Harness the power of signify(1) to sign arbitrary git objects
impl verify
+40
-1
+14
-1
src/main.rs
+14
-1
src/main.rs
···
2
2
mod raw;
3
3
mod sign;
4
4
mod utils;
5
-
//mod verify;
5
+
mod verify;
6
6
7
7
use std::path::PathBuf;
8
8
···
36
36
secret_key: PathBuf,
37
37
38
38
/// The git revision to sign
39
+
git_rev: String,
40
+
},
41
+
/// Verify the signature over some git revision
42
+
Verify {
43
+
/// The path to the base64 encoded public key to verify with
44
+
#[arg(short = 'k', long)]
45
+
public_key: PathBuf,
46
+
47
+
/// The signed git revision to verify
39
48
git_rev: String,
40
49
},
41
50
}
···
84
93
secret_key,
85
94
git_rev: rev,
86
95
} => sign::command(secret_key, rev),
96
+
Action::Verify {
97
+
public_key,
98
+
git_rev: rev,
99
+
} => verify::command(public_key, rev),
87
100
}
88
101
}
+26
src/verify.rs
+26
src/verify.rs
···
1
+
//! Verify signatures stored under git references
2
+
//! with [`libsignify`].
3
+
4
+
use std::path::PathBuf;
5
+
6
+
use anyhow::{Context, Result};
7
+
8
+
use crate::raw::verify::verify;
9
+
use crate::utils;
10
+
11
+
/// Execute the `verify` command.
12
+
pub fn command(key_path: PathBuf, rev: String) -> Result<()> {
13
+
let repo = utils::open_repository()?;
14
+
let public_key = utils::get_public_key(key_path)?;
15
+
let tree_rev = {
16
+
let object_oid = repo
17
+
.revparse_single(&rev)
18
+
.context("Failed to look-up git object")?
19
+
.id();
20
+
let key_fingerprint = utils::hash_bytes(&public_key.key()[..])?;
21
+
utils::craft_signature_reference(key_fingerprint, object_oid)
22
+
};
23
+
verify(&repo, &public_key, &tree_rev, false)?;
24
+
println!("Signature verified successfully");
25
+
Ok(())
26
+
}