-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix op ssh signing #292
Fix op ssh signing #292
Commits on Feb 12, 2024
-
Add literal_ssh_key helper function
Add a function that returns a signing key if it is a literal value in gitconfig, or None if it's not (would be a path). This is done since with SSH signing, the user.signingKey in gitconfig can either be a path to a file with the key, or a literal key (like with gpg). See: https://git-scm.com/docs/git-config#Documentation/git-config.txt-usersigningKey #290 <!-- ps-id: 46319555-2a7b-44a4-ac17-c1e1fd8cd72b -->
Configuration menu - View commit details
-
Copy full SHA for ceded90 - Browse repository at this point
Copy the full SHA ceded90View commit details -
Handle literal ssh keys in gitconfig
Add a function to create a temp file containing a ssh key if one is supplied literally in the gitconfig. The function accepts a path, since it will be in a temp dir that we need to live long enough to complete the signing. #290 <!-- ps-id: eee809a0-baba-4965-8364-b045a3f8e8a3 -->
Configuration menu - View commit details
-
Copy full SHA for 4924632 - Browse repository at this point
Copy the full SHA 4924632View commit details -
We will use the tempfile crate to create a tempfile to be used when signing commits with SSH, so we will need to use this dependency outside of the test utils. #290 [changelog] added: tempfile crate dependency <!-- ps-id: 7bfe5444-fccf-4ed9-bca2-f451e8ad1828 -->
Configuration menu - View commit details
-
Copy full SHA for 471a7ae - Browse repository at this point
Copy the full SHA 471a7aeView commit details -
Add a function to sign the ssh string using a signing key (either a path or a literal key) and an optional program (fallback to ssh-keygen). The function will be used by the ssh signer and will replace current implementation. <!-- ps-id: 7b3f2b55-9949-4335-8f93-a754f952cd5a -->
Configuration menu - View commit details
-
Copy full SHA for 3c3e3e3 - Browse repository at this point
Copy the full SHA 3c3e3e3View commit details -
Look for namespaced signing program in git config
The program option in git config can live under [`gpg.<format>.program`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-gpgltformatgtprogram) in gitconfig, so we would need to respect that. I moved fetching the program option to inside the format option match, so we can use that to namespace the call to get the program configuration, falling back to the legacy `gpg.program` config. This small refactor is done since the ssh branch should also have an optional custom program to run (the 1Password binary for example) and we would want to follow the same general path with both methods. #290 <!-- ps-id: 10064b8f-e14f-4f9e-aa06-97b8ac5b10f0 -->
Configuration menu - View commit details
-
Copy full SHA for d87fc8d - Browse repository at this point
Copy the full SHA d87fc8dView commit details -
Reuse getting signing key config
Getting the signing key from the config should be identical no matter what the format is, so take it out of the match. This is done in a general effort to improve the readability and maintainability of this piece of code. #290 <!-- ps-id: b24c7a77-97d3-48ff-8e32-2956148724ba -->
Configuration menu - View commit details
-
Copy full SHA for 6afff9c - Browse repository at this point
Copy the full SHA 6afff9cView commit details -
Update ssh signer to use correct program
When signing commits with SSH, we need to use the program in gitconfig if specified. Otherwise, fallback to ssh-keygen. This aligns with how git proper is doing it. #290 [changelog] updated: ssh commit signing respects literal keys in config updated: ssh commit signing respects custom program updated: default ssh commit signing uses ssh-keygen <!-- ps-id: 7c04af23-f05d-43f3-91aa-8ebac634ffdf -->
Configuration menu - View commit details
-
Copy full SHA for 0361920 - Browse repository at this point
Copy the full SHA 0361920View commit details -
The ss-key dependency is no longer used, since ssh-keygen is used instead. #290 [changelog] removed: ssh-key crate dependency <!-- ps-id: 112c8505-5862-4da8-b9e4-ba0d62549997 -->
Configuration menu - View commit details
-
Copy full SHA for 936c746 - Browse repository at this point
Copy the full SHA 936c746View commit details -
Following how git does things, we will default to openpgp if the signing format is not defined in gitconfig #290 <!-- ps-id: 4e68a19d-bdc5-40f9-8e01-8dbb8d6f3b3f -->
Configuration menu - View commit details
-
Copy full SHA for 19a85af - Browse repository at this point
Copy the full SHA 19a85afView commit details