git: Clean up API around signing commits and tags#1847
Merged
pjbgf merged 5 commits intogo-git:mainfrom Feb 14, 2026
Merged
Conversation
The SignKey field has been superseded by the Signer interface, which provides greater extensibility and supports signing options beyond PGP. Signed-off-by: Paulo Gomes <pjbgf@linux.com>
The support for signing commits using other mechanisms beyond PGP was introduced as a patch change in the v5 release, which meant that cleaning up previous types was out of scope. As a breaking change Commit.PGPSignature is now being renamed to Commit.Signature, reflecting that this field is agnostic to the method used to generate the signature. Signed-off-by: Paulo Gomes <pjbgf@linux.com>
The support for signing tags using other mechanisms beyond PGP was introduced as a patch change in the v5 release, which meant that cleaning up previous types was out of scope. As a breaking change Tag.PGPSignature is now being renamed to Tag.Signature, reflecting that this field is agnostic to the method used to generate the signature. Signed-off-by: Paulo Gomes <pjbgf@linux.com>
…E` PEM label This keeps feature parity with `git` behavior. See PR go-git#1169 for more details and context.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces breaking API cleanups to reflect existing support for multiple signature types (beyond OpenPGP) across commits and annotated tags, and aligns X.509 signature parsing behavior with upstream git/gnupg.
Changes:
- Remove
SignKeyfromCommitOptions, relying solely onCommitOptions.Signerfor commit signing. - Rename
PGPSignaturetoSignatureonobject.Commitandobject.Tag, updating encode/decode/verify call sites and tests accordingly. - Update signature parsing to no longer treat
-----BEGIN CERTIFICATE-----as an X.509 signature marker (onlySIGNED MESSAGEis recognized).
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
worktree_commit_test.go |
Updates commit-signing tests to use CommitOptions.Signer instead of SignKey. |
worktree_commit.go |
Removes SignKey→Signer fallback conversion; writes commit signatures to Commit.Signature. |
signer_test.go |
Updates the signer example to reference Signature instead of PGPSignature. |
repository.go |
Writes tag signatures to Tag.Signature instead of Tag.PGPSignature. |
plumbing/object/tag_test.go |
Updates tag signature serialization/verification tests to use Signature. |
plumbing/object/tag.go |
Renames PGPSignature field to Signature and updates decode/encode/verify flows. |
plumbing/object/signature_test.go |
Adjusts tests to reflect removal of BEGIN CERTIFICATE detection for X.509. |
plumbing/object/signature.go |
Removes -----BEGIN CERTIFICATE----- from recognized X.509 signature formats. |
plumbing/object/commit_test.go |
Updates commit signature tests to use Signature. |
plumbing/object/commit.go |
Renames PGPSignature field to Signature and updates decode/encode/verify flows. |
options.go |
Removes CommitOptions.SignKey, leaving CommitOptions.Signer as the signing mechanism. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Paulo Gomes <paulo.gomes.uk@gmail.com>
|
After this change, should the Or is the plan that this kind of logic should be extracted into the openpgp package itself? Now this code is only used and accessible within the tests for |
3 tasks
Member
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The support for signatures beyond PGP were introduced as non-breaking enhancements within
v5. This PR introduces breaking changes to better reflect the existing support.SignKeyfrom CommitOptions. Users should use the fieldSignerinstead, which is supported sincev5.PGPSignaturein bothTagandCommitstructs are now calledSignature, to reflect the support of signatures beyond PGP.BEGIN CERTIFICATEfor x509 signatures. This change aligns with upstream git and gnupg. We will continue to supportBEGIN SIGNED MESSAGE, as per official git docs.Follow-up from #690, #996 and #1029.
Relates to #910 #400.