Support git commit signing using OpenPGP #1544
Conversation
|
Will attend to the failures in CI within the next days. |
|
waiting for this feature ready |
|
Looking into the CI errors again now. |
hendrikmaus
force-pushed
the
gpg-commit-signing
branch
from
d99f30d to
6aefadd
Compare
|
🆗 ✅ The previous error was caused by a doctest I added. The other unit tests prepare their environment, the doctest does not. Since I added it as documentation only, I deactivated the doctest and the CI run in my fork was good now: https://github.com/hendrikmaus/gitui/actions/runs/4221076989 @extrawurst if you'd approve another CI run here, thanks. |
|
Hey just checking the status of this PR? |
|
Both would be appreciated, thank you. |
hendrikmaus
force-pushed
the
gpg-commit-signing
branch
from
850cfdc to
1b8f8f8
Compare
|
Tested it on macOS. Authoring commits works fine, but some simple operations like amending & rewording the last commit don't work. I've created a PR with workarounds: hendrikmaus#1. |
|
👋 hello! Any movement on this by chance? Thanks! |
I‘m also waiting for this feature |
|
Haven’t had time to continue, but will do so in the beginning of Will tackle these:
|
|
Hey, how's the progress on this? :) |
|
Can someone test a current build on a Windows environment? I'd appreciate that. |
|
To test this, would we need to download this PR's code, compile, and run? Or is there some auto-generated binary for testing I should download somewhere? |
|
At this point there are no pre-compiled binaries. So you have to download and compile it. |
|
I compiled it with PS: I don't have experience in working with Rust.
|
|
I reckon you compiled the master branch as that is the error that was shown before this initiative started. |
|
works like a charm on ventura👌 just want this pr to be merged as soon as possible 
|
maybe install with command below? cargo install --git https://github.com/hendrikmaus/gitui --branch gpg-commit-signing |
|
@hendrikmaus works for me on windows 11 (built with rust using MSVC toolchain, GnuPG as program for signing)
|
|
Thank you for the feedback, that is good news. |
|
@extrawurst re configuration. As we were talking about this the other day, did you take another look at the available approaches? I.e. .gitconfig file versus the gitui options? |
|
Well, I installed it from the git repo and it definitely tries to sign now. However, I'm using my ssh key to sign rather than a gpg key and it says that's unsupported. Would this capability be difficult to add? |
|
Ah, thanks. |
I think it would be feasible to pass a new optional struct with the signing options down into the The I would propose something like |
|
Any updates on this? |
|
I’ll have a look and verify that. |
hendrikmaus
force-pushed
the
gpg-commit-signing
branch
from
bf81abd to
b15c864
Compare
|
Did not mean to close this. Was updating the PR. |
|
ok lets reopen :) 
|
these will be tracked in another issue
…signing * 'master' of github.com:extrawurst/gitui: (52 commits) Git Config Commit Comments (extrawurst#2145) update changelog for 0.25.2 fix another github action warning upgrade version prepare release preapre for release changelog fixes tag annotation being broken in 0.25 (extrawurst#2139) update changelog fix: 2114 Bump backtrace from 0.3.69 to 0.3.70 Fixed: - Cargo clippy errors cargo updates cargo update todo update changelog fix: index out of bounds when blaming a file ending with a blank line (extrawurst#2130) Bump bitflags from 2.4.2 to 2.5.0 Bump clap from 4.5.2 to 4.5.3 fix chrono deprecations ...
|
We're back ;) |
|
Removed the testing files, as discussed, and will track them in a new issue later. Now taking a look at the ssh signing PR to see if it could easily be refactored to use the |
|
The steps should roughly be:
|
|
According to git's documentation, commits are encouraged to be UTF-8, but any encoding can be used. So the raw bytes of the commit buffer should be signed rather than converting it to UTF-8 first. Will implement the change in the |
|
Done. |
|
@extrawurst if you would approve the CI run, this is ready to be merged. |
asyncgit/src/sync/commit.rs
Outdated
| let sign = SignBuilder::from_gitconfig(&repo, &config)?; | ||
| let signed_commit = sign.sign(&buffer)?; | ||
| let commit_id = | ||
| repo.commit_signed(commit, &signed_commit, None)?; |
There was a problem hiding this comment.
if we want to support more than just gpg the third parameter signature_field needs to take something out of sign which in this case has to be gpgsig but something else for ssh
There was a problem hiding this comment.
if we want to support more than just gpg the third parameter
signature_fieldneeds to take something out ofsignwhich in this case has to begpgsigbut something else for ssh
I very much wish for ssh signing. I don't PGP/GPG but i ssh all the time.
There was a problem hiding this comment.
Fixed.
@damccull this one only adds openpgp; there is another PR that wants to add ssh signing. @extrawurst wants them to adopt the Sign trait once this one here is merged though.
|
another followup: this does not sign tags |
|
wohooooo its merged! @hendrikmaus thanks for sticking with this through the end. could you please write an issue with the way you planned to do actual testing of this in CI via docker? also ideally pointing to the commits you reverted as inspiration, so that someone can take that up! |
@extrawurst correct. it tags a signed commit just fine, but the tag itself isn't signed due to that. The way git signs tags is different from how it is done for commits. I will open an issue with git2-rs to see if there is more information on it since I cannot seem to find anything in the docs that hints how to sign a tag. I prepped the trait to differ between signing commits and tags, but I won't provide an implementation for tags with this PR. |
* Support git commit signing using OpenPGP * workaround for amending signed commits * workaround for rewording signed commits * support signing initial commit * return both signature and signature_field value from sign --------- Co-authored-by: Utkarsh Gupta <utkarshgupta137@gmail.com>
This Pull Request fixes/closes #97.
It changes the following:
SignSignforgpgcommit signing via shelloutgitui.signing_methodsI followed the checklist:
make checkwithout errorsTodo:
DocumentationDraft an isolated integration test running in a containerDraft an isolated integration test running in a container
Since shellouts call out to actual system binaries, @extrawurst and I came up with the idea to create a test that runs in the isolation of a container. Inside of that environment, it could generate a GPG key and do an actual commit to verify the signature was created as expected.
Update: will be tracked in a follow-up issue.