each user, or even each workspace, can have their own implementation
of these hooks, and thus a different filtered view of valid revisions,
according to their own preferences and purposes.
<p>See <a href="Quality-Assurance.html#Quality-Assurance">Quality Assurance</a>.
<dl>
<a name="get_005frevision_005fcert_005ftrust"></a><dt><code>get_revision_cert_trust (</code><var>signers</var><code>, </code><var>id</var><code>, </code><var>name</var><code>, </code><var>val</var><code>)</code><a name="index-get_005frevision_005fcert_005ftrust-_0028_0040var_007bsigners_007d_002c-_0040var_007bid_007d_002c-_0040var_007bname_007d_002c-_0040var_007bval_007d_0029-299"></a><dd>
Returns <code>true</code> if you <em>trust</em> the assertion
<var>name</var>=<var>value</var> on a given revision <var>id</var>, given a valid
signature from all the keys in <var>signers</var>; <code>false</code>
otherwise. <var>signers</var> is a table containing a
<code><a href="key_005fidentity.html#key_005fidentity">key_identity</a></code> for all signatures on this cert, the other
three parameters are strings.
<p>The default definition of this hook returns <code>true</code>.
<p>The default definition corresponds to a form of trust where every key
which is defined in your database is trusted. This is a <em>weak</em>
trust setting. A possible example of a stronger trust function (along
with a utility function for computing the intersection of tables) is
the following:
<pre class="smallexample"> function intersection(a,b)
local s={}
local t={}
for k,v in pairs(a) do s[v.name] = 1 end
for k,v in pairs(b) do if s[v] ~= nil then table.insert(t,v) end end
return t
end
function get_revision_cert_trust(signers, id, name, val)
local trusted_signers = { "bob@happyplace.example.com",
"friend@trustedplace.example.com",
"myself@home.example.com" }
local t = intersection(signers, trusted_signers)
if t == nil then return false end
if (name ~= "branch" and table.getn(t) >= 1)
or (name == "branch" and table.getn(t) >= 2)
then
return true
else
return false
end
end
</pre>
<p>In this example, any revision certificate is trusted if it is signed
by at least one of three “trusted” keys, unless it is an
<code>branch</code> certificate, in which case it must be signed by
<em>two</em> or more trusted keys. This is one way of requiring that
the revision has been approved by an extra “reviewer” who used the
<samp><span class="command">approve</span></samp> command.
<p><a name="get_005ffile_005fcert_005ftrust"></a><br><dt><code>get_file_cert_trust (</code><var>signers</var><code>, </code><var>id</var><code>, </code><var>name</var><code>, </code><var>val</var><code>)</code><a name="index-get_005ffile_005fcert_005ftrust-_0028_0040var_007bsigners_007d_002c-_0040var_007bid_007d_002c-_0040var_007bname_007d_002c-_0040var_007bval_007d_0029-300"></a><dd>Similar to <code><a href="get_005frevision_005fcert_005ftrust.html#get_005frevision_005fcert_005ftrust">get_revision_cert_trust</a></code>, for certs on files.
<p><a name="get_005fmanifest_005fcert_005ftrust"></a><br><dt><code>get_manifest_cert_trust (</code><var>signers</var><code>, </code><var>id</var><code>, </code><var>name</var><code>, </code><var>val</var><code>)</code><a name="index-get_005fmanifest_005fcert_005ftrust-_0028_0040var_007bsigners_007d_002c-_0040var_007bid_007d_002c-_0040var_007bname_007d_002c-_0040var_007bval_007d_0029-301"></a><dd>Similar to <code><a href="get_005frevision_005fcert_005ftrust.html#get_005frevision_005fcert_005ftrust">get_revision_cert_trust</a></code>, for certs on manifests.
<p><a name="accept_005ftestresult_005fchange"></a><br><dt><code>accept_testresult_change (</code><var>old_results</var><code>, </code><var>new_results</var><code>)</code><a name="index-accept_005ftestresult_005fchange-_0028_0040var_007bold_005fresults_007d_002c-_0040var_007bnew_005fresults_007d_0029-302"></a><dd>Called by <samp><span class="command"><a href="mtn-update.html#mtn-update">mtn update</a></span></samp>.
<p>This hook is used by the update algorithm to determine whether a
change in test results between update source and update target is
acceptable. The hook is called with two tables, each of which maps a
signing key – representing a particular testsuite – to a boolean
value indicating whether or not the test run was successful. The
function should return <code>true</code> if you consider an update from the
version carrying the <var>old_results</var> to the version carrying the
<var>new_results</var> to be acceptable.
<p>The default definition of this hook returns <code>true</code> if
<samp><span class="file">_MTN/wanted-testresults</span></samp> does not exist. Otherwise, the file
should contain a list of signing key ids. The hook returns <code>false</code>
if a listed signing key id is present in both <var>old_results</var> and
<var>new_results</var>, and <var>old_results</var> is <code>true</code> but
<var>new_results</var> is <code>false</code>; otherwise it returns <code>true</code>.
</dl>
</body></html>
|