Add templater support for rendering commit signatures

CHANGELOG.md

@@ -32,6 +32,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 * `jj evolog` now accepts `--reversed`.
 
+* Add templater support for rendering commit signatures.
+
 ### Fixed bugs
 
 ## [0.25.0] - 2025-01-01

cli/src/commit_templater.rs

@@ -49,6 +49,10 @@ use jj_lib::revset::RevsetDiagnostics;
 use jj_lib::revset::RevsetModifier;
 use jj_lib::revset::RevsetParseContext;
 use jj_lib::revset::UserRevsetExpression;
+use jj_lib::signing::SigStatus;
+use jj_lib::signing::SignError;
+use jj_lib::signing::SignResult;
+use jj_lib::signing::Verification;
 use jj_lib::store::Store;
 use once_cell::unsync::OnceCell;
 
@@ -243,6 +247,19 @@ impl<'repo> TemplateLanguage<'repo> for CommitTemplateLanguage<'repo> {
                 let build = template_parser::lookup_method(type_name, table, function)?;
                 build(self, diagnostics, build_ctx, property, function)
             }
+            CommitTemplatePropertyKind::CryptographicSignatureOpt(property) => {
+                let type_name = "CryptographicSignature";
+                let table = &self.build_fn_table.cryptographic_signature_methods;
+                let build = template_parser::lookup_method(type_name, table, function)?;
+                let inner_property = property.try_unwrap(type_name);
+                build(
+                    self,
+                    diagnostics,
+                    build_ctx,
+                    Box::new(inner_property),
+                    function,
+                )
+            }
         }
     }
 }
@@ -319,6 +336,12 @@ impl<'repo> CommitTemplateLanguage<'repo> {
     ) -> CommitTemplatePropertyKind<'repo> {
         CommitTemplatePropertyKind::TreeDiff(Box::new(property))
     }
+
+    fn wrap_cryptographic_signature_opt(
+        property: impl TemplateProperty<Output = Option<CryptographicSignature>> + 'repo,
+    ) -> CommitTemplatePropertyKind<'repo> {
+        CommitTemplatePropertyKind::CryptographicSignatureOpt(Box::new(property))
+    }
 }
 
 pub enum CommitTemplatePropertyKind<'repo> {
@@ -332,6 +355,9 @@ pub enum CommitTemplatePropertyKind<'repo> {
     CommitOrChangeId(Box<dyn TemplateProperty<Output = CommitOrChangeId> + 'repo>),
     ShortestIdPrefix(Box<dyn TemplateProperty<Output = ShortestIdPrefix> + 'repo>),
     TreeDiff(Box<dyn TemplateProperty<Output = TreeDiff> + 'repo>),
+    CryptographicSignatureOpt(
+        Box<dyn TemplateProperty<Output = Option<CryptographicSignature>> + 'repo>,
+    ),
 }
 
 impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
@@ -347,6 +373,9 @@ impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
             CommitTemplatePropertyKind::CommitOrChangeId(_) => "CommitOrChangeId",
             CommitTemplatePropertyKind::ShortestIdPrefix(_) => "ShortestIdPrefix",
             CommitTemplatePropertyKind::TreeDiff(_) => "TreeDiff",
+            CommitTemplatePropertyKind::CryptographicSignatureOpt(_) => {
+                "Option<CryptographicSignature>"
+            }
         }
     }
 
@@ -372,6 +401,9 @@ impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
             // TODO: boolean cast could be implemented, but explicit
             // diff.empty() method might be better.
             CommitTemplatePropertyKind::TreeDiff(_) => None,
+            CommitTemplatePropertyKind::CryptographicSignatureOpt(property) => {
+                Some(Box::new(property.map(|sig| sig.is_some())))
+            }
         }
     }
 
@@ -408,6 +440,7 @@ impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
                 Some(property.into_template())
             }
             CommitTemplatePropertyKind::TreeDiff(_) => None,
+            CommitTemplatePropertyKind::CryptographicSignatureOpt(_) => None,
         }
     }
 
