git: Add ability to PGP sign commits

This adds the ability to sign commits by adding the SignKey field to
CommitOptions. If present, the commit will be signed during the
WorkTree.Commit call.

The supplied SignKey must already be decrypted by the caller.

Signed-off-by: Chris Marchesi <chrism@vancluevertech.com>

1 files changed, 25 insertions, 0 deletions

diff --git a/worktree_commit.go b/worktree_commit.go
index 5fa63ab..ad7880a 100644
--- a/worktree_commit.go
+++ b/worktree_commit.go
@@ -4,6 +4,7 @@ import (
 	"path"
 	"strings"
 
+	"golang.org/x/crypto/openpgp"
 	"gopkg.in/src-d/go-git.v4/plumbing"
 	"gopkg.in/src-d/go-git.v4/plumbing/filemode"
 	"gopkg.in/src-d/go-git.v4/plumbing/format/index"
@@ -92,6 +93,14 @@ func (w *Worktree) buildCommitObject(msg string, opts *CommitOptions, tree plumb
 		ParentHashes: opts.Parents,
 	}
 
+	if opts.SignKey != nil {
+		sig, err := w.buildCommitSignature(commit, opts.SignKey)
+		if err != nil {
+			return plumbing.ZeroHash, err
+		}
+		commit.PGPSignature = sig
+	}
+
 	obj := w.r.Storer.NewEncodedObject()
 	if err := commit.Encode(obj); err != nil {
 		return plumbing.ZeroHash, err
@@ -99,6 +108,22 @@ func (w *Worktree) buildCommitObject(msg string, opts *CommitOptions, tree plumb
 	return w.r.Storer.SetEncodedObject(obj)
 }
 
+func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *openpgp.Entity) (string, error) {
+	encoded := &plumbing.MemoryObject{}
+	if err := commit.Encode(encoded); err != nil {
+		return "", err
+	}
+	r, err := encoded.Reader()
+	if err != nil {
+		return "", err
+	}
+	var b strings.Builder
+	if err := openpgp.ArmoredDetachSign(&b, signKey, r, nil); err != nil {
+		return "", err
+	}
+	return b.String(), nil
+}
+
 // buildTreeHelper converts a given index.Index file into multiple git objects
 // reading the blobs from the given filesystem and creating the trees from the
 // index structure. The created objects are pushed to a given Storer.