Use go-git program signer for custom checkpoint signing

[pjbgf]

https://entire.io/gh/entireio/cli/trails/308

Custom Git signing programs were previously treated as unsupported for checkpoint commits, so configurations like gpg.ssh.program=op-ssh-sign caused Entire to skip signing and leave checkpoint commits unsigned.

Replace that skip path with github.com/go-git/x/plugin/objectsigner/program so custom signing programs are invoked using Git-compatible conventions. The loader now checks raw system and global Git config in precedence order, because go-git's typed config merge does not preserve Raw config entries. It supports format-specific gpg..program values, legacy OpenPGP gpg.program, and falls back to the native auto signer when no custom program is configured.

Move the active checkpoint signer loader into checkpoint/objectsigner.go and remove the unused root-level RegisterObjectSigner path, which had no call sites. Add tests for custom SSH/OpenPGP/X509 program detection, default-program handling, config precedence, and creating a custom program signer.

---

Note

Medium Risk
Changes the commit-signing path for checkpoint commits and adds execution of external signing programs based on git config, which could affect signing behavior across environments.

Overview
Checkpoint commit signing now supports custom git signing programs (e.g. gpg.ssh.program, gpg.<format>.program, legacy gpg.program) by creating a signer via github.com/go-git/x/plugin/objectsigner/program instead of skipping signing when non-default programs are configured.

The signer loader logic is moved into checkpoint/objectsigner.go, updated to resolve program settings from raw system+global git config with correct precedence, and falls back to the existing go-git auto signer when no custom program is configured; the unused root-level RegisterObjectSigner implementation and its tests are removed. Adds focused unit tests covering program detection, default handling, scope precedence, and custom-signer creation, and updates go.mod/go.sum for the new dependency.

^{Reviewed by Cursor Bugbot for commit d41d4f7. Configure here.}

[Copilot]

Pull request overview

This PR updates Entire’s checkpoint commit signing to support Git’s gpg.<format>.program (and legacy gpg.program) by using go-git’s program-based object signer, instead of treating custom signing programs as unsupported and silently skipping signing.

Changes:

• Add support for invoking custom signing programs via github.com/go-git/x/plugin/objectsigner/program with Git-compatible config precedence (system → global).
• Move checkpoint signer loading logic into cmd/entire/cli/checkpoint/objectsigner.go and remove the unused root-level object signer registration path.
• Add tests covering custom program detection (SSH/OpenPGP/X509), default-program handling, config precedence, and custom program signer creation.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
go.mod	Adds dependency on go-git program object signer plugin.
go.sum	Records checksums for the new program signer dependency.
cmd/entire/cli/objectsigner.go	Removes unused object signer registration + legacy loader implementation.
cmd/entire/cli/objectsigner_test.go	Removes tests tied to the deleted legacy SSH-program skip logic.
cmd/entire/cli/checkpoint/objectsigner.go	Introduces new checkpoint object signer loader that can create a program-based signer using raw Git config precedence.
cmd/entire/cli/checkpoint/objectsigner_test.go	Adds unit tests for program detection/precedence and for constructing a custom program signer.
cmd/entire/cli/checkpoint/committed.go	Removes embedded signer-loader implementation now moved to the checkpoint objectsigner module.