Browse Source

Added new software release. Added pre-commit hooks.

dev
Franco Masotti 1 year ago
parent
commit
cba449fb33
Signed by: frnmst
GPG Key ID: 24116ED85666780A
  1. 1
      .gitignore
  2. 16
      .pre-commit-config.yaml
  3. 11
      Makefile
  4. 12
      Pipfile
  5. 22
      _pages/software.md
  6. BIN
      software/qvm-1.0.4.tar.gz
  7. 1
      software/qvm-1.0.4.tar.gz.SHA256SUM.txt
  8. 1
      software/qvm-1.0.4.tar.gz.SHA512SUM.txt
  9. 16
      software/qvm-1.0.4.tar.gz.sig

1
.gitignore vendored

@ -1,3 +1,4 @@
/Pipfile.lock
_site/
.sass-cache/
.jekyll-cache/

16
.pre-commit-config.yaml

@ -0,0 +1,16 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v2.4.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- id: check-added-large-files
- repo: https://github.com/frnmst/md-toc
rev: 'master' # or a specific git tag from md-toc
hooks:
- id: md-toc
args: [-p, 'github', '-l6'] # CLI options

11
Makefile

@ -4,6 +4,15 @@
# See LICENSE file for details.
PORT = 3050
default: install-dev
install-dev:
pipenv install --dev
pipenv run pre-commit install
uninstall-dev:
pipenv --rm
all: clean build serve-global
build:
@ -17,3 +26,5 @@ serve-global:
clean:
@rm -rf _site
.PHONY: default install-dev uninstall-dev all build serve serve-global clean

12
Pipfile

@ -0,0 +1,12 @@
[[source]]
url = "https://pypi.org/simple"
verify_ssl = true
name = "pypi"
[packages]
[dev-packages]
pre-commit = '~=2.9'
[requires]
python_version = "3.9"

22
_pages/software.md

@ -49,6 +49,9 @@ permalink: /software/
- [md-toc](#md-toc)
- [Repository](#repository-6)
- [Releases](#releases-6)
- [qvm](#qvm)
- [Repository](#repository-7)
- [Releases](#releases-7)
<!--TOC-->
@ -63,14 +66,14 @@ You may contact me directly to obtain the public key fingerprint in a different
### Extract
The following extract is from a [post by Mike Gerwitz](https://mikegerwitz.com/2012/05/a-git-horror-story-repository-integrity-with-signed-commits#trust):
> Git Host
>>
>> Git hosting providers are probably the most easily overlooked trustees—providers like Gitorious, GitHub, Bitbucket, SourceForge, Google Code, etc. Each provides hosting for your repository and “secures” it by allowing only you, or other authorized users, to push to it, often with the use of SSH keys tied to an account. By using a host as the primary holder of your repository—the repository from which most clone and push to—you are entrusting them with the entirety of your project; you are stating, “Yes, I trust that my source code is safe with you and will not be tampered with”. This is a dangerous assumption. Do you trust that your host properly secures your account information? Furthermore, bugs exist in all but the most trivial pieces of software, so what is to say that there is not a vulnerability just waiting to be exploited in your host’s system, completely compromising your repository?
>>
>> It was not too long ago (March 4th, 2012) that a public key security vulnerability at GitHub was exploited by a Russian man named Egor Homakov, allowing him to successfully commit to the master branch of the Ruby on Rails framework repository hosted on GitHub. Oops.
Copyright © 2019 Mike Gerwitz. Licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
Copyright © 2019 Mike Gerwitz. Licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
## Terminology
@ -367,3 +370,18 @@ If the public key is unknown you must import it from a trusted source:
- [signature]({{ site.baseurl }}/software/md-toc-7.0.3.tar.gz.sig)
- [signing key]({{ site.baseurl }}/pubkeys/pgp_pubkey_2020.txt)
### qvm
#### Repository
- [homepage](https://github.com/frnmst/qvm)
- [mirror](https://gitlab.com/frnmst-mirrors/qvm)
#### Releases
- `1.0.4`
- [qvm-1.0.4.tar.gz]({{ site.baseurl }}/software/qvm-1.0.4.tar.gz)
- [SHA512SUM.txt]({{ site.baseurl }}/software/qvm-1.0.4.tar.gz.SHA512SUM.txt)
- [SHA256SUM.txt]({{ site.baseurl }}/software/qvm-1.0.4.tar.gz.SHA256SUM.txt)
- [signature]({{ site.baseurl }}/software/qvm-1.0.4.tar.gz.sig)
- [signing key]({{ site.baseurl }}/pubkeys/pgp_pubkey_2020.txt)

BIN
software/qvm-1.0.4.tar.gz

Binary file not shown.

1
software/qvm-1.0.4.tar.gz.SHA256SUM.txt

@ -0,0 +1 @@
979edc58f5f945556e5313a1779712ee3bab7acec0b4aaa366bd0caa78cf0811 qvm-1.0.4.tar.gz

1
software/qvm-1.0.4.tar.gz.SHA512SUM.txt

@ -0,0 +1 @@
32f3b638747a71f24d4238531a9c77c51af9fac496e7d99ff61347e20ccadce8e587000c5015ce0bb2edbc6b7aabb563224e35a82915cd72aa70a556b7115a44 qvm-1.0.4.tar.gz

16
software/qvm-1.0.4.tar.gz.sig

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEECQ7wtO7QEmICo89RJBFu2FZmeAoFAl/SSYoACgkQJBFu2FZm
eAqoWxAAgfU3kBV7pN0vctcRp3PiYkOi39ja1pjkkiQVJyjDCUWBvQCa55n3dEl9
fhB8L8sZpwcQjXSOVTXw9wgRUm5bs8U1ODIOWYGIMIu8UCa/BaAvWtLxC1WfIqc/
qye0i20M1T0gtb3fWGs13l4l6G7N8z9K/tQ71p1ZdqLTnUNPP6K7JuEDPnrjQszw
fPqEn0LiyR6TOI0Cz2KqTNsYQLBFJ9j7onZGbaeUeN+BCfngt+yf//FKHJxAf5YM
hZj6afum4418vRs/kPSfK0adpEg44mEYL0Tjo94qHtC7KGA95JKecUZWT0sZQFHJ
5NzU3GYLyMwZoD3Q6WbgzeXLNITLyC8DQ155Gq+w/WvzuC6ruJogESanxZ3oGWcB
vG93eErZDHdfrI6fVoZGBo3Grw2QYwnN1vHJueEH3P1jB4s7VMNCop3ji2vU/lYm
4Q5UHy4dY37Dt2K/100DNCC0yldRCfugYMBDp08U2yvWdYdGZN+WzrjZHvegvISv
IGwdL/hWOtgY0QgVFwpq4MNrYOZBEJuRGrcjgJu7KO2PTUiK0W6D6gexOD3LVrqI
ys6HpZoEnuNVYN7s1F6Cfi0UX0ZGVMIZOSV1hoZB4y+29sbSvbTsXJHfdkOU30Id
BrCRQdEX2nOcQds2jJ5sxmi5TiIk2BHWIEsRwqSZ96xkjnKoRBI=
=KGtu
-----END PGP SIGNATURE-----
Loading…
Cancel
Save