From 762ce9cf78d3acccafe38d5563a9933359950b59 Mon Sep 17 00:00:00 2001 From: Paulo Gomes Date: Wed, 24 Jun 2026 11:45:42 +0100 Subject: [PATCH] objectsigner/auto: Bump gpg/ssh to v0.2.0 and add context to Sign The gpg and ssh signer modules gained a context parameter on Sign in v0.2.0 so callers can cancel external/remote signing (e.g. an external program or agent). Bump auto to those releases and thread the context through its own Signer interface to match, updating the tests to pass t.Context(). Assisted-by: Claude Opus 4.7 Signed-off-by: Paulo Gomes Entire-Checkpoint: 3628d6eded27 --- plugin/objectsigner/auto/auto.go | 6 ++++-- plugin/objectsigner/auto/auto_test.go | 28 +++++++++++++-------------- plugin/objectsigner/auto/go.mod | 4 ++-- plugin/objectsigner/auto/go.sum | 4 ++++ 4 files changed, 24 insertions(+), 18 deletions(-) diff --git a/plugin/objectsigner/auto/auto.go b/plugin/objectsigner/auto/auto.go index 810e7b9..cd0d1f5 100644 --- a/plugin/objectsigner/auto/auto.go +++ b/plugin/objectsigner/auto/auto.go @@ -18,6 +18,7 @@ package auto import ( "bytes" + "context" "errors" "fmt" "io" @@ -97,9 +98,10 @@ type Config struct { } // Signer signs a message read from an io.Reader and returns the raw signature -// bytes. +// bytes. The context cancels signers that perform external or remote work +// (e.g. an external program); purely local signers ignore it. type Signer interface { - Sign(message io.Reader) ([]byte, error) + Sign(ctx context.Context, message io.Reader) ([]byte, error) } // FromConfig returns a [Signer] configured according to the provided Config. diff --git a/plugin/objectsigner/auto/auto_test.go b/plugin/objectsigner/auto/auto_test.go index ad5b0c8..934a316 100644 --- a/plugin/objectsigner/auto/auto_test.go +++ b/plugin/objectsigner/auto/auto_test.go @@ -38,7 +38,7 @@ func TestFromConfigSSH(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN SSH SIGNATURE-----") assert.Contains(t, string(sig), "-----END SSH SIGNATURE-----") @@ -62,7 +62,7 @@ func TestFromConfigSSHPubSuffixNoAgent(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN SSH SIGNATURE-----") } @@ -114,7 +114,7 @@ func TestFromConfigSSHKeyLiteralAgent(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN SSH SIGNATURE-----") } @@ -149,7 +149,7 @@ func TestFromConfigSSHAgentPubKeyPath(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN SSH SIGNATURE-----") } @@ -180,7 +180,7 @@ func TestFromConfigSSHAgentMultipleKeys(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN SSH SIGNATURE-----") @@ -260,7 +260,7 @@ func TestFromConfigSSHAgentPrivateKeyPath(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN SSH SIGNATURE-----") } @@ -303,7 +303,7 @@ func TestFromConfigSSHAgentFirstKey(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN SSH SIGNATURE-----") } @@ -352,7 +352,7 @@ func TestFromConfigGPG(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN PGP SIGNATURE-----") assert.Contains(t, string(sig), "-----END PGP SIGNATURE-----") @@ -373,7 +373,7 @@ func