Adding Signature History Support

[benbernard]

This is in reference to #300

I am very inexperienced with ruby, so I've probably done some strange / wrong things here, would love your feedback on anything like that.

I also haven't written tests yet. I wanted to get this up here and gather any feedback on the approach, and I have a couple of questions

1. Should I remove the .git/config based stuff all together? I considered doing this, but decided not to in the thought that keeping it in place meant that I could basically guarantee that we weren't affecting performance very much.
2. I couldn't find any tests for the configuration stuff, which seems to have been duplicated from hook_signer (well one was duplicated from the other at least). Did I just miss those? I assume I should write some if they don't already exist
3. Feedback on writing tests? I was thinking: Check that if you sign a new signature and then return to an old signature, that it doesn't think the configuration has changed. I wasn't necessarily going to peak into the files for the tests, but rather just test the class interface.
4. What is your commit / merging style? I normally commit a lot, but am happy to squash down to one commit if that is what you folks want

Obviously, not ready to merge, and just looking for feedback here.

[sds]

Thanks for the pull request, @benbernard!

Overall this looks good–I've left some comments inline.

To answer your higher-level questions:

1. Let's keep the signature in .git/config for now since it provides backwards compatibility (user's existing signatures will continue to work without issue). We'll remove it in a future version.
2. By tests for the "configuration stuff" I assume you mean some of the signing logic in the Configuration class? We didn't have any unit tests, no. We were relying on this integration spec to test hook signing. If you add an appropriate test there we will be happy, but would of course love to have some unit tests if you're up for it.
3. See 2.
4. Logical or atomic commits are ideal, so stick with what you're currently doing. Ideally we have commits that don't fail on their own (so you can git bisect), but this isn't rigorously followed all the time in this repository.

[sds]

directoy -> directory

[sds]

Can you elaborate on why setting the signature history is dependent on whether the signature_directory configuration option is set? It seems like we should respect signature_history regardless.

[sds]

The parentheses here seem odd. Let's just do:

File.readlines(history_file).first(@config.signature_history - 1)

[sds]

Let's end this with ? for consistency with other boolean-returning methods.

Same with has_history_file below.

[sds]

What is this comment referring to?

[sds]

Could simply return true here and then false at the end of this method since there doesn't seem to be a strong need for the found variable.

[sds]

Ah, I realize you might have done this because of the block, perhaps for readability. Keep it if you like.

[sds]

Can you elaborate on why allowing this to be customized is useful? I'm fearful of an overzealous user changing this to a directory of files which are tracked by their Git repository because it can be "helpful" to others in storing previous signatures. Of course this is problematic since now an attacker can modify said files.

I anticipate this is a highly-unlikely scenario, but I would prefer to stick to the YAGNI principle unless there's a solid reason to allow this to be customized. Curious to hear your thoughts here.

[proinsias]

Any change of an update here? I'd love to see this functionality.

[benbernard]

Haven't had a chance to get back to this, all the comments make sense, just haven't had a chance to make tests

[proinsias]

Totally understand – just showing my interest! Thanks for working on this!

[benbernard]

I'm not using overcommit anymore (haven't in years, i'm going to close this PR, if anyone wants to take this over the line, feel free