Skip to content

Commit

Permalink
sign: Define signing backend API and integrate it
Browse files Browse the repository at this point in the history
Finished everything except actual signing backend implementation(s) and
the UI.
  • Loading branch information
necauqua committed Nov 30, 2023
1 parent 601be0d commit 0dd1775
Show file tree
Hide file tree
Showing 15 changed files with 434 additions and 19 deletions.
9 changes: 9 additions & 0 deletions cli/src/cli_util.rs
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ use jj_lib::revset::{
};
use jj_lib::rewrite::restore_tree;
use jj_lib::settings::{ConfigResultExt as _, UserSettings};
use jj_lib::signing::SignInitError;
use jj_lib::str_util::{StringPattern, StringPatternParseError};
use jj_lib::transaction::Transaction;
use jj_lib::tree::TreeMergeError;
Expand Down Expand Up @@ -194,6 +195,10 @@ impl From<WorkspaceInitError> for CommandError {
WorkspaceInitError::WorkingCopyState(err) => {
CommandError::InternalError(format!("Failed to access the repository: {err}"))
}
WorkspaceInitError::SignInit(err @ SignInitError::UnknownBackend(_)) => {
user_error(format!("{err}"))
}
WorkspaceInitError::SignInit(err) => CommandError::InternalError(format!("{err}")),
}
}
}
Expand Down Expand Up @@ -1655,6 +1660,10 @@ jj init --git-repo=.",
) => CommandError::InternalError(format!(
"The repository appears broken or inaccessible: {err}"
)),
WorkspaceLoadError::StoreLoadError(StoreLoadError::Signing(
err @ SignInitError::UnknownBackend(_),
)) => user_error(format!("{err}")),
WorkspaceLoadError::StoreLoadError(err) => CommandError::InternalError(format!("{err}")),
}
}

Expand Down
25 changes: 25 additions & 0 deletions cli/src/config-schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -355,6 +355,31 @@
"default": "1MiB"
}
}
},
"signing": {
"type": "object",
"description": "Settings for verifying and creating cryptographic commit signatures",
"properties": {
"backend": {
"type": "string",
"description": "Which backend to use to create commit signatures"
},
"key": {
"type": "string",
"description": "The key parameter to pass to the signing backend. Overridden by `jj sign` parameter or by the global `--sign-with` option"
},
"sign-all": {
"type": "boolean",
"description": "Whether to sign all commits by default. Overridden by global `--no-sign` option",
"default": false
},
"backends": {
"type": "object",
"description": "Tables of options to pass to specific signing backends",
"properties": {},
"additionalProperties": true
}
}
}
}
}
3 changes: 2 additions & 1 deletion lib/src/backend.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ use thiserror::Error;
use crate::content_hash::ContentHash;
use crate::merge::Merge;
use crate::repo_path::{RepoPath, RepoPathComponent, RepoPathComponentBuf};
use crate::signing::SignResult;

pub trait ObjectId {
fn new(value: Vec<u8>) -> Self;
Expand Down Expand Up @@ -147,7 +148,7 @@ content_hash! {
}
}

pub type SigningFn = Box<dyn FnMut(&[u8]) -> BackendResult<Vec<u8>>>;
pub type SigningFn = Box<dyn FnMut(&[u8]) -> SignResult<Vec<u8>>>;

/// Identifies a single legacy tree, which may have path-level conflicts, or a
/// merge of multiple trees, where the individual trees do not have conflicts.
Expand Down
15 changes: 15 additions & 0 deletions lib/src/commit.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ use std::sync::Arc;
use crate::backend;
use crate::backend::{BackendError, ChangeId, CommitId, MergedTreeId, Signature};
use crate::merged_tree::MergedTree;
use crate::signing::{SignResult, Verification};
use crate::store::Store;

#[derive(Clone)]
Expand Down Expand Up @@ -146,6 +147,20 @@ impl Commit {
}
false
}

/// A quick way to just check if a signature is present.
pub fn is_signed(&self) -> bool {
self.data.secure_sig.is_some()
}

/// A slow (but cached) way to get the full verification.
pub fn verification(&self) -> SignResult<Option<Verification>> {
self.data
.secure_sig
.as_ref()
.map(|sig| self.store.signer().verify(&self.id, &sig.data, &sig.sig))
.transpose()
}
}

/// Wrapper to sort `Commit` by committer timestamp.
Expand Down
42 changes: 38 additions & 4 deletions lib/src/commit_builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,19 @@

use std::sync::Arc;

use crate::backend::{self, BackendResult, ChangeId, CommitId, MergedTreeId, Signature};
use crate::backend::{self, BackendResult, ChangeId, CommitId, MergedTreeId, Signature, SigningFn};
use crate::commit::Commit;
use crate::repo::{MutableRepo, Repo};
use crate::settings::{JJRng, UserSettings};
use crate::settings::{JJRng, SignSettings, UserSettings};
use crate::signing::SignBehavior;

