Include signature type in GpgSig, to support SSH, x509, etc.#72
Open
Warbo wants to merge 1 commit intoipfs:masterfrom
Open
Include signature type in GpgSig, to support SSH, x509, etc.#72Warbo wants to merge 1 commit intoipfs:masterfrom
Warbo wants to merge 1 commit intoipfs:masterfrom
Conversation
The existing commit parser/printer were hard-coded for PGP signatures, and
stripped off their BEGIN/END lines. That threw an error for commits signed with
other schemes like SSH or x509 ("expected first line of sig to be a single space
or version"), and it loses information about what type of signature was present;
which is bad for those inspecting the IPLD DAG, and it prevents the codec from
correctly encoding commit objects.
This change generalises the signature parsing, to accept any `-----BEGIN` and
`-----END` markers. It also includes those markers in the `GpgSig` value, so
signed commits can roundtrip the codec, and the DAG will show what the signature
type is.
Note that this changes the contents of the `signature` field exposed to IPLD!
Here's what a PGP-signed commit used to look like:
```
$ ipfs dag get baf4bcfastgjlbc4cb4pwvazfmxrs6duxojydbsq | jq .
{
"author": {
"date": "1772632573",
"email": "chriswarbo@gmail.com",
"name": "Chris Warburton",
"timezone": "+0000"
},
"committer": {
"date": "1772632573",
"email": "chriswarbo@gmail.com",
"name": "Chris Warburton",
"timezone": "+0000"
},
"encoding": null,
"mergetag": [],
"message": "Signed commit for testing\n",
"other": [],
"parents": [
{
"/": "baf4bcfafx5b5ehckbgrxs3w5vw4p3l6jnwchxri"
}
],
"signature": " \n iQEzBAABCgAdFiEEL4FPY3Lp/jQ0Jiq+seTexiNfLroFAmmoOf0ACgkQseTexiNf\n Lrp3QAf9Ee+oNHjHT9aKCRkUyaRn5ZUV9OxmxskD5hDOz7iLnZ84DIx4WNl7QT+x\n kw15VPyrryr16ES/J4HBb9aaMLDb9ns98vmrPUJ6YPKYWoD+0750GM/+RBe9HLsJ\n woTaADmn9ocSym53b32t6tTLvt2ow8J2UbfjijLqsEkqTH+E+T0qzxwlscZ6xWT8\n z40y88lbvIjuyxV8SirnoJtNra91QPuWKmkJCDE7OM4WGA/tU62Za5z4J8q4WZ9A\n +9K0poBMrEpsBRazx8XKNY1w/4v66vKEvY+q8kcH0zGKbX6uYnxsG/kr6bfLIQMU\n 7KdD0xv+QsGw5uhjhD7WLK8ziJ/x0w==\n =vyj/\n",
"tree": {
"/": "baf4bcfcthputu4uf5w5m66gfj4szgbazp5agqjy"
}
}
```
With this change, the `signature` field will become:
```
"signature": " -----BEGIN PGP SIGNATURE-----\n iQEzBAABCgAdFiEEL4FPY3Lp/jQ0Jiq+seTexiNfLroFAmmoOf0ACgkQseTexiNf\n Lrp3QAf9Ee+oNHjHT9aKCRkUyaRn5ZUV9OxmxskD5hDOz7iLnZ84DIx4WNl7QT+x\n kw15VPyrryr16ES/J4HBb9aaMLDb9ns98vmrPUJ6YPKYWoD+0750GM/+RBe9HLsJ\n woTaADmn9ocSym53b32t6tTLvt2ow8J2UbfjijLqsEkqTH+E+T0qzxwlscZ6xWT8\n z40y88lbvIjuyxV8SirnoJtNra91QPuWKmkJCDE7OM4WGA/tU62Za5z4J8q4WZ9A\n +9K0poBMrEpsBRazx8XKNY1w/4v66vKEvY+q8kcH0zGKbX6uYnxsG/kr6bfLIQMU\n 7KdD0xv+QsGw5uhjhD7WLK8ziJ/x0w==\n =vyj/\n -----END PGP SIGNATURE-----",
```
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The existing commit parser/printer were hard-coded for PGP signatures, and stripped off their BEGIN/END lines. That threw an error for commits signed with other schemes like SSH or x509 ("expected first line of sig to be a single space or version"), and it loses information about what type of signature was present; which is bad for those inspecting the IPLD DAG, and it prevents the codec from correctly encoding commit objects.
This change generalises the signature parsing, to accept any
-----BEGINand-----ENDmarkers. It also includes those markers in theGpgSigvalue, so signed commits can roundtrip the codec, and the DAG will show what the signature type is.Note that this changes the contents of the
signaturefield exposed to IPLD! Here's what a PGP-signed commit used to look like:With this change, the
signaturefield will become: