tcarvalho.dev / git-signify
Harness the power of signify(1) to sign arbitrary git objects
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

split cmds into mods

Tiago Carvalho dc6c964e 444bc5df

+131 -102
+15
src/fingerprint.rs
··· 1 + //! Return the fingerprint of some key. 2 + 3 + use std::path::PathBuf; 4 + 5 + use anyhow::Result; 6 + 7 + use super::utils; 8 + 9 + /// Execute the `fingerprint` command. 10 + pub fn command(key_path: PathBuf) -> Result<()> { 11 + let public_key = utils::get_public_key(key_path)?; 12 + let hash = utils::hash_bytes(public_key.key().as_ref())?; 13 + println!("{hash}"); 14 + Ok(()) 15 + }
+7 -102
src/main.rs
··· 1 + mod fingerprint; 2 + mod sign; 1 3 mod utils; 4 + mod verify; 2 5 3 6 use std::path::PathBuf; 4 7 5 - use anyhow::{Context, Result}; 8 + use anyhow::Result; 6 9 use clap::{Parser, Subcommand}; 7 - use git2::{Oid, Repository}; 8 - use libsignify::{Codeable, Signature}; 9 10 10 11 /// A git sub-command to sign arbitrary objects 11 12 #[derive(Parser)] ··· 55 56 Action::Sign { 56 57 secret_key, 57 58 git_object_id: oid, 58 - } => sign(secret_key, oid), 59 + } => sign::command(secret_key, oid), 59 60 Action::Verify { 60 61 public_key, 61 62 print_signed_oid: recover, 62 63 git_tree_oid: oid, 63 - } => verify(public_key, recover, oid), 64 - Action::Fingerprint { key } => fingerprint(key), 64 + } => verify::command(public_key, recover, oid), 65 + Action::Fingerprint { key } => fingerprint::command(key), 65 66 } 66 67 } 67 - 68 - fn verify(key_path: PathBuf, recover: bool, oid: String) -> Result<()> { 69 - let repo = Repository::open(".").context("Failed to open git repository")?; 70 - 71 - let oid = repo 72 - .revparse_single(&oid) 73 - .context("Failed to look-up git tree oid")? 74 - .id(); 75 - let tree = repo 76 - .find_tree(oid) 77 - .context("No tree object found for the given revision")?; 78 - 79 - let object = tree 80 - .get_name("object") 81 - .context("Failed to look-up signed object in the tree")? 82 - .to_object(&repo) 83 - .context("The signed object could not be retrieved")?; 84 - let object = object 85 - .as_blob() 86 - .context("The signed object is not a blob")?; 87 - let dereferenced_obj = object.content(); 88 - 89 - let signature = { 90 - let signature = tree 91 - .get_name("signature") 92 - .context("Failed to look-up signature in the tree")? 93 - .to_object(&repo) 94 - .context("The signature object could not be retrieved")?; 95 - let signature = signature 96 - .as_blob() 97 - .context("The signature object is not a blob")?; 98 - Signature::from_bytes(signature.content()) 99 - .map_err(utils::Error::new) 100 - .context("Failed to parse signature")? 101 - }; 102 - 103 - let public_key = utils::get_public_key(key_path)?; 104 - 105 - public_key 106 - .verify(dereferenced_obj, &signature) 107 - .map_err(utils::Error::new) 108 - .context("Failed to verify signature")?; 109 - 110 - if recover { 111 - let oid = Oid::from_bytes(dereferenced_obj).context("Failed to parse git object id")?; 112 - println!("{oid}"); 113 - } 114 - 115 - Ok(()) 116 - } 117 - 118 - fn sign(key_path: PathBuf, oid: String) -> Result<()> { 119 - let repo = Repository::open(".").context("Failed to open git repository")?; 120 - 121 - let oid = repo 122 - .revparse_single(&oid) 123 - .context("Failed to look-up git object id")? 124 - .id(); 125 - 126 - let object_blob = repo 127 - .blob(oid.as_bytes()) 128 - .context("Failed to write object id to the git store")?; 129 - 130 - let secret_key = utils::get_secret_key(key_path)?; 131 - let signature = secret_key.sign(oid.as_bytes()).as_bytes(); 132 - let signature_blob = repo 133 - .blob(&signature) 134 - .context("Failed to write signature to the object store")?; 135 - 136 - let mut tree_builder = repo 137 - .treebuilder(None) 138 - .context("Failed to get a git tree object builder")?; 139 - 140 - // TODO: insert a tree entry containing the version of this program 141 - 142 - tree_builder 143 - .insert("object", object_blob, 0o100644) 144 - .context("Failed to write object to the tree")?; 145 - tree_builder 146 - .insert("signature", signature_blob, 0o100644) 147 - .context("Failed to write signature to the tree")?; 148 - 149 - let tree_oid = tree_builder 150 - .write() 151 - .context("Failed to write tree to the object store")?; 152 - 153 - println!