objectsigner: Add context to Sign and KeyID to ssh signer#11
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
Updates the object signer plugins’ APIs to support context-aware signing (for cancellation/timeout propagation) and adds an SSH key identifier helper for callers.
Changes:
- Extend
Signfor the SSH/GPG/program signers to acceptcontext.Context. - Thread
context.Contextthrough the program signer’s external command execution. - Add
KeyID()to the SSH signer (SHA256 public-key fingerprint) and update tests/examples accordingly.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| plugin/objectsigner/ssh/ssh.go | Add context.Context to Sign and introduce KeyID() for SSH key fingerprinting. |
| plugin/objectsigner/ssh/ssh_test.go | Update signing calls for new Sign(ctx, r) signature; add KeyID test. |
| plugin/objectsigner/ssh/example_test.go | Update example to pass a context into Sign. |
| plugin/objectsigner/program/program.go | Update Sign to accept/propagate context into external invocation. |
| plugin/objectsigner/program/program_test.go | Update tests to call Sign with a context. |
| plugin/objectsigner/gpg/gpg.go | Add context.Context to Sign (accepted for API uniformity). |
| plugin/objectsigner/gpg/gpg_test.go | Update signing calls for new Sign(ctx, r) signature. |
| plugin/objectsigner/gpg/example_test.go | Update example to pass a context into Sign. |
Comments suppressed due to low confidence (1)
plugin/objectsigner/program/program.go:167
Signnow takes acontext.Context, but if a caller passesnilthis will eventually reachexec.CommandContext(vianewExecCommand) and panic. To keep the method safe and maintain the pre-context behavior, default a nil context tocontext.Background()(or return an error) before invokingcommandContext.
// Sign reads message and returns the signature produced by the external
// binary. The context cancels the external program invocation.
func (s *signer) Sign(ctx context.Context, message io.Reader) ([]byte, error) {
if message == nil {
return nil, ErrNilMessage
}
switch s.format {
case FormatOpenPGP, FormatX509:
return s.signStdio(ctx, message)
case FormatSSH:
return s.signSSH(ctx, message)
default:
return nil, fmt.Errorf("%w: %q", ErrUnsupportedFormat, s.format)
}
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Evolve the per-signer API so signing can be cancelled and so callers can identify the signing key. - The ssh, gpg and program signers' Sign method now takes a context.Context. The program signer threads it into the external binary invocation; the ssh and gpg signers sign locally and accept the context for interface uniformity. - The ssh signer gains a KeyID method returning the SHA256 fingerprint of its public key. Tests and examples are updated for the new signature. The auto plugin, which depends on the ssh and gpg modules, will be updated once these are released. Assisted-by: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: Paulo Gomes <paulo@entire.io>
hiddeco
reviewed
Jun 23, 2026
Tie each signing call's context to the test lifecycle. Go 1.24's t.Context() is cancelled when the test ends, so the program signer's external subprocess is torn down automatically if a test fails or times out, rather than running under a detached context.Background(). Also replace the manual `defer cancel()` in the context-threading test with t.Cleanup(cancel). Assisted-by: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: Paulo Gomes <paulo@entire.io> Entire-Checkpoint: f374e2d424ba
hiddeco
approved these changes
Jun 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Evolve the per-signer API so signing can be cancelled and so callers can identify the signing key.
Tests and examples are updated for the new signature. The auto plugin, which depends on the ssh and gpg modules, will be updated once these are released.