mirror of
https://github.com/gitbutlerapp/gitbutler.git
synced 2025-01-01 14:04:57 +03:00
basic ssh signing too
This commit is contained in:
Scott Chacon
parent
b17ab37a01
commit
f106bfa246
@ -8,9 +8,8 @@ publish = false
|
||||
[dev-dependencies]
|
||||
once_cell = "1.19"
|
||||
pretty_assertions = "1.4"
|
||||
tempfile = "3.10"
|
||||
gitbutler-testsupport.workspace = true
|
||||
gitbutler-git = { workspace = true, features = ["test-askpass-path" ]}
|
||||
gitbutler-git = { workspace = true, features = ["test-askpass-path"] }
|
||||
|
||||
[dependencies]
|
||||
toml = "0.8.12"
|
||||
@ -33,22 +32,23 @@ hex = "0.4.3"
|
||||
r2d2 = "0.8.10"
|
||||
r2d2_sqlite = "0.22.0"
|
||||
rand = "0.8.5"
|
||||
refinery = { version = "0.8", features = [ "rusqlite" ] }
|
||||
refinery = { version = "0.8", features = ["rusqlite"] }
|
||||
regex = "1.10"
|
||||
reqwest = { version = "0.12.4", features = ["json"] }
|
||||
resolve-path = "0.1.0"
|
||||
rusqlite.workspace = true
|
||||
serde.workspace = true
|
||||
serde_json = { version = "1.0", features = [ "std", "arbitrary_precision" ] }
|
||||
serde_json = { version = "1.0", features = ["std", "arbitrary_precision"] }
|
||||
sha2 = "0.10.8"
|
||||
similar = { version = "2.5.0", features = ["unicode"] }
|
||||
slug = "0.1.5"
|
||||
ssh-key = { version = "0.6.6", features = [ "alloc", "ed25519" ] }
|
||||
ssh-key = { version = "0.6.6", features = ["alloc", "ed25519"] }
|
||||
ssh2 = { version = "0.9.4", features = ["vendored-openssl"] }
|
||||
strum = { version = "0.26", features = ["derive"] }
|
||||
log = "^0.4"
|
||||
tempfile = "3.10"
|
||||
thiserror.workspace = true
|
||||
tokio = { workspace = true, features = [ "rt-multi-thread", "rt", "macros" ] }
|
||||
tokio = { workspace = true, features = ["rt-multi-thread", "rt", "macros"] }
|
||||
tracing = "0.1.40"
|
||||
url = { version = "2.5", features = ["serde"] }
|
||||
urlencoding = "2.1.3"
|
||||
|
||||
@ -284,34 +284,83 @@ impl Repository {
|
||||
let signing_key = self.0.config()?.get_string("user.signingkey");
|
||||
if let Ok(signing_key) = signing_key {
|
||||
dbg!(&signing_key);
|
||||
let mut cmd = std::process::Command::new("gpg");
|
||||
cmd.args(["--status-fd=2", "-bsau", &signing_key])
|
||||
//.arg(&signed_storage)
|
||||
.arg("-")
|
||||
.stdout(Stdio::piped())
|
||||
.stdin(Stdio::piped());
|
||||
|
||||
let mut child = cmd.spawn()?;
|
||||
child
|
||||
.stdin
|
||||
.take()
|
||||
.expect("configured")
|
||||
.write_all(buffer.to_string().as_ref())?;
|
||||
|
||||
let output = child.wait_with_output()?;
|
||||
if output.status.success() {
|
||||
// read stdout
|
||||
let signature = String::from_utf8_lossy(&output.stdout);
|
||||
dbg!(&signature);
|
||||
let oid = self
|
||||
.0
|
||||
.commit_signed(&buffer, &signature, None)
|
||||
.map(Into::into)
|
||||
.map_err(Into::into);
|
||||
return oid;
|
||||
let sign_format = self.0.config()?.get_string("gpg.format");
|
||||
let is_ssh = if let Ok(sign_format) = sign_format {
|
||||
sign_format == "ssh"
|
||||
} else {
|
||||
let stderr = String::from_utf8_lossy(&output.stderr);
|
||||
dbg!(stderr);
|
||||
false
|
||||
};
|
||||
|
||||
// todo: support gpg.program
|
||||
|
||||
if is_ssh {
|
||||
// is ssh
|
||||
|
||||
// write commit data to a temp file so we can sign it
|
||||
let mut signature_storage = tempfile::NamedTempFile::new()?;
|
||||
signature_storage.write_all(buffer.as_ref())?;
|
||||
let signed_storage = signature_storage.into_temp_path();
|
||||
|
||||
let mut cmd = std::process::Command::new("ssh-keygen");
|
||||
cmd.args(["-Y", "sign", "-n", "git", "-f"])
|
||||
.arg(&signing_key)
|
||||
.arg(&signed_storage)
|
||||
.stdout(Stdio::piped());
|
||||
|
||||
// todo: support literal ssh key
|
||||
// strvec_push(&signer.args, "-U");
|
||||
|
||||
let child = cmd.spawn()?;
|
||||
let output = child.wait_with_output()?;
|
||||
if output.status.success() {
|
||||
// read signed_storage path plus .sig
|
||||
let signature_path = signed_storage.with_extension("sig");
|
||||
let sig_data = std::fs::read(signature_path)?;
|
||||
let signature = String::from_utf8_lossy(&sig_data);
|
||||
dbg!(&signature);
|
||||
let oid = self
|
||||
.0
|
||||
.commit_signed(&buffer, &signature, None)
|
||||
.map(Into::into)
|
||||
.map_err(Into::into);
|
||||
dbg!(&oid);
|
||||
return oid;
|
||||
} else {
|
||||
let stderr = String::from_utf8_lossy(&output.stderr);
|
||||
dbg!(stderr);
|
||||
}
|
||||
} else {
|
||||
// is gpg
|
||||
let mut cmd = std::process::Command::new("gpg");
|
||||
cmd.args(["--status-fd=2", "-bsau", &signing_key])
|
||||
//.arg(&signed_storage)
|
||||
.arg("-")
|
||||
.stdout(Stdio::piped())
|
||||
.stdin(Stdio::piped());
|
||||
|
||||
let mut child = cmd.spawn()?;
|
||||
child
|
||||
.stdin
|
||||
.take()
|
||||
.expect("configured")
|
||||
.write_all(buffer.to_string().as_ref())?;
|
||||
|
||||
let output = child.wait_with_output()?;
|
||||
if output.status.success() {
|
||||
// read stdout
|
||||
let signature = String::from_utf8_lossy(&output.stdout);
|
||||
dbg!(&signature);
|
||||
let oid = self
|
||||
.0
|
||||
.commit_signed(&buffer, &signature, None)
|
||||
.map(Into::into)
|
||||
.map_err(Into::into);
|
||||
return oid;
|
||||
} else {
|
||||
let stderr = String::from_utf8_lossy(&output.stderr);
|
||||
dbg!(stderr);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user