{"id":21994144,"url":"https://github.com/dlr-pa/file_hook_server_timestamping","last_synced_at":"2026-04-30T03:35:38.279Z","repository":{"id":265501508,"uuid":"895939964","full_name":"dlr-pa/file_hook_server_timestamping","owner":"dlr-pa","description":"`file_hook_server_timestamping.py` is a file hook for a GitLab instance. It is used to automatically create timestamped commits for every push to the default branch of a repository. This can be useful for a number of reasons.","archived":false,"fork":false,"pushed_at":"2024-11-29T16:25:16.000Z","size":25,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-13T10:25:18.092Z","etag":null,"topics":["data-integrity","gitlab","gitlab-file-hook","gpg","python","server-side","timestamping"],"latest_commit_sha":null,"homepage":"https://gitlab.com/dlr-pa/file_hook_server_timestamping","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dlr-pa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-11-29T08:19:07.000Z","updated_at":"2024-11-29T16:16:34.000Z","dependencies_parsed_at":"2024-11-30T02:54:03.571Z","dependency_job_id":null,"html_url":"https://github.com/dlr-pa/file_hook_server_timestamping","commit_stats":null,"previous_names":["dlr-pa/file_hook_server_timestamping"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/dlr-pa/file_hook_server_timestamping","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlr-pa%2Ffile_hook_server_timestamping","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlr-pa%2Ffile_hook_server_timestamping/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlr-pa%2Ffile_hook_server_timestamping/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlr-pa%2Ffile_hook_server_timestamping/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dlr-pa","download_url":"https://codeload.github.com/dlr-pa/file_hook_server_timestamping/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlr-pa%2Ffile_hook_server_timestamping/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32454118,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T22:27:22.272Z","status":"online","status_checked_at":"2026-04-30T02:00:05.929Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["data-integrity","gitlab","gitlab-file-hook","gpg","python","server-side","timestamping"],"created_at":"2024-11-29T21:07:19.465Z","updated_at":"2026-04-30T03:35:38.251Z","avatar_url":"https://github.com/dlr-pa.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"---\nauthor: Daniel Mohr\ndate: 2024-11-29\nlicense: BSD-3-Clause\nhome: https://gitlab.com/dlr-pa/file_hook_server_timestamping\nmirror: https://github.com/dlr-pa/file_hook_server_timestamping\ndoi: 10.5281/zenodo.14234977\n---\n\n# file hook server timestamping\n\n## general information\n\nThis script, `file_hook_server_timestamping.py`, enables the automatic\ncreation of timestamped commits for a GitLab repository. Each time a push is\nmade to the default branch, the script creates an empty commit with a\ntimestamp that marks the time of the push event. This can be useful for a\nnumber of purposes, including auditing, tracking changes to the repository,\nand ensuring the integrity and authenticity of the data.\n\nCryptographic timestamping on the server prevents silent changes to the\nhistory, whether by a user or otherwise. The cryptographic signature\nrepresents the time at which the data reaches the server, and subsequent\nchanges to the history are not possible without the private GPG key stored\non the server. This provides an additional layer of security to ensure the\nintegrity and authenticity of the data.\n\nThe script uses GPG keys to sign commits, which helps to ensure the\nauthenticity and integrity of the timestamps. It can be easily customized\nthrough a configuration file and can be used on a single GitLab instance.\n\nIn addition to being used in a standalone GitLab environment, this script\ncould also be used inside the riaf environment based on GitLab, as mentioned\nin [doi.org/10.5281/zenodo.13987885](https://doi.org/10.5281/zenodo.13987885).\n\n## introduction and overview\n\n`file_hook_server_timestamping.py` is a\n[file hook](https://docs.gitlab.com/ee/administration/file_hooks.html)\nfor a [GitLab](https://docs.gitlab.com/) instance. It is used to automatically\ncreate timestamped commits for every push to the default branch of a\nrepository. This can be useful for a number of reasons, including:\n\n* **tracking changes:** By creating a timestamped commit for every push,\n  it is easy to see when changes were made to the repository and who made them.\n* **ensuring the integrity of the data:** Timestamped commits provide an\n  additional layer of security, as they make it difficult for anyone to\n  silently alter the history of the repository.