Add support for signed commits #616
Conversation
plumbing/object/commit.go
Outdated
| @@ -28,6 +33,8 @@ type Commit struct { | |||
| // Committer is the one performing the commit, might be different from | |||
| // Author. | |||
| Committer Signature | |||
| // GPGSignature is the GPG signature of the commit. | |||
| GPGSignature string | |||
There was a problem hiding this comment.
Maybe this should be renamed to PGPSignature?
plumbing/object/commit.go
Outdated
| @@ -145,12 +152,33 @@ func (c *Commit) Decode(o plumbing.EncodedObject) (err error) { | |||
| r := bufio.NewReader(reader) | |||
|
|
|||
| var message bool | |||
| var gpgsig bool | |||
There was a problem hiding this comment.
Maybe rename to pgpsig?
plumbing/object/commit.go
Outdated
| if gpgsig { | ||
| // Check if it's the end of a PGP signature. | ||
| if bytes.Contains(line, []byte(endpgp)) { | ||
| c.GPGSignature += string(endpgp) + "\n" |
There was a problem hiding this comment.
I don't think you need the cast to string here
plumbing/object/commit.go
Outdated
| gpgsig = false | ||
| } else { | ||
| // Trim the left padding. | ||
| line = bytes.TrimLeft(line, " ") |
There was a problem hiding this comment.
Is there a reason we need to Trim the padding? I notice that we add padding back in when we format the Commit. Will this be necessary for handing the signature into another routine that does the verification of the signature?
There was a problem hiding this comment.
The padding is just git's way of presenting it. The public key block at https://www.gnupg.org/signature_key.html shows it without any left padding. So I thought that's how they are actually stored as a single signature. And yes, I thought it would be easier to perform signature verification in the future, without any need to trim the padding.
plumbing/object/commit.go
Outdated
| @@ -215,6 +243,21 @@ func (b *Commit) Encode(o plumbing.EncodedObject) error { | |||
| return err | |||
| } | |||
|
|
|||
| if b.GPGSignature != "" { | |||
| if _, err = fmt.Fprint(w, "gpgsig"); err != nil { | |||
There was a problem hiding this comment.
Maybe we should try to mimic the original format of the commit content here (i.e. don't print this gpgsig field that didn't exist in the original commit, just print the signature at the end of the commit comment).
If we do leave this in we should probably rename to pgpsig anyways.
There was a problem hiding this comment.
Looking at the blob (git cat-file -p) of a commit with signature, I don't think printing the signature at the end of commit comment would be good. The signature is not needed all the time but only when we want to verify. So, I would say we leave it with its own field. And yes, pgpsig, which doesn't matters much because we are using the header and footer of signature to detect them 😊
This change adds `GPGSignature` field to `Commit` object. This is used to store the signature of the commit, if any.
Codecov Report
@@ Coverage Diff @@
## master #616 +/- ##
==========================================
- Coverage 78.26% 77.69% -0.58%
==========================================
Files 130 130
Lines 10197 10217 +20
==========================================
- Hits 7981 7938 -43
- Misses 1356 1430 +74
+ Partials 860 849 -11
Continue to review full report at Codecov.
|
This change adds
PGPSignaturefield toCommitobject. This is usedto store the signature of the commit, if any.
Related to #605
fixes #524