sq-git-policy-authorize - Man Page

--add-user

Grant the certificate the add-user capability.

This capability allows the certificate add users to the policy file, and to grant them capabilities.  A certificate that has this capability is only allowed to grant capabilities that it has.  That is, if Alice has the `sign-commit` and `add-user` capability, she can grant Bob either of those capabilities, but she is can't grant him the `sign-tag` capability, because she does not have that capability.

--audit

Grants the certificate the audit capability.

This capability allows the certificate to audit commits. If Alice has the audit capability, Bob has the can-sign capability, and then Bob revokes his key, because it was compromised, then all commits that Bob signed are considered invalid.  Alice can recover from this situation by auditing Bob's commit.  After auditing each commit, she marks it as good using `sq-git policy goodlist`.

--cert=FINGERPRINT|KEYID

The fingerprint or Key ID of the certificate to use

This is read from the user's default certificate directory.

See the top-level option `--home` for more information about the certificate store.

--cert-file=FILE

The file containing the certificate to authorize.

The file must contain exactly one certificate.

--committer

Grants all capabilities relevant to a committer.

A committer is authorized to commit changes to the code. This options grants the certificate the `sign-commit` capability.

--no-add-user

Rescind the add-user capability from a certificate.

Removes the add-user capability for the certificate. Note: this operation is not retroactive; operations that rely on this grant prior to the policy change are still considered authenticated.

Rescinding the add-user capability from a certificate does not rescind any grants that that certificate made.  That is, if Alice grants Bob the can-sign and add-user capability, Bob grants Carol the can-sign capability, and then Alice rescinds Bob's can-sign and add-user capabilities, Carol still has the can-sign capability.  In this way, a grant is a copy of a capability.

--no-audit

Rescind the audit capability from a certificate.

Removes the audit capability from a certificate.  The specified certificate cannot no longer mark arbitrary commits as good.

--no-retire-user

Rescind the retire-user capability from a certificate.

Removes the retire-user capability from a certificate. The specified certificate cannot no longer rescind capabilities even those that they granted.

--no-sign-archive

Rescind the sign-archive capability from a certificate.

Removes the sign-archive capability for the certificate. Note: this operation is not retroactive; archives signed with the certificate prior to the policy change are still considered authenticated.

--no-sign-commit

Rescind the sign-commit capability from a certificate.

Removes the sign-commit capability for the certificate. Note: this operation is not retroactive; commits signed with the certificate prior to the policy change are still considered authenticated.

--no-sign-tag

Rescind the sign-tag capability from a certificate.

Removes the sign-tag capability for the certificate. Note: this operation is not retroactive; tags signed with the certificate prior to the policy change are still considered authenticated.

--policy-file=POLICY

Use an alternate policy.

The default policy is the `openpgp-policy.toml` file in the root of the repository's working tree.

--project-maintainer

Grants all capabilities relevant to a project maintainer.

A project maintainer is a person who is responsible for maintaining the project.  This options grants the certificate all capabilities.

--release-manager

Grants all capabilities relevant to a release manager.

A release manager is authorized to commit changes, and make releases.  This options grants the certificate the `sign-tag`, `sign-archive`, and `sign-commit` capabilities.

--retire-user

Grants the certificate the retire-user capability.

This capability allows the certificate to rescind arbitrary capabilities.  That is, if Alice has the retire-user capability, she can rescind Bob's can-sign capability even if she didn't grant him that capability.

--sign-archive

Grant the certificate the sign-archive capability.

This capability allows the certificate to sign tarballs or other archives.  That is, when authenticating an archive, an archive is considered authenticated if it is signed by a certificate with this capability.

--sign-commit

Grant the certificate the sign-commit capability.

This capability allows the certificate to sign commits. That is, when authenticating a version of the repository, a commit is considered authenticated if it is signed by a certificate with this capability.

--sign-tag

Grant the certificate the sign-tag capability.

This capability allows the certificate to sign tags.  That is, when authenticating a tag, a tag is considered authenticated if it is signed by a certificate with this capability.

NAME

FILE|FINGERPRINT|KEYID

The filename, fingerprint or Key ID of the certificate to authenticate

This is first interpreted as a filename.  If that file does not exist, then it is interpreted as a fingerprint or Key ID, and read from the certificate store.  To avoid ambiguity, use `--cert` or `--cert-file` instead.

See the top-level option `--home` for more information about the certificate store.

See sq-git(1) for a description of the global options.