NotificationsYou must be signed in to change notification settings
Fork868
Star7.1k

Commite1bb0e2

committed

git: worktree_commit, Add crypto.Signer option to CommitOptions.

This change adds a new crypto.Signer option to CommitOptions as analternative to SignKey to allow alternative commit signers to be used.This change byitself does not add other signing methods (e.g. ssh,x509, gitsign), but gives callers the ability to add their own.This roughly follows git's sign_buffer approach where go-git handles thecommit message body encoding, and hands off the encoded []byte to the signingimplementation for the signature to be returned.Signed-off-by: Billy Lynch <billy@chainguard.dev>

1 parenta6e934f commite1bb0e2Copy full SHA for e1bb0e2

File tree

3 files changed

+48

-11

lines changed

3 files changed

+48

-11

lines changed

`‎options.go‎`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`package git`
`2`	`2`
`3`	`3`	`import (`
	`4`	`+"crypto"`
`4`	`5`	`"errors"`
`5`	`6`	`"fmt"`
`6`	`7`	`"regexp"`
`@@ -507,6 +508,10 @@ type CommitOptions struct {`
`507`	`508`	`// commit will not be signed. The private key must be present and already`
`508`	`509`	`// decrypted.`
`509`	`510`	`SignKey*openpgp.Entity`
	`511`	`+// Signer denotes a cryptographic signer to sign the commit with.`
	`512`	`+// A nil value here means the commit will not be signed.`
	`513`	`+// Takes precedence over SignKey.`
	`514`	`+Signer crypto.Signer`
`510`	`515`	`// Amend will create a new commit object and replace the commit that HEAD currently`
`511`	`516`	`// points to. Cannot be used with All nor Parents.`
`512`	`517`	`Amendbool`

`‎worktree_commit.go‎`

Lines changed: 43 additions & 10 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,10 @@ package git`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"bytes"`
	`5`	`+"crypto"`
	`6`	`+"crypto/rand"`
`5`	`7`	`"errors"`
	`8`	`+"io"`
`6`	`9`	`"path"`
`7`	`10`	`"sort"`
`8`	`11`	`"strings"`
`@@ -14,6 +17,7 @@ import (`
`14`	`17`	`"github.com/go-git/go-git/v5/storage"`
`15`	`18`
`16`	`19`	`"github.com/ProtonMail/go-crypto/openpgp"`
	`20`	`+"github.com/ProtonMail/go-crypto/openpgp/packet"`
`17`	`21`	`"github.com/go-git/go-billy/v5"`
`18`	`22`	`)`
`19`	`23`
`@@ -125,12 +129,17 @@ func (w Worktree) buildCommitObject(msg string, opts CommitOptions, tree plumb`
`125`	`129`	`ParentHashes:opts.Parents,`
`126`	`130`	`}`
`127`	`131`
`128`		`-ifopts.SignKey!=nil {`
`129`		`-sig,err:=w.buildCommitSignature(commit,opts.SignKey)`
	`132`	`+// Convert SignKey into a Signer if set. Existing Signer should take priority.`
	`133`	`+signer:=opts.Signer`
	`134`	`+ifsigner==nil&&opts.SignKey!=nil {`
	`135`	`+signer=&gpgSigner{key:opts.SignKey}`
	`136`	`+}`
	`137`	`+ifsigner!=nil {`
	`138`	`+sig,err:=w.buildCommitSignature(commit,signer)`
`130`	`139`	`iferr!=nil {`
`131`	`140`	`returnplumbing.ZeroHash,err`
`132`	`141`	`}`
`133`		`-commit.PGPSignature=sig`
	`142`	`+commit.PGPSignature=string(sig)`
`134`	`143`	`}`
`135`	`144`
`136`	`145`	`obj:=w.r.Storer.NewEncodedObject()`
`@@ -140,20 +149,44 @@ func (w Worktree) buildCommitObject(msg string, opts CommitOptions, tree plumb`
`140`	`149`	`returnw.r.Storer.SetEncodedObject(obj)`
`141`	`150`	`}`
`142`	`151`
`143`		`-func (wWorktree)buildCommitSignature(commitobject.Commit,signKey*openpgp.Entity) (string,error) {`
	`152`	`+typegpgSignerstruct {`
	`153`	`+key*openpgp.Entity`
	`154`	`+}`
	`155`	`+`
	`156`	`+func (s*gpgSigner)Public() crypto.PublicKey {`
	`157`	`+returns.key.PrimaryKey`
	`158`	`+}`
	`159`	`+`
	`160`	`+func (s*gpgSigner)Sign(rand io.Reader,digest []byte,opts crypto.SignerOpts) ([]byte,error) {`
	`161`	`+varcfg*packet.Config`
	`162`	`+ifopts!=nil {`
	`163`	`+cfg=&packet.Config{`
	`164`	`+DefaultHash:opts.HashFunc(),`
	`165`	`+}`
	`166`	`+}`
	`167`	`+`
	`168`	`+varb bytes.Buffer`
	`169`	`+iferr:=openpgp.ArmoredDetachSign(&b,s.key,bytes.NewReader(digest),cfg);err!=nil {`
	`170`	`+returnnil,err`
	`171`	`+}`
	`172`	`+returnb.Bytes(),nil`
	`173`	`+}`
	`174`	`+`
	`175`	`+func (wWorktree)buildCommitSignature(commitobject.Commit,signer crypto.Signer) ([]byte,error) {`
`144`	`176`	`encoded:=&plumbing.MemoryObject{}`
`145`	`177`	`iferr:=commit.Encode(encoded);err!=nil {`
`146`		`-return"",err`
	`178`	`+returnnil,err`
`147`	`179`	`}`
`148`	`180`	`r,err:=encoded.Reader()`
`149`	`181`	`iferr!=nil {`
`150`		`-return"",err`
	`182`	`+returnnil,err`
`151`	`183`	`}`
`152`		`-varb bytes.Buffer`
`153`		`-iferr:=openpgp.ArmoredDetachSign(&b,signKey,r,nil);err!=nil {`
`154`		`-return"",err`
	`184`	`+b,err:=io.ReadAll(r)`
	`185`	`+iferr!=nil {`
	`186`	`+returnnil,err`
`155`	`187`	`}`
`156`		`-returnb.String(),nil`
	`188`	`+`
	`189`	`+returnsigner.Sign(rand.Reader,b,nil)`
`157`	`190`	`}`
`158`	`191`
`159`	`192`	`// buildTreeHelper converts a given index.Index file into multiple git objects`

`‎worktree_commit_test.go‎`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,6 @@ func (s WorktreeSuite) TestCommitAmend(c C) {`
`131`	`131`	`_,err=w.Commit("foo\n",&CommitOptions{Author:defaultSignature()})`
`132`	`132`	`c.Assert(err,IsNil)`
`133`	`133`
`134`		`-`
`135`	`134`	`amendedHash,err:=w.Commit("bar\n",&CommitOptions{Amend:true})`
`136`	`135`	`c.Assert(err,IsNil)`
`137`	`136`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite1bb0e2

File tree

3 files changed

3 files changed

`‎options.go‎`

`‎worktree_commit.go‎`

`‎worktree_commit_test.go‎`

0 commit comments