Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add templater support for rendering commit signatures #4853

Merged
merged 3 commits into from
Jan 4, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
pylbrecht marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

* `jj evolog` now accepts `--reversed`.

* Add templater support for rendering commit signatures.

### Fixed bugs

## [0.25.0] - 2025-01-01
Expand Down
123 changes: 123 additions & 0 deletions cli/src/commit_templater.rs
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,10 @@ use jj_lib::revset::RevsetDiagnostics;
use jj_lib::revset::RevsetModifier;
use jj_lib::revset::RevsetParseContext;
use jj_lib::revset::UserRevsetExpression;
use jj_lib::signing::SigStatus;
use jj_lib::signing::SignError;
use jj_lib::signing::SignResult;
use jj_lib::signing::Verification;
use jj_lib::store::Store;
use once_cell::unsync::OnceCell;

Expand Down Expand Up @@ -243,6 +247,19 @@ impl<'repo> TemplateLanguage<'repo> for CommitTemplateLanguage<'repo> {
let build = template_parser::lookup_method(type_name, table, function)?;
build(self, diagnostics, build_ctx, property, function)
}
CommitTemplatePropertyKind::CryptographicSignatureOpt(property) => {
let type_name = "CryptographicSignature";
let table = &self.build_fn_table.cryptographic_signature_methods;
let build = template_parser::lookup_method(type_name, table, function)?;
let inner_property = property.try_unwrap(type_name);
build(
self,
diagnostics,
build_ctx,
Box::new(inner_property),
function,
)
}
}
}
}
Expand Down Expand Up @@ -319,6 +336,12 @@ impl<'repo> CommitTemplateLanguage<'repo> {
) -> CommitTemplatePropertyKind<'repo> {
CommitTemplatePropertyKind::TreeDiff(Box::new(property))
}

fn wrap_cryptographic_signature_opt(
property: impl TemplateProperty<Output = Option<CryptographicSignature>> + 'repo,
) -> CommitTemplatePropertyKind<'repo> {
CommitTemplatePropertyKind::CryptographicSignatureOpt(Box::new(property))
}
}

pub enum CommitTemplatePropertyKind<'repo> {
Expand All @@ -332,6 +355,9 @@ pub enum CommitTemplatePropertyKind<'repo> {
CommitOrChangeId(Box<dyn TemplateProperty<Output = CommitOrChangeId> + 'repo>),
ShortestIdPrefix(Box<dyn TemplateProperty<Output = ShortestIdPrefix> + 'repo>),
TreeDiff(Box<dyn TemplateProperty<Output = TreeDiff> + 'repo>),
CryptographicSignatureOpt(
Box<dyn TemplateProperty<Output = Option<CryptographicSignature>> + 'repo>,
),
}

impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
Expand All @@ -347,6 +373,9 @@ impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
CommitTemplatePropertyKind::CommitOrChangeId(_) => "CommitOrChangeId",
CommitTemplatePropertyKind::ShortestIdPrefix(_) => "ShortestIdPrefix",
CommitTemplatePropertyKind::TreeDiff(_) => "TreeDiff",
CommitTemplatePropertyKind::CryptographicSignatureOpt(_) => {
"Option<CryptographicSignature>"
}
}
}

Expand All @@ -372,6 +401,9 @@ impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
// TODO: boolean cast could be implemented, but explicit
// diff.empty() method might be better.
CommitTemplatePropertyKind::TreeDiff(_) => None,
CommitTemplatePropertyKind::CryptographicSignatureOpt(property) => {
Some(Box::new(property.map(|sig| sig.is_some())))
}
}
}

Expand Down Expand Up @@ -408,6 +440,7 @@ impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
Some(property.into_template())
}
CommitTemplatePropertyKind::TreeDiff(_) => None,
CommitTemplatePropertyKind::CryptographicSignatureOpt(_) => None,
}
}

Expand All @@ -426,6 +459,7 @@ impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
(CommitTemplatePropertyKind::CommitOrChangeId(_), _) => None,
(CommitTemplatePropertyKind::ShortestIdPrefix(_), _) => None,
(CommitTemplatePropertyKind::TreeDiff(_), _) => None,
(CommitTemplatePropertyKind::CryptographicSignatureOpt(_), _) => None,
}
}