\n* **auditing:** In certain industries, it may be necessary to keep detailed\n  records of all changes to a repository. Timestamped commits can help meet\n  these requirements.\n\nThe script uses GPG keys to sign commits, which adds an additional layer of\nsecurity and helps ensure the authenticity of the commits. It can be easily\ncustomized through a configuration file, which is located at\n\"$HOME/.file\\_hook\\_server\\_timestamping.cfg\" by default.\n\nTo use the script, simply install it and optionally configure it with your\nGPG key and other settings. The script will then run automatically on every\npush to the default branch, creating a timestamped, signed commit in the\n\"server\\_timestamping\" branch.\n\nFor more information on how to install and configure the script, as well as\nadditional details, please see the following sections.\n\n## installation\n\nSometimes gpg cannot create `/var/opt/gitlab/.gnupg` due to permissions.\nWorkaround:\n\n```sh\ninstall --directory --group=git --owner=git --mode=700 /var/opt/gitlab/.gnupg\n```\n\nSometimes `/var/opt/gitlab/` is owned by root and the configuration files cannot\nbe created due to permissions.\nWorkaround:\n\n```sh\ntouch /var/opt/gitlab/.file_hook_server_timestamping_gpgkey.cfg\nchown git:git /var/opt/gitlab/.file_hook_server_timestamping_gpgkey.cfg\nchmod 640 /var/opt/gitlab/.file_hook_server_timestamping_gpgkey.cfg\n```\n\nAnd finally you have to install the script, e. g.:\n\n```sh\ninstall --group=git --owner=git --mode=700 file_hook_server_timestamping.py /opt/gitlab/embedded/service/gitlab-rails/file_hooks/file_hook_server_timestamping.py\n```\n\nOn first run the script will create a GPG key. Otherwise you can do this on\nyour own and provide the key in the configuration file -- see next subsection.\n\n## configuration\n\nIf you provide a configuration file `~/.file_hook_server_timestamping.cfg` this\nwill be used.\nAn example configuration file is given as\n[`example_config.cfg`](example_config.cfg).\n\nThe configuration file consists of two sections:\n\n* **`logging`:** This section is used to configure the logger.\n  It includes the following options:\n      - `name`: The name of the logger.\n      - `filename`: The name of the log file. If this option is not set,\n                    no file logging will be done.\n      - `do_console_logging`: Whether or not to log to the console/stdout.\n      - `log_level`: The logging level. Possible values are\n                     \"debug\", \"info\", \"warning\", \"error\", and \"critical\".\n* **`server_timestamping`:** This section is used to configure the server\n  timestamping feature. It includes the following options:\n      - `branch_name`: The name of the branch in which the server\n                       timestamping commits will be created.\n      - `gpgkey`: The name of the GPG key to use for signing commits.\n                  If this option is not set, the script will create a new\n                  GPG key and store the name in another configuration file,\n                  `$HOME/.file_hook_server_timestamping_gpgkey.cfg`.\n                  However, if a value is set for this option, it will\n                  overwrite the configuration in the other file.\n\nHint: Sometimes `/var/opt/gitlab/` is owned by root.\nWorkaround:\n\n```sh\ntouch /var/opt/gitlab/.file_hook_server_timestamping.cfg\nchown git:git /var/opt/gitlab/.file_hook_server_timestamping.cfg\nchmod 640 /var/opt/gitlab/.file_hook_server_timestamping.cfg\n```\n\nOr you can directly install the `example_config.cfg` and edit it afterwards:\n\n```sh\ninstall --group=git --owner=git --mode=640 example_config.cfg /var/opt/gitlab/.file_hook_server_timestamping.cfg\n```\n\nTypically in the configuration\n`/var/opt/gitlab/.file_hook_server_timestamping_gpgkey.cfg` the GPG key to use\nis described. But you can also overwrite this in the configuration\n`/var/opt/gitlab/.file_hook_server_timestamping.cfg`.\nSee example configuration [`example_config.cfg`](example_config.cfg) for\npossible values and a short description.\n\n## limitation and hints\n\n`file_hook_server_timestamping.py` works only on a single note GitLab instance.\n\n[GitLab UI signing commits](https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html#configure-commit-signing-for-gitlab-ui-commits)\nis not comparable. It only signs commits done by using the web interface.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdlr-pa%2Ffile_hook_server_timestamping","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdlr-pa%2Ffile_hook_server_timestamping","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdlr-pa%2Ffile_hook_server_timestamping/lists"}