@@ -426,6 +459,7 @@ impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
             (CommitTemplatePropertyKind::CommitOrChangeId(_), _) => None,
             (CommitTemplatePropertyKind::ShortestIdPrefix(_), _) => None,
             (CommitTemplatePropertyKind::TreeDiff(_), _) => None,
+            (CommitTemplatePropertyKind::CryptographicSignatureOpt(_), _) => None,
         }
     }
 
@@ -447,6 +481,7 @@ impl<'repo> IntoTemplateProperty<'repo> for CommitTemplatePropertyKind<'repo> {
             (CommitTemplatePropertyKind::CommitOrChangeId(_), _) => None,
             (CommitTemplatePropertyKind::ShortestIdPrefix(_), _) => None,
             (CommitTemplatePropertyKind::TreeDiff(_), _) => None,
+            (CommitTemplatePropertyKind::CryptographicSignatureOpt(_), _) => None,
         }
     }
 }
@@ -463,6 +498,8 @@ pub struct CommitTemplateBuildFnTable<'repo> {
     pub commit_or_change_id_methods: CommitTemplateBuildMethodFnMap<'repo, CommitOrChangeId>,
     pub shortest_id_prefix_methods: CommitTemplateBuildMethodFnMap<'repo, ShortestIdPrefix>,
     pub tree_diff_methods: CommitTemplateBuildMethodFnMap<'repo, TreeDiff>,
+    pub cryptographic_signature_methods:
+        CommitTemplateBuildMethodFnMap<'repo, CryptographicSignature>,
 }
 
 impl<'repo> CommitTemplateBuildFnTable<'repo> {
@@ -475,6 +512,7 @@ impl<'repo> CommitTemplateBuildFnTable<'repo> {
             commit_or_change_id_methods: builtin_commit_or_change_id_methods(),
             shortest_id_prefix_methods: builtin_shortest_id_prefix_methods(),
             tree_diff_methods: builtin_tree_diff_methods(),
+            cryptographic_signature_methods: builtin_cryptographic_signature_methods(),
         }
     }
 
@@ -486,6 +524,7 @@ impl<'repo> CommitTemplateBuildFnTable<'repo> {
             commit_or_change_id_methods: HashMap::new(),
             shortest_id_prefix_methods: HashMap::new(),
             tree_diff_methods: HashMap::new(),
+            cryptographic_signature_methods: HashMap::new(),
         }
     }
 
@@ -497,6 +536,7 @@ impl<'repo> CommitTemplateBuildFnTable<'repo> {
             commit_or_change_id_methods,
             shortest_id_prefix_methods,
             tree_diff_methods,
+            cryptographic_signature_methods,
         } = extension;
 
         self.core.merge(core);
@@ -511,6 +551,10 @@ impl<'repo> CommitTemplateBuildFnTable<'repo> {
             shortest_id_prefix_methods,
         );
         merge_fn_map(&mut self.tree_diff_methods, tree_diff_methods);
+        merge_fn_map(
+            &mut self.cryptographic_signature_methods,
+            cryptographic_signature_methods,
+        );
     }
 }
 
