fix: forward git user.signingkey configuration when using gpg forwarding

Signed-off-by: Luca Di Maio <luca.dimaio1@gmail.com>
loft-sh · Dec 13, 2023 · fead677 · fead677
1 parent a6b78e5
commit fead677
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 3 deletions.
diff --git a/cmd/agent/workspace/setup_gpg.go b/cmd/agent/workspace/setup_gpg.go
@@ -17,6 +17,7 @@ type SetupGPGCmd struct {
 	PublicKey  string
 	OwnerTrust string
 	SocketPath string
+	GitKey     string
 }
 
 // NewSetupGPGCmd creates a new command
@@ -35,6 +36,7 @@ func NewSetupGPGCmd(flags *flags.GlobalFlags) *cobra.Command {
 	setupGPGCmd.Flags().StringVar(&cmd.PublicKey, "publickey", "", "GPG Public keys to import in armor form")
 	setupGPGCmd.Flags().StringVar(&cmd.OwnerTrust, "ownertrust", "", "GPG Owner trust to import in armor form")
 	setupGPGCmd.Flags().StringVar(&cmd.SocketPath, "socketpath", "", "patht to the gpg socket forwarded")
+	setupGPGCmd.Flags().StringVar(&cmd.GitKey, "gitkey", "", "gpg key to use for git commit signing")
 	return setupGPGCmd
 }
 
@@ -68,6 +70,7 @@ func (cmd *SetupGPGCmd) Run(ctx context.Context) error {
 		PublicKey:  publicKey,
 		OwnerTrust: ownerTrust,
 		SocketPath: cmd.SocketPath,
+		GitKey:     cmd.GitKey,
 	}
 
 	logger.Debugf("Stopping container gpg-agent")
@@ -114,5 +117,11 @@ func (cmd *SetupGPGCmd) Run(ctx context.Context) error {
 		return err
 	}
 
+	logger.Debugf("Setup git signing key")
+	err = gpgConf.SetupGpgGitKey()
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
diff --git a/cmd/ssh.go b/cmd/ssh.go
@@ -452,6 +452,12 @@ func (cmd *SSHCmd) setupGPGAgent(
 	gpgExtraSocketPath := strings.TrimSpace(string(gpgExtraSocketBytes))
 	log.Debugf("gpg: detected gpg-agent socket path %s", gpgExtraSocketPath)
 
+	gitGpgKey, err := exec.Command("git", []string{"config", "user.signingKey"}...).Output()
+	if err != nil {
+		log.Debugf("gpg: no git signkey detected, skipping")
+	}
+	log.Debugf("gpg: detected git sign key %s", gitGpgKey)
+
 	log.Debugf("ssh: starting reverse forwarding socket %s", gpgExtraSocketPath)
 	cmd.ReverseForwardPorts = append(cmd.ReverseForwardPorts, gpgExtraSocketPath)
 
@@ -469,6 +475,13 @@ func (cmd *SSHCmd) setupGPGAgent(
 	// fix eventual permissions and so on
 	forwardAgent := []string{
 		agent.ContainerDevPodHelperLocation,
+	}
+
+	if log.GetLevel() == logrus.DebugLevel {
+		forwardAgent = append(forwardAgent, "--debug")
+	}
+
+	forwardAgent = append(forwardAgent, []string{
 		"agent",
 		"workspace",
 		"setup-gpg",
@@ -478,10 +491,11 @@ func (cmd *SSHCmd) setupGPGAgent(
 		ownerTrustArgument,
 		"--socketpath",
 		gpgExtraSocketPath,
-	}
+	}...)
 
-	if log.GetLevel() == logrus.DebugLevel {
-		forwardAgent = append(forwardAgent, "--debug")
+	if len(gitGpgKey) > 0 {
+		forwardAgent = append(forwardAgent, "--gitkey")
+		forwardAgent = append(forwardAgent, string(gitGpgKey))
 	}
 
 	log.Debugf(

diff --git a/pkg/gpg/gpg_forwarding.go b/pkg/gpg/gpg_forwarding.go
@@ -21,6 +21,7 @@ type GPGConf struct {
 	PublicKey  []byte
 	OwnerTrust []byte
 	SocketPath string
+	GitKey     string
 }
 
 func IsGpgTunnelRunning(
@@ -88,6 +89,19 @@ func (g *GPGConf) ImportOwnerTrust() error {
 	return gpgOwnerTrustCmd.Run()
 }
 
+func (g *GPGConf) SetupGpgGitKey() error {
+	if g.GitKey != "" {
+		gitConfigCmd := exec.Command("git", []string{"config", "--global", "user.signingKey", g.GitKey}...)
+
+		out, err := gitConfigCmd.Output()
+		if err != nil {
+			return fmt.Errorf("git signkey: %s", string(out))
+		}
+	}
+
+	return nil
+}
+
 func (g *GPGConf) SetupGpgConf() error {
 	_, err := os.Stat(g.getConfigPath())
 	if err != nil {