("{tree_oid}"); 154 - Ok(()) 155 - } 156 - 157 - fn fingerprint(key_path: PathBuf) -> Result<()> { 158 - let public_key = utils::get_public_key(key_path)?; 159 - let hash = utils::hash_bytes(public_key.key().as_ref())?; 160 - println!("{hash}"); 161 - Ok(()) 162 - }
+49
src/sign.rs
··· 1 + //! Create signatures with [`libsignify`]. 2 + 3 + use std::path::PathBuf; 4 + 5 + use anyhow::{Context, Result}; 6 + use git2::Repository; 7 + use libsignify::Codeable; 8 + 9 + use super::utils; 10 + 11 + /// Execute the `sign` command. 12 + pub fn command(key_path: PathBuf, oid: String) -> Result<()> { 13 + let repo = Repository::open(".").context("Failed to open git repository")?; 14 + 15 + let oid = repo 16 + .revparse_single(&oid) 17 + .context("Failed to look-up git object id")? 18 + .id(); 19 + 20 + let object_blob = repo 21 + .blob(oid.as_bytes()) 22 + .context("Failed to write object id to the git store")?; 23 + 24 + let secret_key = utils::get_secret_key(key_path)?; 25 + let signature = secret_key.sign(oid.as_bytes()).as_bytes(); 26 + let signature_blob = repo 27 + .blob(&signature) 28 + .context("Failed to write signature to the object store")?; 29 + 30 + let mut tree_builder = repo 31 + .treebuilder(None) 32 + .context("Failed to get a git tree object builder")?; 33 + 34 + // TODO: insert a tree entry containing the version of this program 35 + 36 + tree_builder 37 + .insert("object", object_blob, 0o100644) 38 + .context("Failed to write object to the tree")?; 39 + tree_builder 40 + .insert("signature", signature_blob, 0o100644) 41 + .context("Failed to write signature to the tree")?; 42 + 43 + let tree_oid = tree_builder 44 + .write() 45 + .context("Failed to write tree to the object store")?; 46 + 47 + println!("{tree_oid}"); 48 + Ok(()) 49 + }
+60
src/verify.rs
··· 1 + //! Verify signatures with [`libsignify`]. 2 + 3 + use std::path::PathBuf; 4 + 5 + use anyhow::{Context, Result}; 6 + use git2::{Oid, Repository}; 7 + use libsignify::{Codeable, Signature}; 8 + 9 + use super::utils; 10 + 11 + /// Execute the `verify` command. 12 + pub fn command(key_path: PathBuf, recover: bool, oid: String) -> Result<()> { 13 + let repo = Repository::open(".").context("Failed to open git repository")?; 14 + 15 + let oid = repo 16 + .revparse_single(&oid) 17 + .context("Failed to look-up git tree oid")? 18 + .id(); 19 + let tree = repo 20 + .find_tree(oid) 21 + .context("No tree object found for the given revision")?; 22 + 23 + let object = tree 24 + .get_name("object") 25 + .context("Failed to look-up signed object in the tree")? 26 + .to_object(&repo) 27 + .context("The signed object could not be retrieved")?; 28 + let object = object 29 + .as_blob() 30 + .context("The signed object is not a blob")?; 31 + let dereferenced_obj = object.content(); 32 + 33 + let signature = { 34 + let signature = tree 35 + .get_name("signature") 36 + .context("Failed to look-up signature in the tree")? 37 + .to_object(&repo) 38 + .context("The signature object could not be retrieved")?; 39 + let signature = signature 40 + .as_blob() 41 + .context("The signature object is not a blob")?; 42 + Signature::from_bytes(signature.content()) 43 + .map_err(utils::Error::new) 44 + .context("Failed to parse signature")? 45 + }; 46 + 47 + let public_key = utils::get_public_key(key_path)?; 48 + 49 + public_key 50 + .verify(dereferenced_obj, &signature) 51 + .map_err(utils::Error::new) 52 + .context("Failed to verify signature")?; 53 + 54 + if recover { 55 + let oid = Oid::from_bytes(dereferenced_obj).context("Failed to parse git object id")?; 56 + println!("{oid}"); 57 + } 58 + 59 + Ok(()) 60 + }