@@ -621,6 +665,14 @@ fn builtin_commit_methods<'repo>() -> CommitTemplateBuildMethodFnMap<'repo, Comm
             Ok(L::wrap_boolean(out_property))
         },
     );
+    map.insert(
+        "signature",
+        |_language, _diagnostics, _build_ctx, self_property, function| {
+            function.expect_no_arguments()?;
+            let out_property = self_property.map(CryptographicSignature::new);
+            Ok(L::wrap_cryptographic_signature_opt(out_property))
+        },
+    );
     map.insert(
         "working_copies",
         |language, _diagnostics, _build_ctx, self_property, function| {
@@ -1671,3 +1723,74 @@ fn builtin_tree_diff_methods<'repo>() -> CommitTemplateBuildMethodFnMap<'repo, T
     // TODO: add files() or map() to support custom summary-like formatting?
     map
 }
+
+#[derive(Debug)]
+pub struct CryptographicSignature {
+    commit: Commit,
+}
+
+impl CryptographicSignature {
+    fn new(commit: Commit) -> Option<Self> {
+        commit.is_signed().then_some(Self { commit })
+    }
+
+    fn verify(&self) -> SignResult<Verification> {
+        self.commit
+            .verification()
+            .transpose()
+            .expect("must have signature")
+    }
+
+    fn status(&self) -> SignResult<SigStatus> {
+        self.verify().map(|verification| verification.status)
+    }
+
+    /// Defaults to empty string if key is not present.
+    fn key(&self) -> SignResult<String> {
+        self.verify()
+            .map(|verification| verification.key.unwrap_or_default())
+    }
+
+    /// Defaults to empty string if display is not present.
+    fn display(&self) -> SignResult<String> {
+        self.verify()
+            .map(|verification| verification.display.unwrap_or_default())
+    }
+}
+
+pub fn builtin_cryptographic_signature_methods<'repo>(
+) -> CommitTemplateBuildMethodFnMap<'repo, CryptographicSignature> {
+    type L<'repo> = CommitTemplateLanguage<'repo>;
+    // Not using maplit::hashmap!{} or custom declarative macro here because
+    // code completion inside macro is quite restricted.
+    let mut map = CommitTemplateBuildMethodFnMap::<CryptographicSignature>::new();
+    map.insert(
+        "status",
+        |_language, _diagnostics, _build_ctx, self_property, function| {
+            function.expect_no_arguments()?;
+            let out_property = self_property.and_then(|sig| match sig.status() {
+                Ok(status) => Ok(status.to_string()),
+                Err(SignError::InvalidSignatureFormat) => Ok("invalid".to_string()),
+                Err(err) => Err(err.into()),
+            });
+            Ok(L::wrap_string(out_property))
+        },
+    );
+    map.insert(
+        "key",
+        |_language, _diagnostics, _build_ctx, self_property, function| {
+            function.expect_no_arguments()?;
+            let out_property = self_property.and_then(|sig| Ok(sig.key()?));
+            Ok(L::wrap_string(out_property))
+        },
+    );
+    map.insert(
+        "display",
+        |_language, _diagnostics, _build_ctx, self_property, function| {
+            function.expect_no_arguments()?;
+            let out_property = self_property.and_then(|sig| Ok(sig.display()?));
+            Ok(L::wrap_string(out_property))
+        },
+    );
+    map
+}

cli/tests/test_commit_template.rs

@@ -1209,3 +1209,27 @@ fn test_log_diff_predefined_formats() {
     +c
     "###);
 }
+
+#[test]
+fn test_signature_templates() {
+    let test_env = TestEnvironment::default();
+
+    test_env.add_config(r#"signing.sign-all = true"#);
+    test_env.add_config(r#"signing.backend = "test""#);
+
+    test_env.jj_cmd_ok(test_env.env_root(), &["git", "init", "repo"]);
+    let repo_path = test_env.env_root().join("repo");
+
+    let template = r#"if(signature,
+                         signature.status() ++ " " ++ signature.display(),
+                         "no"
+                      ) ++ " signature""#;
+
+    let stdout = test_env.jj_cmd_success(&repo_path, &["log", "-T", template]);
+    insta::assert_snapshot!(stdout, @r"
+        @  good test-display signature
+        ◆  no signature");
+
+    let stdout = test_env.jj_cmd_success(&repo_path, &["show", "-T", template]);
+    insta::assert_snapshot!(stdout, @"good test-display signature");
+}

