From c9b720fb7b4c1f22d8f7cfa7273c77190c4ba979 Mon Sep 17 00:00:00 2001
From: Julien Vincent <m@julienvincent.io>
Date: Tue, 13 Feb 2024 22:58:24 +0000
Subject: [PATCH] Add config and flag to control sig verification

---
 cli/src/cli_util.rs              |  7 +++++++
 cli/src/config-schema.json       |  5 +++++
 cli/tests/cli-reference@.md.snap |  4 ++++
 cli/tests/test_global_opts.rs    |  1 +
 lib/src/commit.rs                |  4 ++++
 lib/src/signing.rs               | 12 +++++++++++-
 lib/tests/test_signing.rs        | 10 +++++-----
 7 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/cli/src/cli_util.rs b/cli/src/cli_util.rs
index 31d2ff43bc1..8509d276f00 100644
--- a/cli/src/cli_util.rs
+++ b/cli/src/cli_util.rs
@@ -2638,6 +2638,9 @@ pub struct EarlyArgs {
         action = ArgAction::SetTrue
     )]
     pub no_sign: Option<bool>,
+    /// Verify and show commit signatures
+    #[arg(long, global = true, action = ArgAction::SetTrue)]
+    pub show_signature: Option<bool>,
     /// Additional configuration options (can be repeated)
     //  TODO: Introduce a `--config` option with simpler syntax for simple
     //  cases, designed so that `--config ui.color=auto` works
@@ -2832,6 +2835,10 @@ fn handle_early_args(
         args.config_toml
             .push(r#"signing.sign-all=false"#.to_owned());
     }
+    if args.show_signature.unwrap_or_default() {
+        args.config_toml
+            .push(r#"signing.show-signatures=true"#.to_owned());
+    }
     if !args.config_toml.is_empty() {
         layered_configs.parse_config_args(&args.config_toml)?;
         ui.reset(&layered_configs.merge())?;
diff --git a/cli/src/config-schema.json b/cli/src/config-schema.json
index 380d96effb0..cd74894111f 100644
--- a/cli/src/config-schema.json
+++ b/cli/src/config-schema.json
@@ -374,6 +374,11 @@
                     "description": "Whether to sign all commits by default. Overridden by global `--no-sign` option",
                     "default": false
                 },
+                "show-signatures": {
+                    "type": "boolean",
+                    "description": "Whether or not to always verify and display commit signatures",
+                    "default": false
+                },
                 "backends": {
                     "type": "object",
                     "description": "Tables of options to pass to specific signing backends",
diff --git a/cli/tests/cli-reference@.md.snap b/cli/tests/cli-reference@.md.snap
index a114c7946e7..bacb7ccb0ec 100644
--- a/cli/tests/cli-reference@.md.snap
+++ b/cli/tests/cli-reference@.md.snap
@@ -170,6 +170,10 @@ repository.
 
   Possible values: `true`, `false`
 
+* `--show-signature` — Verify and show commit signatures
+
+  Possible values: `true`, `false`
+
 * `--config-toml <TOML>` — Additional configuration options (can be repeated)
 
 
diff --git a/cli/tests/test_global_opts.rs b/cli/tests/test_global_opts.rs
index adaf01a8352..c1b76b33962 100644
--- a/cli/tests/test_global_opts.rs
+++ b/cli/tests/test_global_opts.rs
@@ -454,6 +454,7 @@ fn test_help() {
                                          performed by the operation
           --no-sign                      Don't sign unsigned commits when configured to sign all, is
                                          ignored otherwise
+          --show-signature               Verify and show commit signatures
           --config-toml <TOML>           Additional configuration options (can be repeated)
     "###);
 }
diff --git a/lib/src/commit.rs b/lib/src/commit.rs
index 65e2e1379da..d8eace53666 100644
--- a/lib/src/commit.rs
+++ b/lib/src/commit.rs
@@ -155,6 +155,10 @@ impl Commit {
 
     /// A slow (but cached) way to get the full verification.
     pub fn verification(&self) -> SignResult<Option<Verification>> {
+        if !self.store().signer().show_signatures {
+            return None.transpose();
+        }
+
         self.data
             .secure_sig
             .as_ref()
diff --git a/lib/src/signing.rs b/lib/src/signing.rs
index cbd4d7bf683..ded20a7b8ad 100644
--- a/lib/src/signing.rs
+++ b/lib/src/signing.rs
@@ -167,6 +167,9 @@ pub struct Signer {
     /// for ownership reasons.
     backends: Vec<Box<dyn SigningBackend>>,
     cache: RwLock<HashMap<CommitId, Verification>>,
+
+    /// Whether or not signatures should be verified and shown
+    pub show_signatures: bool,
 }
 
 impl Signer {
@@ -190,18 +193,25 @@ impl Signer {
             })
             .transpose()?;
 
-        Ok(Self::new(main_backend, backends))
+        let show_signatures = settings
+            .config()
+            .get_bool("signing.show-signatures")
+            .unwrap_or(false);
+
+        Ok(Self::new(main_backend, backends, show_signatures))
     }
 
     /// Creates a signer with the given backends.
     pub fn new(
         main_backend: Option<Box<dyn SigningBackend>>,
         other_backends: Vec<Box<dyn SigningBackend>>,
+        show_signatures: bool,
     ) -> Self {
         Self {
             main_backend,
             backends: other_backends,
             cache: Default::default(),
+            show_signatures,
         }
     }
 
diff --git a/lib/tests/test_signing.rs b/lib/tests/test_signing.rs
index 6afaac98a7e..8bda438b78e 100644
--- a/lib/tests/test_signing.rs
+++ b/lib/tests/test_signing.rs
@@ -41,7 +41,7 @@ const GOOD_VERIFICATION: &str = r#"Ok(Some(Verification { status: Good, key: Som
 fn manual(backend: TestRepoBackend) {
     let settings = user_settings(true);
 
-    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![]);
+    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![], true);
     let test_workspace = TestWorkspace::init_with_backend_and_signer(&settings, backend, signer);
 
     let repo = &test_workspace.repo;
@@ -71,7 +71,7 @@ fn manual(backend: TestRepoBackend) {
 fn keep_on_rewrite(backend: TestRepoBackend) {
     let settings = user_settings(true);
 
-    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![]);
+    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![], true);
     let test_workspace = TestWorkspace::init_with_backend_and_signer(&settings, backend, signer);
 
     let repo = &test_workspace.repo;
@@ -97,7 +97,7 @@ fn keep_on_rewrite(backend: TestRepoBackend) {
 fn manual_drop_on_rewrite(backend: TestRepoBackend) {
     let settings = user_settings(true);
 
-    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![]);
+    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![], true);
     let test_workspace = TestWorkspace::init_with_backend_and_signer(&settings, backend, signer);
 
     let repo = &test_workspace.repo;
@@ -127,7 +127,7 @@ fn manual_drop_on_rewrite(backend: TestRepoBackend) {
 fn forced(backend: TestRepoBackend) {
     let settings = user_settings(true);
 
-    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![]);
+    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![], true);
     let test_workspace = TestWorkspace::init_with_backend_and_signer(&settings, backend, signer);
 
     let repo = &test_workspace.repo;
@@ -150,7 +150,7 @@ fn forced(backend: TestRepoBackend) {
 fn configured(backend: TestRepoBackend) {
     let settings = user_settings(true);
 
-    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![]);
+    let signer = Signer::new(Some(Box::new(TestSigningBackend)), vec![], true);
     let test_workspace = TestWorkspace::init_with_backend_and_signer(&settings, backend, signer);
 
     let repo = &test_workspace.repo;