#[must_use]
pub struct CommitBuilder<'repo> {
mut_repo: &'repo mut MutableRepo,
rng: Arc<JJRng>,
commit: backend::Commit,
rewrite_source: Option<Commit>,
sign_settings: SignSettings,
}

impl CommitBuilder<'_> {
Expand Down Expand Up @@ -55,6 +57,7 @@ impl CommitBuilder<'_> {
rng,
commit,
rewrite_source: None,
sign_settings: settings.sign_settings(),
}
}

Expand Down Expand Up @@ -83,6 +86,7 @@ impl CommitBuilder<'_> {
commit,
rng: settings.get_rng(),
rewrite_source: Some(predecessor.clone()),
sign_settings: settings.sign_settings(),
}
}

Expand Down Expand Up @@ -157,14 +161,44 @@ impl CommitBuilder<'_> {
self
}

pub fn write(self) -> BackendResult<Commit> {
pub fn sign_settings(&self) -> &SignSettings {
&self.sign_settings
}

pub fn set_sign_behavior(mut self, sign_behavior: SignBehavior) -> Self {
self.sign_settings.behavior = sign_behavior;
self
}

pub fn set_sign_key(mut self, sign_key: Option<String>) -> Self {
self.sign_settings.key = sign_key;
self
}

pub fn write(mut self) -> BackendResult<Commit> {
let mut rewrite_source_id = None;
if let Some(rewrite_source) = self.rewrite_source {
if *rewrite_source.change_id() == self.commit.change_id {
rewrite_source_id.replace(rewrite_source.id().clone());
}
}
let commit = self.mut_repo.write_commit(self.commit)?;

let sign_settings = self.sign_settings;
let store = self.mut_repo.store();

let signing_fn = (store.signer().can_sign() && sign_settings.should_sign(&self.commit))
.then(|| {
let store = store.clone();
Box::new(move |data: &_| store.signer().sign(data, sign_settings.key.as_deref()))
as SigningFn
});

// Commit backend doesn't use secure_sig for writing and enforces it with an
// assert, but sign_settings.should_sign check above will want to know
// if we're rewriting a signed commit
self.commit.secure_sig = None;

let commit = self.mut_repo.write_commit(self.commit, signing_fn)?;
if let Some(rewrite_source_id) = rewrite_source_id {
self.mut_repo
.record_rewritten_commit(rewrite_source_id, commit.id().clone())
Expand Down
5 changes: 4 additions & 1 deletion lib/src/git_backend.rs
Original file line number Diff line number Diff line change
Expand Up @@ -967,7 +967,10 @@ impl Backend for GitBackend {
let mut data = Vec::with_capacity(512);
commit.write_to(&mut data).unwrap();

let sig = sign(&data)?;
let sig = sign(&data).map_err(|err| BackendError::WriteObject {
object_type: "commit",
source: Box::new(err),
})?;
commit
.extra_headers
.push(("gpgsig".into(), sig.clone().into()));
Expand Down
1 change: 1 addition & 0 deletions lib/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ pub mod revset;
pub mod revset_graph;
pub mod rewrite;
pub mod settings;
pub mod signing;
pub mod simple_op_heads_store;
pub mod simple_op_store;
pub mod stacked_table;
Expand Down
2 changes: 1 addition & 1 deletion lib/src/local_backend.rs
Original file line number Diff line number Diff line change
Expand Up @@ -281,7 +281,7 @@ impl Backend for LocalBackend {
let mut proto = commit_to_proto(&commit);
if let Some(mut sign) = sign_with {
let data = proto.encode_to_vec();
let sig = sign(&data)?;
let sig = sign(&data).map_err(to_other_err)?;
proto.secure_sig = Some(sig.clone());
commit.secure_sig = Some(SecureSig { data, sig });
}
Expand Down
19 changes: 15 additions & 4 deletions lib/src/repo.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ use tracing::instrument;
use self::dirty_cell::DirtyCell;
use crate::backend::{
Backend, BackendError, BackendInitError, BackendLoadError, BackendResult, ChangeId, CommitId,
MergedTreeId, ObjectId,
MergedTreeId, ObjectId, SigningFn,
};
use crate::commit::{Commit, CommitByCommitterTimestamp};
use crate::commit_builder::CommitBuilder;
Expand All @@ -52,6 +52,7 @@ use crate::refs::{
use crate::revset::{self, ChangeIdIndex, Revset, RevsetExpression};
use crate::rewrite::{DescendantRebaser, RebaseOptions};
use crate::settings::{RepoSettings, UserSettings};
use crate::signing::{SignInitError, Signer};
use crate::simple_op_heads_store::SimpleOpHeadsStore;
use crate::simple_op_store::SimpleOpStore;
use crate::store::Store;
Expand Down Expand Up @@ -118,6 +119,8 @@ pub enum RepoInitError {
Backend(#[from] BackendInitError),
#[error(transparent)]
Path(#[from] PathError),
#[error(transparent)]
SignInit(#[from] SignInitError),
}