docs/config.md

@@ -1027,6 +1027,17 @@ as follows:
 backends.ssh.allowed-signers = "/path/to/allowed-signers"
 ```
 
+## Commit Signature Verification
+
+By default signature verification and display is **disabled** as it incurs a
+performance cost when rendering medium to large change logs.
+
+If you want to display commit signatures in your templates, you can use
+`commit.signature()` (see [Commit type](./templates.md#commit-type)). The
+returned [CryptographicSignature
+Type](./templates.md#cryptographicsignature-type) provides methods to retrieve
+signature details.
+
 ## Git settings
 
 ### Default remotes for `jj git fetch` and `jj git push`

docs/templates.md

@@ -93,6 +93,7 @@ This type cannot be printed. The following methods are defined.
 * `parents() -> List<Commit>`
 * `author() -> Signature`
 * `committer() -> Signature`
+* `signature() -> Option<CryptographicSignature>`
 * `mine() -> Boolean`: Commits where the author's email matches the email of the current
   user.
 * `working_copies() -> String`: For multi-workspace repository, indicate
@@ -129,6 +130,29 @@ The following methods are defined.
 * `.short([len: Integer]) -> String`
 * `.shortest([min_len: Integer]) -> ShortestIdPrefix`: Shortest unique prefix.
 
+### CryptographicSignature type
+
+The following methods are defined.
+
+* `.status() -> String`: The signature's status (`"good"`, `"bad"`, `"unknown"`, `"invalid"`).
+* `.key() -> String`: The signature's key id representation (for GPG, this is the key fingerprint).
+* `.display() -> String`: The signature's display string (for GPG this is the formatted primary user ID).
+
+!!! warning
+
+    Calling any of `.status()`, `.key()`, or `.display()` is slow, as it incurs
+    the performance cost of verifying the signature (for example shelling out
+    to `gpg` or `ssh-keygen`). Though consecutive calls will be faster, because
+    the backend caches the verification result.
+
+!!! info
+
+    As opposed to calling any of `.status()`, `.key()`, or `.display()`,
+    checking for signature presence through boolean coercion is fast:
+    ```
+    if(commit.signature(), "commit has a signature", "commit is unsigned")
+    ```
+
 ### Email type
 
 The following methods are defined.

lib/src/lib.rs

@@ -89,6 +89,8 @@ pub mod stacked_table;
 pub mod store;
 pub mod str_util;
 pub mod submodule_store;
+#[cfg(feature = "testing")]
+pub mod test_signing_backend;
 pub mod time_util;
 pub mod transaction;
 pub mod tree;

lib/src/signing.rs

@@ -16,6 +16,7 @@
 //! various backends.
 
 use std::fmt::Debug;
+use std::fmt::Display;
 use std::sync::Mutex;
 
 use clru::CLruCache;
@@ -27,6 +28,8 @@ use crate::gpg_signing::GpgBackend;
 use crate::settings::UserSettings;
 use crate::ssh_signing::SshBackend;
 use crate::store::COMMIT_CACHE_CAPACITY;
+#[cfg(feature = "testing")]
+use crate::test_signing_backend::TestSigningBackend;
 
 /// A status of the signature, part of the [Verification] type.
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -39,6 +42,17 @@ pub enum SigStatus {
     Bad,
 }
 
+impl Display for SigStatus {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        let s = match self {
+            SigStatus::Good => "good",
+            SigStatus::Unknown => "unknown",
+            SigStatus::Bad => "bad",
+        };
+        write!(f, "{s}")
+    }
+}
+
 /// The result of a signature verification.
 /// Key and display are optional additional info that backends can or can not
 /// provide to add additional information for the templater to potentially show.
@@ -166,6 +180,8 @@ impl Signer {
         let mut backends: Vec<Box<dyn SigningBackend>> = vec![
             Box::new(GpgBackend::from_settings(settings).map_err(SignInitError::BackendConfig)?),
             Box::new(SshBackend::from_settings(settings).map_err(SignInitError::BackendConfig)?),
+            #[cfg(feature = "testing")]
+            Box::new(TestSigningBackend),
             // Box::new(X509Backend::from_settings(settings).map_err(..)?),
         ];