Add config and flag to control sig verification

cli/src/cli_util.rs

@@ -2638,6 +2638,9 @@ pub struct EarlyArgs {
         action = ArgAction::SetTrue
     )]
     pub no_sign: Option<bool>,
+    /// Verify and show commit signatures
+    #[arg(long, global = true, action = ArgAction::SetTrue)]
+    pub show_signature: Option<bool>,
     /// Additional configuration options (can be repeated)
     //  TODO: Introduce a `--config` option with simpler syntax for simple
     //  cases, designed so that `--config ui.color=auto` works
@@ -2832,6 +2835,10 @@ fn handle_early_args(
         args.config_toml
             .push(r#"signing.sign-all=false"#.to_owned());
     }
+    if args.show_signature.unwrap_or_default() {
+        args.config_toml
+            .push(r#"signing.show-signatures=true"#.to_owned());
+    }
     if !args.config_toml.is_empty() {
         layered_configs.parse_config_args(&args.config_toml)?;
         ui.reset(&layered_configs.merge())?;

cli/src/config-schema.json

@@ -374,6 +374,11 @@
                     "description": "Whether to sign all commits by default. Overridden by global `--no-sign` option",
                     "default": false
                 },
+                "show-signatures": {
+                    "type": "boolean",
+                    "description": "Whether or not to always verify and display commit signatures",
+                    "default": false
+                },
                 "backends": {
                     "type": "object",
                     "description": "Tables of options to pass to specific signing backends",

cli/tests/test_global_opts.rs

@@ -454,6 +454,7 @@ fn test_help() {
                                          performed by the operation
           --no-sign                      Don't sign unsigned commits when configured to sign all, is
                                          ignored otherwise
+          --show-signature               Verify and show commit signatures
           --config-toml <TOML>           Additional configuration options (can be repeated)
     "###);
 }

lib/src/commit.rs

@@ -155,6 +155,10 @@ impl Commit {
 
     /// A slow (but cached) way to get the full verification.
     pub fn verification(&self) -> SignResult<Option<Verification>> {
+        if !self.store().signer().show_signatures {
+            return None.transpose();
+        }
+
         self.data
             .secure_sig
             .as_ref()

lib/src/signing.rs

@@ -167,6 +167,9 @@ pub struct Signer {
     /// for ownership reasons.
     backends: Vec<Box<dyn SigningBackend>>,
     cache: RwLock<HashMap<CommitId, Verification>>,
+
+    /// Whether or not signatures should be verified and shown
+    pub show_signatures: bool,
 }
 
 impl Signer {
@@ -190,18 +193,25 @@ impl Signer {
             })
             .transpose()?;
 
-        Ok(Self::new(main_backend, backends))
+        let show_signatures = settings
+            .config()
+            .get_bool("signing.show-signatures")
+            .unwrap_or(false);
+
+        Ok(Self::new(main_backend, backends, show_signatures))
     }
 
     /// Creates a signer with the given backends.
     pub fn new(
         main_backend: Option<Box<dyn SigningBackend>>,
         other_backends: Vec<Box<dyn SigningBackend>>,
+        show_signatures: bool,
     ) -> Self {
         Self {
             main_backend,
             backends: other_backends,
             cache: Default::default(),
+            show_signatures,
         }
     }
 

lib/tests/test_signing.rs

@@ -41,7 +41,7 @@ const GOOD_VERIFICATION: &str = r#"Ok(Some(Verification { status: Good, key: Som
 fn manual(backend: TestRepoBackend) {
     let settings = user_settings(true);
 
-    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![]);
+    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![], true);
     let test_workspace = TestWorkspace::init_with_backend_and_signer(&settings, backend, signer);
 
     let repo = &test_workspace.repo;
@@ -71,7 +71,7 @@ fn manual(backend: TestRepoBackend) {
 fn keep_on_rewrite(backend: TestRepoBackend) {
     let settings = user_settings(true);
 
-    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![]);
+    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![], true);
     let test_workspace = TestWorkspace::init_with_backend_and_signer(&settings, backend, signer);
 
     let repo = &test_workspace.repo;
@@ -97,7 +97,7 @@ fn keep_on_rewrite(backend: TestRepoBackend) {
 fn manual_drop_on_rewrite(backend: TestRepoBackend) {
     let settings = user_settings(true);
 
-    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![]);
+    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![], true);
     let test_workspace = TestWorkspace::init_with_backend_and_signer(&settings, backend, signer);
 
     let repo = &test_workspace.repo;
@@ -127,7 +127,7 @@ fn manual_drop_on_rewrite(backend: TestRepoBackend) {
 fn forced(backend: TestRepoBackend) {
     let settings = user_settings(true);
 
-    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![]);
+    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![], true);
     let test_workspace = TestWorkspace::init_with_backend_and_signer(&settings, backend, signer);
 
     let repo = &test_workspace.repo;
@@ -150,7 +150,7 @@ fn forced(backend: TestRepoBackend) {
 fn configured(backend: TestRepoBackend) {
     let settings = user_settings(true);
 
-    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![]);
+    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![], true);
     let test_workspace = TestWorkspace::init_with_backend_and_signer(&settings, backend, signer);
 
     let repo = &test_workspace.repo;