Fix op ssh signing #292
Merged
Fix op ssh signing #292
Commits on Feb 12, 2024
-
Add literal_ssh_key helper function
Add a function that returns a signing key if it is a literal value in gitconfig, or None if it's not (would be a path). This is done since with SSH signing, the user.signingKey in gitconfig can either be a path to a file with the key, or a literal key (like with gpg). See: https://git-scm.com/docs/git-config#Documentation/git-config.txt-usersigningKey #290 <!-- ps-id: 46319555-2a7b-44a4-ac17-c1e1fd8cd72b -->
-
Handle literal ssh keys in gitconfig
Add a function to create a temp file containing a ssh key if one is supplied literally in the gitconfig. The function accepts a path, since it will be in a temp dir that we need to live long enough to complete the signing. #290 <!-- ps-id: eee809a0-baba-4965-8364-b045a3f8e8a3 -->
-
We will use the tempfile crate to create a tempfile to be used when signing commits with SSH, so we will need to use this dependency outside of the test utils. #290 [changelog] added: tempfile crate dependency <!-- ps-id: 7bfe5444-fccf-4ed9-bca2-f451e8ad1828 -->
-
Add a function to sign the ssh string using a signing key (either a path or a literal key) and an optional program (fallback to ssh-keygen). The function will be used by the ssh signer and will replace current implementation. <!-- ps-id: 7b3f2b55-9949-4335-8f93-a754f952cd5a -->
-
Look for namespaced signing program in git config
The program option in git config can live under [`gpg.<format>.program`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-gpgltformatgtprogram) in gitconfig, so we would need to respect that. I moved fetching the program option to inside the format option match, so we can use that to namespace the call to get the program configuration, falling back to the legacy `gpg.program` config. This small refactor is done since the ssh branch should also have an optional custom program to run (the 1Password binary for example) and we would want to follow the same general path with both methods. #290 <!-- ps-id: 10064b8f-e14f-4f9e-aa06-97b8ac5b10f0 -->
-
Reuse getting signing key config
Getting the signing key from the config should be identical no matter what the format is, so take it out of the match. This is done in a general effort to improve the readability and maintainability of this piece of code. #290 <!-- ps-id: b24c7a77-97d3-48ff-8e32-2956148724ba -->
-
Update ssh signer to use correct program
When signing commits with SSH, we need to use the program in gitconfig if specified. Otherwise, fallback to ssh-keygen. This aligns with how git proper is doing it. #290 [changelog] updated: ssh commit signing respects literal keys in config updated: ssh commit signing respects custom program updated: default ssh commit signing uses ssh-keygen <!-- ps-id: 7c04af23-f05d-43f3-91aa-8ebac634ffdf -->
-
The ss-key dependency is no longer used, since ssh-keygen is used instead. #290 [changelog] removed: ssh-key crate dependency <!-- ps-id: 112c8505-5862-4da8-b9e4-ba0d62549997 -->
-
Following how git does things, we will default to openpgp if the signing format is not defined in gitconfig #290 <!-- ps-id: 4e68a19d-bdc5-40f9-8e01-8dbb8d6f3b3f -->
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.