TestFromConfigGPGDefaultFormat(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN PGP SIGNATURE-----") } @@ -442,7 +442,7 @@ func TestFromConfigGPGEncryptedThenUnencrypted(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN PGP SIGNATURE-----") } @@ -462,7 +462,7 @@ func TestFromConfigGPGMultipleKeys(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN PGP SIGNATURE-----") } @@ -517,7 +517,7 @@ func TestFromConfigSSHHomeTilde(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN SSH SIGNATURE-----") } @@ -553,7 +553,7 @@ func TestFromConfigSSHAgentHomeTildePubKey(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN SSH SIGNATURE-----") } @@ -587,7 +587,7 @@ func TestFromConfigGPGHomeTilde(t *testing.T) { }) require.NoError(t, err) - sig, err := signer.Sign(strings.NewReader("hello\n")) + sig, err := signer.Sign(t.Context(), strings.NewReader("hello\n")) require.NoError(t, err) assert.Contains(t, string(sig), "-----BEGIN PGP SIGNATURE-----") } diff --git a/plugin/objectsigner/auto/go.mod b/plugin/objectsigner/auto/go.mod index 36611e0..71fbfec 100644 --- a/plugin/objectsigner/auto/go.mod +++ b/plugin/objectsigner/auto/go.mod @@ -5,8 +5,8 @@ go 1.25.0 require ( github.com/ProtonMail/go-crypto v1.3.0 github.com/go-git/go-billy/v6 v6.0.0-20260328065524-593ae452e14d - github.com/go-git/x/plugin/objectsigner/gpg v0.1.0 - github.com/go-git/x/plugin/objectsigner/ssh v0.1.0 + github.com/go-git/x/plugin/objectsigner/gpg v0.2.0 + github.com/go-git/x/plugin/objectsigner/ssh v0.2.0 github.com/hiddeco/sshsig v0.2.0 github.com/stretchr/testify v1.11.1 golang.org/x/crypto v0.48.0 diff --git a/plugin/objectsigner/auto/go.sum b/plugin/objectsigner/auto/go.sum index cf41441..64bb305 100644 --- a/plugin/objectsigner/auto/go.sum +++ b/plugin/objectsigner/auto/go.sum @@ -10,8 +10,12 @@ github.com/go-git/go-billy/v6 v6.0.0-20260328065524-593ae452e14d h1:bLMI9z4mKkfQ github.com/go-git/go-billy/v6 v6.0.0-20260328065524-593ae452e14d/go.mod h1:LLeMBFApkgIKwMzirxpU9XB7NvO2HdTw5FXmeP1M6c8= github.com/go-git/x/plugin/objectsigner/gpg v0.1.0 h1:NEGVSOD+LPnus6j4iNkAZaHVTc4DNY223y1/I2Jq2yI= github.com/go-git/x/plugin/objectsigner/gpg v0.1.0/go.mod h1:1iosWq3OOqZxtNrwDHtcjicswuaOT45J5GMFyCk80wc= +github.com/go-git/x/plugin/objectsigner/gpg v0.2.0 h1:3EGE1apJAh2Z9qUxBUCPSdQMbasQi1WFA9VJfgtkMa8= +github.com/go-git/x/plugin/objectsigner/gpg v0.2.0/go.mod h1:1iosWq3OOqZxtNrwDHtcjicswuaOT45J5GMFyCk80wc= github.com/go-git/x/plugin/objectsigner/ssh v0.1.0 h1:lAeeDgc1oxsMMvVUed6ssrqJnD97UR1K/dXIDdeg1Yc= github.com/go-git/x/plugin/objectsigner/ssh v0.1.0/go.mod h1:6BvpZj9Yry1ZFNw4N5OZDc+7M1T8oyrZilLNFg2aTsM= +github.com/go-git/x/plugin/objectsigner/ssh v0.2.0 h1:TkAMmGl8SgI3CL6BZv5Pv1cLxBAfmjkyE6jObUm/+zc= +github.com/go-git/x/plugin/objectsigner/ssh v0.2.0/go.mod h1:6BvpZj9Yry1ZFNw4N5OZDc+7M1T8oyrZilLNFg2aTsM= github.com/hiddeco/sshsig v0.2.0 h1:gMWllgKCITXdydVkDL+Zro0PU96QI55LwUwebSwNTSw= github.com/hiddeco/sshsig v0.2.0/go.mod h1:nJc98aGgiH6Yql2doqH4CTBVHexQA40Q+hMMLHP4EqE= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=