Harness the power of signify(1) to sign arbitrary git objects
skip signing if sig already exists
+12
-5
+12
-5
src/sign.rs
+12
-5
src/sign.rs
···
12
12
pub fn command(key_path: PathBuf, rev: String) -> Result<()> {
13
13
let repo = utils::open_repository()?;
14
14
for (path, secret_key) in utils::get_secret_keys(key_path)? {
15
-
let tree_oid = sign(&repo, &secret_key, &rev)?;
16
-
let signed_object = {
17
-
let tree_sig = utils::TreeSignature::load_oid(&repo, tree_oid)?;
18
-
tree_sig.dereference()?
19
-
};
15
+
let signed_object = repo
16
+
.revparse_single(&rev)
17
+
.context("Failed to look-up object to sign")?
18
+
.id();
20
19
let key_fingerprint = secret_key.public_key()?.fingerprint()?;
21
20
let reference = utils::craft_signature_reference(key_fingerprint, signed_object);
21
+
if utils::revparse_single_ok_or_else(&repo, &reference, |_| Ok(true), || Ok(false))? {
22
+
println!("Signature already exists with key:");
23
+
println!(" - {}", path.display());
24
+
println!("Signature stored under:");
25
+
println!(" - {reference}");
26
+
continue;
27
+
}
28
+
let tree_oid = sign(&repo, &secret_key, &rev)?;
22
29
repo.reference(
23
30
&reference, tree_oid,
24
31
// references to signatures are non-deterministic,