Conversation
Add off-tree object-signature verifier implementations for go-git's plugin.Verifier API, mirroring the existing objectsigner plugins: - objectverifier/gpg: verifies armored OpenPGP detached signatures against a keyring (gpg.FromKeyRing), rejecting multi-signature payloads. Includes a conformance suite cross-checked against real `git verify-commit`/`verify-tag`. - objectverifier/ssh: verifies sshsig armored signatures in the "git" namespace against a trusted public key (ssh.FromKey). Both pin the unmerged go-git Verifier work (PR #2235). The integration conformance harness (conformance_*_test.go) is exempted from linting as it shells out to git/gpg. Assisted-by: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: Paulo Gomes <paulo@entire.io>
There was a problem hiding this comment.
Pull request overview
Adds off-tree plugin.Verifier implementations for verifying Git object signatures via OpenPGP (GPG) and SSH (sshsig), along with unit tests and a Linux-only conformance harness that cross-checks behavior against git verify-commit / git verify-tag. Also updates golangci-lint config to exempt the conformance harness from linting.
Changes:
- Add
plugin/objectverifier/gpgverifier with multi-signature rejection and conformance tests against the Git CLI. - Add
plugin/objectverifier/sshverifier that validatessshsigsignatures in thegitnamespace, plus unit tests. - Update
.golangci.yamlto exclude conformance test harness files from linting.
Reviewed changes
Copilot reviewed 10 out of 12 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| plugin/objectverifier/ssh/ssh.go | Implements SSH-based verifier using sshsig in the git namespace. |
| plugin/objectverifier/ssh/ssh_test.go | Unit tests for SSH verifier behavior (valid, tampered, untrusted key, nil message). |
| plugin/objectverifier/ssh/go.mod | Defines standalone module for SSH verifier and its dependencies. |
| plugin/objectverifier/ssh/go.sum | Dependency lockfile for SSH verifier module. |
| plugin/objectverifier/gpg/gpg.go | Implements OpenPGP detached-signature verifier with multi-signature rejection. |
| plugin/objectverifier/gpg/gpg_test.go | Unit tests for GPG verifier behavior (valid, tampered, multi-sig, nil message). |
| plugin/objectverifier/gpg/go.mod | Defines standalone module for GPG verifier and its dependencies. |
| plugin/objectverifier/gpg/go.sum | Dependency lockfile for GPG verifier module. |
| plugin/objectverifier/gpg/conformance_tag_test.go | Linux-only conformance tests aligning tag verification verdicts with Git CLI. |
| plugin/objectverifier/gpg/conformance_commit_test.go | Linux-only conformance tests aligning commit verification verdicts with Git CLI. |
| plugin/objectverifier/gpg/conformance_main_test.go | Shared conformance harness (repo setup, GPG setup, Git CLI helpers). |
| .golangci.yaml | Attempts to exclude conformance harness tests from linting (currently broken by YAML indentation). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Integration-test harnesses shell out to git/gpg and rely on patterns the | ||
| # production-oriented linters flag (subprocess exec, package-level test | ||
| # state, long table-driven tests). Exempt them from linting. | ||
| paths: | ||
| - conformance_.*_test\.go |
|
Just to mention several comin (a gitops NixOs deployment tool) users/contriburtors are really interested in the SSH signed commit verification support! And btw, thank you for go-git ;) |
Add off-tree object-signature verifier implementations for go-git's plugin.Verifier API, mirroring the existing objectsigner plugins:
git verify-commit/verify-tag.Both pin the unmerged go-git Verifier work (PR #2235). The integration conformance harness (conformance_*_test.go) is exempted from linting as it shells out to git/gpg.
Relates to go-git/go-git#2235 and go-git/go-git#1869.