Expand All @@ -447,6 +481,7 @@ impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
(CommitTemplatePropertyKind::CommitOrChangeId(_), _) => None,
(CommitTemplatePropertyKind::ShortestIdPrefix(_), _) => None,
(CommitTemplatePropertyKind::TreeDiff(_), _) => None,
(CommitTemplatePropertyKind::CryptographicSignatureOpt(_), _) => None,
}
}
}
Expand All @@ -463,6 +498,8 @@ pub struct CommitTemplateBuildFnTable<'repo> {
pub commit_or_change_id_methods: CommitTemplateBuildMethodFnMap<'repo, CommitOrChangeId>,
pub shortest_id_prefix_methods: CommitTemplateBuildMethodFnMap<'repo, ShortestIdPrefix>,
pub tree_diff_methods: CommitTemplateBuildMethodFnMap<'repo, TreeDiff>,
pub cryptographic_signature_methods:
CommitTemplateBuildMethodFnMap<'repo, CryptographicSignature>,
}

impl<'repo> CommitTemplateBuildFnTable<'repo> {
Expand All @@ -475,6 +512,7 @@ impl<'repo> CommitTemplateBuildFnTable<'repo> {
commit_or_change_id_methods: builtin_commit_or_change_id_methods(),
shortest_id_prefix_methods: builtin_shortest_id_prefix_methods(),
tree_diff_methods: builtin_tree_diff_methods(),
cryptographic_signature_methods: builtin_cryptographic_signature_methods(),
}
}

Expand All @@ -486,6 +524,7 @@ impl<'repo> CommitTemplateBuildFnTable<'repo> {
commit_or_change_id_methods: HashMap::new(),
shortest_id_prefix_methods: HashMap::new(),
tree_diff_methods: HashMap::new(),
cryptographic_signature_methods: HashMap::new(),
}
}

Expand All @@ -497,6 +536,7 @@ impl<'repo> CommitTemplateBuildFnTable<'repo> {
commit_or_change_id_methods,
shortest_id_prefix_methods,
tree_diff_methods,
cryptographic_signature_methods,
} = extension;

self.core.merge(core);
Expand All @@ -511,6 +551,10 @@ impl<'repo> CommitTemplateBuildFnTable<'repo> {
shortest_id_prefix_methods,
);
merge_fn_map(&mut self.tree_diff_methods, tree_diff_methods);
merge_fn_map(
&mut self.cryptographic_signature_methods,
cryptographic_signature_methods,
);
}
}

Expand Down Expand Up @@ -621,6 +665,14 @@ fn builtin_commit_methods<'repo>() -> CommitTemplateBuildMethodFnMap<'repo, Comm
Ok(L::wrap_boolean(out_property))
},
);
map.insert(
"signature",
|_language, _diagnostics, _build_ctx, self_property, function| {
function.expect_no_arguments()?;
let out_property = self_property.map(CryptographicSignature::new);
Ok(L::wrap_cryptographic_signature_opt(out_property))
},
);
map.insert(
"working_copies",
|language, _diagnostics, _build_ctx, self_property, function| {
Expand Down Expand Up @@ -1671,3 +1723,74 @@ fn builtin_tree_diff_methods<'repo>() -> CommitTemplateBuildMethodFnMap<'repo, T
// TODO: add files() or map() to support custom summary-like formatting?
map
}

#[derive(Debug)]
pub struct CryptographicSignature {
commit: Commit,
}

impl CryptographicSignature {
fn new(commit: Commit) -> Option<Self> {
commit.is_signed().then_some(Self { commit })
}

fn verify(&self) -> SignResult<Verification> {
self.commit
.verification()
.transpose()
.expect("must have signature")
}

fn status(&self) -> SignResult<SigStatus> {
self.verify().map(|verification| verification.status)
}

/// Defaults to empty string if key is not present.
fn key(&self) -> SignResult<String> {
self.verify()
.map(|verification| verification.key.unwrap_or_default())
}

/// Defaults to empty string if display is not present.
fn display(&self) -> SignResult<String> {
self.verify()
.map(|verification| verification.display.unwrap_or_default())
}
}

pub fn builtin_cryptographic_signature_methods<'repo>(
) -> CommitTemplateBuildMethodFnMap<'repo, CryptographicSignature> {
type L<'repo> = CommitTemplateLanguage<'repo>;
// Not using maplit::hashmap!{} or custom declarative macro here because
// code completion inside macro is quite restricted.
let mut map = CommitTemplateBuildMethodFnMap::<CryptographicSignature>::new();
map.insert(
"status",
|_language, _diagnostics, _build_ctx, self_property, function| {
function.expect_no_arguments()?;
let out_property = self_property.and_then(|sig| match sig.status() {
Ok(status) => Ok(status.to_string()),
Err(SignError::InvalidSignatureFormat) => Ok("invalid".to_string()),
Err(err) => Err(err.into()),
});
Ok(L::wrap_string(out_property))
},
);
map.insert(
"key",
|_language, _diagnostics, _build_ctx, self_property, function| {
function.expect_no_arguments()?;
let out_property = self_property.and_then(|sig| Ok(sig.key()?));
Ok(L::wrap_string(out_property))
},
);
map.insert(
"display",
|_language, _diagnostics, _build_ctx, self_property, function| {
function.expect_no_arguments()?;
let out_property = self_property.and_then(|sig| Ok(sig.display()?));
Ok(L::wrap_string(out_property))
},
);
map
}
24 changes: 24 additions & 0 deletions cli/tests/test_commit_template.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1209,3 +1209,27 @@ fn test_log_diff_predefined_formats() {
+c
"###);
}

