Harness the power of signify(1) to sign arbitrary git objects
factor out sign fn
+12
-6
+12
-6
src/sign.rs
+12
-6
src/sign.rs
···
3
3
use std::path::PathBuf;
4
4
5
5
use anyhow::{Context, Result};
6
-
use git2::Repository;
7
-
use libsignify::Codeable;
6
+
use git2::{Oid, Repository};
7
+
use libsignify::{Codeable, PrivateKey};
8
8
9
9
use super::utils;
10
10
11
11
/// Execute the `sign` command.
12
12
pub fn command(key_path: PathBuf, rev: String) -> Result<()> {
13
13
let repo = Repository::open(".").context("Failed to open git repository")?;
14
+
let secret_key = utils::get_secret_key(key_path)?;
15
+
let tree_oid = sign(&repo, &secret_key, &rev)?;
16
+
println!("{tree_oid}");
17
+
Ok(())
18
+
}
14
19
20
+
/// Sign the revision `rev` with the secret key `key`, write the results
21
+
/// to `repo`, and return the corresponding object id of the signature tree.
22
+
pub fn sign(repo: &Repository, secret_key: &PrivateKey, rev: &str) -> Result<Oid> {
15
23
let oid = repo
16
-
.revparse_single(&rev)
24
+
.revparse_single(rev)
17
25
.context("Failed to look-up git object id")?
18
26
.id();
19
27
···
21
29
.blob(oid.as_bytes())
22
30
.context("Failed to write object id to the git store")?;
23
31
24
-
let secret_key = utils::get_secret_key(key_path)?;
25
32
let signature = secret_key.sign(oid.as_bytes()).as_bytes();
26
33
let signature_blob = repo
27
34
.blob(&signature)
···
44
51
.write()
45
52
.context("Failed to write tree to the object store")?;
46
53
47
-
println!("{tree_oid}");
48
-
Ok(())
54
+
Ok(tree_oid)
49
55
}