impl ReadonlyRepo {
Expand Down Expand Up @@ -156,7 +159,8 @@ impl ReadonlyRepo {
let backend = backend_initializer(user_settings, &store_path)?;
let backend_path = store_path.join("type");
fs::write(&backend_path, backend.name()).context(&backend_path)?;
let store = Store::new(backend, user_settings.use_tree_conflict_format());
let signer = Signer::from_settings(user_settings)?;
let store = Store::new(backend, signer, user_settings.use_tree_conflict_format());
let repo_settings = user_settings.with_repo(&repo_path).unwrap();

let op_store_path = repo_path.join("op_store");
Expand Down Expand Up @@ -418,6 +422,8 @@ pub enum StoreLoadError {
},
#[error(transparent)]
Backend(#[from] BackendLoadError),
#[error(transparent)]
Signing(#[from] SignInitError),
}

impl StoreFactories {
Expand Down Expand Up @@ -608,6 +614,7 @@ impl RepoLoader {
) -> Result<Self, StoreLoadError> {
let store = Store::new(
store_factories.load_backend(user_settings, &repo_path.join("store"))?,
Signer::from_settings(user_settings)?,
user_settings.use_tree_conflict_format(),
);
let repo_settings = user_settings.with_repo(repo_path).unwrap();
Expand Down Expand Up @@ -792,8 +799,12 @@ impl MutableRepo {
CommitBuilder::for_rewrite_from(self, settings, predecessor)
}

pub fn write_commit(&mut self, commit: backend::Commit) -> BackendResult<Commit> {
let commit = self.store().write_commit(commit)?;
pub fn write_commit(
&mut self,
commit: backend::Commit,
sign_with: Option<SigningFn>,
) -> BackendResult<Commit> {
let commit = self.store().write_commit(commit, sign_with)?;
self.add_head(&commit);
Ok(commit)
}
Expand Down
49 changes: 48 additions & 1 deletion lib/src/settings.rs
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,10 @@ use chrono::DateTime;
use rand::prelude::*;
use rand_chacha::ChaCha20Rng;

use crate::backend::{ChangeId, ObjectId, Signature, Timestamp};
use crate::backend::{ChangeId, Commit, ObjectId, Signature, Timestamp};
use crate::fmt_util::binary_prefix;
use crate::fsmonitor::FsmonitorKind;
use crate::signing::SignBehavior;

#[derive(Debug, Clone)]
pub struct UserSettings {
Expand Down Expand Up @@ -63,6 +64,42 @@ impl Default for GitSettings {
}
}

#[derive(Debug, Clone, Default)]
pub struct SignSettings {
pub behavior: SignBehavior,
pub user_email: String,
pub key: Option<String>,
}

impl SignSettings {
pub fn from_settings(settings: &UserSettings) -> Self {
let sign_all = settings
.config()
.get_bool("signing.sign-all")
.unwrap_or(false);
Self {
behavior: if sign_all {
SignBehavior::Own
} else {
SignBehavior::Keep
},
user_email: settings.user_email(),
key: settings.config().get_string("signing.key").ok(),
}
}

pub fn should_sign(&self, commit: &Commit) -> bool {
match self.behavior {
SignBehavior::Drop => false,
SignBehavior::Keep => {
commit.secure_sig.is_some() && commit.author.email == self.user_email
}
SignBehavior::Own => commit.author.email == self.user_email,
SignBehavior::Force => true,
}
}
}

fn get_timestamp_config(config: &config::Config, key: &str) -> Option<Timestamp> {
match config.get_string(key) {
Ok(timestamp_str) => match DateTime::parse_from_rfc3339(&timestamp_str) {
Expand Down Expand Up @@ -215,6 +252,16 @@ impl UserSettings {
e @ Err(_) => e,
}
}

// separate from sign_settings as those two are needed in pretty different
// places
pub fn signing_backend(&self) -> Option<String> {
self.config.get_string("signing.backend").ok()
}

pub fn sign_settings(&self) -> SignSettings {
SignSettings::from_settings(self)
}
}

/// This Rng uses interior mutability to allow generating random values using an
Expand Down
Loading

0 comments on commit 0dd1775

Please sign in to comment.