Skip to content

[WIP] Add commit signing #2208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

[WIP] Add commit signing #2208

wants to merge 2 commits into from
+82 −5

Conversation

cruessler
Copy link
Contributor

This is a rough, incomplete prototype, mainly intended to allow me to ask a couple of questions on how to implement various things.

cruessler
cruessler commented Oct 7, 2025
View reviewed changes
gitoxide-core/src/repository/commit.rs
.extra_headers
.push((BStr::new(SIGNATURE_FIELD_NAME), extra_header));

eprintln!("{commit_ref:?}");
Copy link
Contributor Author

@cruessler cruessler Oct 7, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Byron At this point, I would like to write the signed commit back to the filesystem. I searched the codebase for hints on how this is usually done, but couldn’t really find anything. Would you be able to point me to an example?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would be repo.write_object(&commit_ref)?.

It's great you use the commit_ref for this by the way as it means any commit, even somewhat malformed ones, can be signed with this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, that’s what I was looking for! I assume that, once the signed object has been written, rev_spec needs to be made to point to the new commit, and the reflog needs to be updated. Is that what I’d use repo.edit_reference() for?

Byron
Byron reviewed Oct 8, 2025
View reviewed changes
Copy link
Member

@Byron Byron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's great to have!

Also, it's nice to see of gitoxide-core is a test-bed, from where early implementations can graduate into gix::Repository one day.

The biggest pat is probably reading the Git configuration to know which signing program to use.

gitoxide-core/src/repository/commit.rs
.extra_headers
.push((BStr::new(SIGNATURE_FIELD_NAME), extra_header));

eprintln!("{commit_ref:?}");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would be repo.write_object(&commit_ref)?.

It's great you use the commit_ref for this by the way as it means any commit, even somewhat malformed ones, can be signed with this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Byron Byron Byron left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cruessler @Byron