basic ssh signing too

2025-01-04 07:25:44 +03:00 · 2024-05-14 10:08:22 +02:00 · 2024-05-14 10:08:22 +02:00 · f106bfa246
commit f106bfa246
parent b17ab37a01
2 changed files with 81 additions and 32 deletions
--- a/crates/gitbutler-core/Cargo.toml
+++ b/crates/gitbutler-core/Cargo.toml
@ -8,7 +8,6 @@ publish = false
 [dev-dependencies]
 once_cell = "1.19"
 pretty_assertions = "1.4"
-tempfile = "3.10"
 gitbutler-testsupport.workspace = true
 gitbutler-git = { workspace = true, features = ["test-askpass-path"] }

@ -47,6 +46,7 @@ ssh-key = { version = "0.6.6", features = [ "alloc", "ed25519" ] }
 ssh2 = { version = "0.9.4", features = ["vendored-openssl"] }
 strum = { version = "0.26", features = ["derive"] }
 log = "^0.4"
+tempfile = "3.10"
 thiserror.workspace = true
 tokio = { workspace = true, features = ["rt-multi-thread", "rt", "macros"] }
 tracing = "0.1.40"
--- a/crates/gitbutler-core/src/git/repository.rs
+++ b/crates/gitbutler-core/src/git/repository.rs
@ -284,6 +284,54 @@ impl Repository {
            let signing_key = self.0.config()?.get_string("user.signingkey");
            if let Ok(signing_key) = signing_key {
                dbg!(&signing_key);
+
+                let sign_format = self.0.config()?.get_string("gpg.format");
+                let is_ssh = if let Ok(sign_format) = sign_format {
+                    sign_format == "ssh"
+                } else {
+                    false
+                };
+
+                // todo: support gpg.program
+
+                if is_ssh {
+                    // is ssh
+
+                    // write commit data to a temp file so we can sign it
+                    let mut signature_storage = tempfile::NamedTempFile::new()?;
+                    signature_storage.write_all(buffer.as_ref())?;
+                    let signed_storage = signature_storage.into_temp_path();
+
+                    let mut cmd = std::process::Command::new("ssh-keygen");
+                    cmd.args(["-Y", "sign", "-n", "git", "-f"])
+                        .arg(&signing_key)
+                        .arg(&signed_storage)
+                        .stdout(Stdio::piped());
+
+                    // todo: support literal ssh key
+                    // strvec_push(&signer.args, "-U");
+
+                    let child = cmd.spawn()?;
+                    let output = child.wait_with_output()?;
+                    if output.status.success() {
+                        // read signed_storage path plus .sig
+                        let signature_path = signed_storage.with_extension("sig");
+                        let sig_data = std::fs::read(signature_path)?;
+                        let signature = String::from_utf8_lossy(&sig_data);
+                        dbg!(&signature);
+                        let oid = self
+                            .0
+                            .commit_signed(&buffer, &signature, None)
+                            .map(Into::into)
+                            .map_err(Into::into);
+                        dbg!(&oid);
+                        return oid;
+                    } else {
+                        let stderr = String::from_utf8_lossy(&output.stderr);
+                        dbg!(stderr);
+                    }
+                } else {
+                    // is gpg
                    let mut cmd = std::process::Command::new("gpg");
                    cmd.args(["--status-fd=2", "-bsau", &signing_key])
                        //.arg(&signed_storage)
@ -315,6 +363,7 @@ impl Repository {
                    }
                }
            }
+        }

        let oid = self
            .0