This file is indexed.

/usr/share/doc/monotone/html/Trust-Evaluation-Hooks.html is in monotone-doc 1.1-7.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- Created by GNU Texinfo 6.0, http://www.gnu.org/software/texinfo/ -->
<head>
<title>monotone documentation: Trust Evaluation Hooks</title>

<meta name="description" content="monotone documentation: Trust Evaluation Hooks">
<meta name="keywords" content="monotone documentation: Trust Evaluation Hooks">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="General-Index.html#General-Index" rel="index" title="General Index">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Hooks.html#Hooks" rel="up" title="Hooks">
<link href="External-Diff-Tools.html#External-Diff-Tools" rel="next" title="External Diff Tools">
<link href="Netsync-Transport-Hooks.html#Netsync-Transport-Hooks" rel="prev" title="Netsync Transport Hooks">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nocodebreak {white-space: nowrap}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: serif; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
-->
</style>
<link rel="stylesheet" type="text/css" href="texinfo.css">


</head>

<body lang="en">
<a name="Trust-Evaluation-Hooks"></a>
<div class="header">
<p>
Next: <a href="External-Diff-Tools.html#External-Diff-Tools" accesskey="n" rel="next">External Diff Tools</a>, Previous: <a href="Netsync-Transport-Hooks.html#Netsync-Transport-Hooks" accesskey="p" rel="prev">Netsync Transport Hooks</a>, Up: <a href="Hooks.html#Hooks" accesskey="u" rel="up">Hooks</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="General-Index.html#General-Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="Trust-Evaluation-Hooks-1"></a>
<h4 class="subsection">6.1.6 Trust Evaluation Hooks</h4>

<p>Monotone makes heavy use of certs to provide descriptive information
about revisions. In many projects, not all developers should have the
same privileges, or be trusted for the same purposes (indeed, some
signers might be automated robots, with very specific purposes).
</p>
<p>These hooks allow the user to configure which signers will be trusted to
make which kinds of assertions using certs. Monotone uses these certs when
selecting available revisions for commands such as <code>update</code>.
</p>
<p>Each user, or even each workspace, can have their own implementation
of these hooks, and thus a different filtered view of valid revisions,
according to their own preferences and purposes.
</p>
<p>See <a href="Quality-Assurance.html#Quality-Assurance">Quality Assurance</a>.
</p>
<dl compact="compact">
<dd><a name="get_005frevision_005fcert_005ftrust"></a></dd>
<dt><code>get_revision_cert_trust (<var>signers</var>, <var>id</var>, <var>name</var>, <var>val</var>)</code>
<a name="index-get_005frevision_005fcert_005ftrust-_0028signers_002c-id_002c-name_002c-val_0029"></a>
</dt>
<dd>
<p>Returns <code>true</code> if you <em>trust</em> the assertion
<var>name</var>=<var>value</var> on a given revision <var>id</var>, given a valid
signature from all the keys in <var>signers</var>; <code>false</code>
otherwise. <var>signers</var> is a table containing a
<code><a href="Common-Data-Types.html#key_005fidentity">key_identity</a></code> for all signatures on this cert, the other
three parameters are strings.
</p>
<p>The default definition of this hook returns <code>true</code>.
</p>
<p>The default definition corresponds to a form of trust where every key
which is defined in your database is trusted. This is a <em>weak</em>
trust setting. A possible example of a stronger trust function (along
with a utility function for computing the intersection of tables) is
the following:
</p>
<div class="smallexample">
<pre class="smallexample">function intersection(a,b)
   local s={}
   local t={}
   for k,v in pairs(a) do s[v.name] = 1 end
   for k,v in pairs(b) do if s[v] ~= nil then table.insert(t,v) end end
   return t
end

function get_revision_cert_trust(signers, id, name, val)
   local trusted_signers = { &quot;bob@happyplace.example.com&quot;,
                             &quot;friend@trustedplace.example.com&quot;,
                             &quot;myself@home.example.com&quot; }
   local t = intersection(signers, trusted_signers)

   if t == nil then return false end

   if    (name ~= &quot;branch&quot; and table.getn(t) &gt;= 1)
      or (name == &quot;branch&quot; and table.getn(t) &gt;= 2)
   then
      return true
   else
      return false
   end
end
</pre></div>

<p>In this example, any revision certificate is trusted if it is signed
by at least one of three &ldquo;trusted&rdquo; keys, unless it is an
<code>branch</code> certificate, in which case it must be signed by
<em>two</em> or more trusted keys. This is one way of requiring that
the revision has been approved by an extra &ldquo;reviewer&rdquo; who used the
<code>approve</code> command.
</p>
<a name="accept_005ftestresult_005fchange"></a></dd>
<dt><code>accept_testresult_change (<var>old_results</var>, <var>new_results</var>)</code>
<a name="index-accept_005ftestresult_005fchange-_0028old_005fresults_002c-new_005fresults_0029"></a>
</dt>
<dd><p>Called by <code><a href="Workspace.html#mtn-update">mtn update</a></code>.
</p>
<p>This hook is used by the update algorithm to determine whether a
change in test results between update source and update target is
acceptable. The hook is called with two tables, each of which maps a
signing key hash (as 20 raw bytes) &ndash; representing a particular testsuite &ndash; to a boolean
value indicating whether or not the test run was successful (calculated
from the <code>testresult</code> cert). The
function should return <code>true</code> if you consider an update from the
version carrying the <var>old_results</var> to the version carrying the
<var>new_results</var> to be acceptable.
</p>
<p>The default definition of this hook returns <code>true</code> if
<samp>_MTN/wanted-testresults</samp> does not exist. Otherwise, the file
should contain a list of signing key hex-encoded hashes in lowercase (40 characters).
The hook returns <code>false</code>
if a listed signing key hash is present in both <var>old_results</var> and
<var>new_results</var>, with the value <code>true</code> in <var>old_results</var>
and <code>false</code> in <var>new_results</var>; otherwise it returns <code>true</code>.
</p>
</dd>
</dl>

<hr>
<div class="header">
<p>
Next: <a href="External-Diff-Tools.html#External-Diff-Tools" accesskey="n" rel="next">External Diff Tools</a>, Previous: <a href="Netsync-Transport-Hooks.html#Netsync-Transport-Hooks" accesskey="p" rel="prev">Netsync Transport Hooks</a>, Up: <a href="Hooks.html#Hooks" accesskey="u" rel="up">Hooks</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="General-Index.html#General-Index" title="Index" rel="index">Index</a>]</p>
</div>



</body>
</html>