wip: new implementation in janet

tionis · tionis · commit ad8c87127b51 · 2023-02-18T21:24:15.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+build/
diff --git a/git-skm/cli.janet b/git-skm/cli.janet
@@ -0,0 +1,31 @@
+#!/bin/env janet
+(use ./init)
+
+(defn cli/trust [args]
+  (if (first args)
+    (trust (first args))
+    (error "no commit hash to trust given")))
+
+(defn cli/generate-allowed-signers [args]
+  (generate-allowed-signers))
+
+(defn cli/verify-commit [args]
+  (if (first args)
+    (verify-commit (first args))
+    (verify-commit "HEAD")))
+
+(defn cli/help []
+  (print `simple key management
+         available subcommands:
+           help - show this help
+           generate - generate the allowed_signers file
+           verify-commit - verify a specific commit (or HEAD if no commit ref was given)
+           trust - set trust anchor (this is the last commit hash that you trust)`))
+
+(defn main [_ & args]
+  (case (first args)
+    "help" (cli/help)
+    "verify-commit" (cli/verify-commit (slice args 1 -1))
+    "generate" (cli/generate-allowed-signers (slice args 1 -1))
+    "trust" (cli/trust (slice args 1 -1))
+    (cli/help)))
diff --git a/git-skm/init.janet b/git-skm/init.janet
@@ -0,0 +1,11 @@
+(:import ./util :export true)
+
+(defn verify-one-commit [commit]
+  # Verify a commit using the allowed_signers from its parent
+  )
+
+(defn verify-commit [commit])
+
+(defn generate-allowed-signers [repo])
+
+(defn trust [repo commit])
diff --git a/git-skm/parser.janet b/git-skm/parser.janet
@@ -0,0 +1,29 @@
+(def commit-grammar (peg/compile
+  ~{:main (replace (* "tree " (capture :object-id) "\n"
+                      :parents
+                      "author " :person "\n"
+                      "committer " :person "\n"
+                      (opt (* (capture :gpgsig)))
+                      "\n"
+                      (capture (to -1)))
+                    ,(fn [& args]
+                       (if (= (length args) 6)
+                         {:tree (args 0) :parents (args 1) :author (args 2) :committer (args 3) :gpgsig (args 4) :message (args 5)}
+                         {:tree (args 0) :parents (args 1) :author (args 2) :committer (args 3) :message (args 4)})))
+    :parents (replace (some (* "parent " (capture :object-id) "\n"))
+                      ,(fn [& x] x))
+    :object-id (repeat 40 :w)
+    :person (replace (* (capture (to (* " " :timestamp))) " " :timestamp)
+                     ,|{:author $0 :timestamp $1})
+    :timestamp (replace (* (capture :unix-time) " " (capture :offset))
+                        ,|{:time $0 :offset $1})
+    :unix-time (repeat 10 :d)
+    :offset (* (+ "+" "-") (repeat 4 :d))
+    :gpgsig (+ (* "gpgsig -----BEGIN SSH SIGNATURE-----" (thru "-----END SSH SIGNATURE-----\n"))
+               (* "gpgsig -----BEGIN PGP SIGNATURE-----" (thru "-----END PGP SIGNATURE-----\n \n")))
+    }))
+
+(defn parse-commit [commit]
+  (peg/match commit-grammar commit))
+
+(defn render-commit [parsed-commit])
diff --git a/git-skm/util.janet b/git-skm/util.janet
@@ -0,0 +1,35 @@
+(import spork/sh)
+(import spork/path)
+
+(defn get-repo-root []
+  (if (dyn :repo-root)
+    (dyn :repo-root)
+    (let [repo-root (sh/exec-slurp "git" "rev-parse" "--git-dir")]
+      (setdyn :repo-root repo-root)
+      repo-root)))
+
+(defn get-repo-top-level []
+  (if (dyn :repo-top-level)
+    (dyn :repo-top-level)
+    (let [repo-top-level (sh/exec-slurp "git" "rev-parse" "--show-toplevel")]
+      (setdyn :repo-top-level repo-top-level)
+      repo-top-level)))
+
+(defn get-allowed-signers-absolute-path []
+  (if (dyn :allowed-signers-absolute-path)
+    (dyn :allowed-signers-absolute-path)
+    (try
+      (let [allowed-signers-absolute-path (sh/exec-slurp "git" "config" "--local" "skm.allowedSignersFile")]
+        (let [stat (os/stat allowed-signers-absolute-path)]
+          (if (or (not stat) (not= (stat :mode) :file))
+            (error "allowedSignersFile does not exist or is not a file")))
+        (setdyn :allowed-signers-absolute-path allowed-signers-absolute-path))
+      ([err]
+       (do
+          (setdyn :allowed-signers-absolute-path (path/join (get-repo-top-level) ".allowed_signers"))
+          (sh/exec-slurp "git" "config" "--local" "skm.allowedSignersFile" (dyn :allowed-signers-absolute-path)))))))
+
+(defn get-allowed-signers-relative-path []
+  (if (dyn :allowed-signers-relative-path)
+    (dyn :allowed-signers-relative-path)
+    (path/relpath (get-repo-top-level) (get-allowed-signers-absolute-path))))
diff --git a/project.janet b/project.janet
@@ -0,0 +1,16 @@
+(declare-project
+  :name "git-skm"
+  :description "git simple key management - manages ssh keys for git repos"
+  :dependencies ["https://github.com/janet-lang/spork"]
+  :author "tionis.dev"
+  :license "MIT"
+  :url "https://tasadar.net/tionis/git-skm"
+  :repo "git+https://tasadar.net/tionis/git-skm")
+
+(declare-source
+  :source ["git-skm"])
+
+(declare-executable
+  :name "git-skm"
+  :entry "git-skm/cli.janet"
+  :install true)
