add support for external ssh signing

[seanaye]

This Pull Request fixes/closes #2188.

It changes the following:

• Adds support for external bin signing with ssh keys

EDIT: I have added a test for the new feature, let me know if this is not sufficient or what to change, its a bit hard to test external binaries.

I ran make check without errors except for the python check, I don't have python on my system which I'm guessing is the cause of the failure

I followed the checklist:

• I added unittests
• I ran make check without errors
• I tested the overall application
• I added an appropriate item to the changelog

[extrawurst]

@yanganto you are the most prominent user of ssh-signing. can you review this?

[extrawurst]

@seanaye is there a way to write a test for this?

[seanaye]

I'll try to write some tests this week

[kucho]

Very excited about this feature to start using gitui as my daily driver! Thank you, @seanaye 🙏

[dkarter]

Thank you for working on this! would love to see it released

[robrecord]

Hi @seanaye - sorry to ping and realise you must be busy; hoping you can still throw resources at this; Myself, I currently have to stop using 1p ssh signing due to breaking my gitui workflow. Thanks for your time spent thus far.

[seanaye]

@robrecord no worries! I actually totally forgot about this, I think I can find some time this week to finish it up

[seanaye]

@extrawurst @yanganto please let me know what else I can do to help get this merged

[yanganto]

@extrawurst @yanganto please let me know what else I can do to help get this merged

Hi @seanaye,
The previous suggestion about no additional struct in the PR may not help you merge this PR, but it is good to respond even if you don't think we need any changes.

[extrawurst]

@kucho @dkarter @robrecord anyone who can help by building this branch and testing it with their setup and reporting back here can help get this merged.

[seanaye]

@extrawurst @yanganto please let me know what else I can do to help get this merged

Hi @seanaye,

The previous suggestion about no additional struct in the PR may not help you merge this PR, but it is good to respond even if you don't think we need any changes.

I'm not quite sure what you mean by this, I don't see any previous feedback. If you review the PR I'm happy to make changes

[yanganto]

Does it work with gpg.program = gpg2?
What program have we already tested?

It will be good to have a CI if we want to make sure this feature always works in the future.

[seanaye]

Does it work with gpg.program = gpg2?

What program have we already tested?

It will be good to have a CI if we want to make sure this feature always works in the future.

I have tested so far with the 1Password ssh agent but the CLI arguments are standardized as far as I know

https://developer.1password.com/docs/ssh/git-commit-signing/

I think adding this to CI may be difficult as it would require adding new system dependencies to the image where the CI runs. For example installing the 1Password CLI inside a docker image.

[yonas]

Ping

[yanganto]

Do we need the debug code dbg! here?

[yanganto]

I thought the dbg!, eprintln!, and debug_cmd_print! in this project is only in used in test cases, if I am wrong please also let me know. Thanks. 🙏

[robrecord]

@kucho @dkarter @robrecord anyone who can help by building this branch and testing it with their setup and reporting back here can help get this merged.

Thank you for requesting my feedback.

I have built this branch and tried to make it work but I am getting the same error: "sign builder error: Failed to retrieve 'user.signingkey' from the git configuration: Currently, we only support a pair of ssh key in disk."

As far as I can see I have the same essential config as seaneye.

@seanaye I assume it is working for you; are there any special steps I need to take to allow this to work please?

Using 1Password for Mac 8.10.48 (81048025)

$ gitui --version 
gitui nightly 2024-10-19 (f45a5a4)

# global git config:
[user]
	signingkey = /path/to/my/key.pub
[commit]
	gpgsign = true
[gpg]
	format = ssh
[gpg "ssh"]
	program = /Applications/1Password.app/Contents/MacOS/op-ssh-sign

Nothing overridden in my local config.

I also tried using a program called Secretive (Version 2.4.1 (1.7648958148)). I commented out the ssh program and changed the key path to my Secretive key. I got the same error as above.

Lastly I fell back to using plain SSH on disk without a signing program. On committing usign gitui, the error was now different: "the private key is encrypted", as expected.