#[test]
fn test_signature_templates() {
let test_env = TestEnvironment::default();

test_env.add_config(r#"signing.sign-all = true"#);
test_env.add_config(r#"signing.backend = "test""#);

test_env.jj_cmd_ok(test_env.env_root(), &["git", "init", "repo"]);
let repo_path = test_env.env_root().join("repo");

let template = r#"if(signature,
signature.status() ++ " " ++ signature.display(),
"no"
) ++ " signature""#;

let stdout = test_env.jj_cmd_success(&repo_path, &["log", "-T", template]);
insta::assert_snapshot!(stdout, @r"
@ good test-display signature
◆ no signature");

let stdout = test_env.jj_cmd_success(&repo_path, &["show", "-T", template]);
insta::assert_snapshot!(stdout, @"good test-display signature");
}
11 changes: 11 additions & 0 deletions docs/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -1027,6 +1027,17 @@ as follows:
backends.ssh.allowed-signers = "/path/to/allowed-signers"
```

## Commit Signature Verification

By default signature verification and display is **disabled** as it incurs a
performance cost when rendering medium to large change logs.

If you want to display commit signatures in your templates, you can use
`commit.signature()` (see [Commit type](./templates.md#commit-type)). The
returned [CryptographicSignature
Type](./templates.md#cryptographicsignature-type) provides methods to retrieve
signature details.

## Git settings

### Default remotes for `jj git fetch` and `jj git push`
Expand Down
24 changes: 24 additions & 0 deletions docs/templates.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ This type cannot be printed. The following methods are defined.
* `parents() -> List<Commit>`
* `author() -> Signature`
* `committer() -> Signature`
* `signature() -> Option<CryptographicSignature>`
* `mine() -> Boolean`: Commits where the author's email matches the email of the current
user.
* `working_copies() -> String`: For multi-workspace repository, indicate
Expand Down Expand Up @@ -129,6 +130,29 @@ The following methods are defined.
* `.short([len: Integer]) -> String`
* `.shortest([min_len: Integer]) -> ShortestIdPrefix`: Shortest unique prefix.

### CryptographicSignature type

The following methods are defined.

* `.status() -> String`: The signature's status (`"good"`, `"bad"`, `"unknown"`, `"invalid"`).
* `.key() -> String`: The signature's key id representation (for GPG, this is the key fingerprint).
* `.display() -> String`: The signature's display string (for GPG this is the formatted primary user ID).

!!! warning

Calling any of `.status()`, `.key()`, or `.display()` is slow, as it incurs
the performance cost of verifying the signature (for example shelling out
to `gpg` or `ssh-keygen`). Though consecutive calls will be faster, because
the backend caches the verification result.

!!! info

As opposed to calling any of `.status()`, `.key()`, or `.display()`,
checking for signature presence through boolean coercion is fast:
```
if(commit.signature(), "commit has a signature", "commit is unsigned")
```

### Email type

The following methods are defined.
Expand Down
2 changes: 2 additions & 0 deletions lib/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,8 @@ pub mod stacked_table;
pub mod store;
pub mod str_util;
pub mod submodule_store;
#[cfg(feature = "testing")]
pub mod test_signing_backend;
pub mod time_util;
pub mod transaction;
pub mod tree;
Expand Down
16 changes: 16 additions & 0 deletions lib/src/signing.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
//! various backends.

use std::fmt::Debug;
use std::fmt::Display;
use std::sync::Mutex;

use clru::CLruCache;
Expand All @@ -27,6 +28,8 @@ use crate::gpg_signing::GpgBackend;
use crate::settings::UserSettings;
use crate::ssh_signing::SshBackend;
use crate::store::COMMIT_CACHE_CAPACITY;
#[cfg(feature = "testing")]
use crate::test_signing_backend::TestSigningBackend;

/// A status of the signature, part of the [Verification] type.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
Expand All @@ -39,6 +42,17 @@ pub enum SigStatus {
Bad,
}

impl Display for SigStatus {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
let s = match self {
SigStatus::Good => "good",
SigStatus::Unknown => "unknown",
SigStatus::Bad => "bad",
};
write!(f, "{s}")
}
}

/// The result of a signature verification.
/// Key and display are optional additional info that backends can or can not
/// provide to add additional information for the templater to potentially show.
Expand Down Expand Up @@ -166,6 +180,8 @@ impl Signer {
let mut backends: Vec<Box<dyn SigningBackend>> = vec![
Box::new(GpgBackend::from_settings(settings).map_err(SignInitError::BackendConfig)?),
Box::new(SshBackend::from_settings(settings).map_err(SignInitError::BackendConfig)?),
#[cfg(feature = "testing")]
Box::new(TestSigningBackend),
// Box::new(X509Backend::from_settings(settings).map_err(..)?),
];

Expand Down
Loading
Loading