feat: separate sign command, keyring from env

Author: calmh

internal/pgp/cli.go

@@ -0,0 +1,32 @@
+package pgp
+
+import (
+	"encoding/base64"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+)
+
+type CLI struct {
+	Keyring       string `group:"Keyring" help:"Path to GPG keyring" type:"existingfile" env:"EZAPT_KEYRING"`
+	KeyringBase64 string `group:"Keyring" help:"GPG keyring as base64" env:"EZAPT_KEYRING_BASE64"`
+}
+
+func (c *CLI) Signer() (*Signer, error) {
+	var keyringReader io.Reader
+	if c.KeyringBase64 != "" {
+		keyringReader = base64.NewDecoder(base64.StdEncoding, strings.NewReader(c.KeyringBase64))
+	} else if c.Keyring != "" {
+		fd, err := os.Open(c.Keyring)
+		if err != nil {
+			return nil, err
+		}
+		defer fd.Close()
+		keyringReader = fd
+	} else {
+		return nil, fmt.Errorf("no keyring provided")
+	}
+
+	return NewSigner(keyringReader)
+}

internal/publish/pgp.go internal/pgp/pgp.go

@@ -1,4 +1,4 @@
-package publish
+package pgp
 
 import (
 	"crypto"
@@ -12,13 +12,13 @@ import (
 	openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
 )
 
-type signer struct {
+type Signer struct {
 	entities []*openpgp.Entity
 }
 
-func newSigner(keychain io.Reader) (*signer, error) {
+func NewSigner(keychain io.Reader) (*Signer, error) {
 	pr := packet.NewReader(keychain)
-	s := &signer{}
+	s := &Signer{}
 	for {
 		ent, err := openpgp.ReadEntity(pr)
 		if err == io.EOF {
@@ -33,12 +33,12 @@ func newSigner(keychain io.Reader) (*signer, error) {
 	return s, nil
 }
 
-type seekable interface {
+type Seekable interface {
 	io.Reader
 	io.Seeker
 }
 
-func (s *signer) DetachSign(in seekable, out io.Writer) error {
+func (s *Signer) DetachSign(in Seekable, out io.Writer) error {
 	if len(s.entities) == 0 {
 		return fmt.Errorf("no entities")
 	}
@@ -51,7 +51,7 @@ func (s *signer) DetachSign(in seekable, out io.Writer) error {
 	return nil
 }
 
-func (s *signer) ClearSign(in seekable, out io.Writer) error {
+func (s *Signer) ClearSign(in Seekable, out io.Writer) error {
 	if len(s.entities) == 0 {
 		return fmt.Errorf("no entities")
 	}

internal/publish/publish.go

@@ -6,14 +6,15 @@ import (
 	"os"
 	"path/filepath"
 
+	"kastelo.dev/ezapt/internal/pgp"
 	"pault.ag/go/debian/deb"
 )
 
 type CLI struct {
 	Dists        string `required:"" help:"Path to dists directory" type:"existingdir" env:"EZAPT_DISTS"`
 	KeepVersions int    `help:"Number of versions to keep" default:"2" env:"EZAPT_KEEP_VERSIONS"`
-	Keyring      string `required:"" help:"Path to GPG keyring" type:"existingfile" env:"EZAPT_KEYRING"`
 	Add          string `help:"Path to packages to add" type:"existingdir" env:"EZAPT_ADD"`
+	pgp.CLI
 }
 
 func (c *CLI) Run() error {
@@ -38,12 +39,7 @@ func (c *CLI) Run() error {
 		return fmt.Errorf("publish: globbing: %w", err)
 	}
 
-	fd, err := os.Open(c.Keyring)
-	if err != nil {
-		return fmt.Errorf("publish: %w", err)
-	}
-	sign, err := newSigner(fd)
-	fd.Close()
+	sign, err := c.Signer()
 	if err != nil {
 		return fmt.Errorf("publish: %w", err)
 	}

internal/publish/release.go

@@ -10,6 +10,8 @@ import (
 	"strings"
 	"text/template"
 	"time"
+
+	"kastelo.dev/ezapt/internal/pgp"
 )
 
 type release struct {
@@ -143,7 +145,7 @@ func writeRelease(dist string) error {
 	return nil
 }
 
-func signRelease(dist string, s *signer) error {
+func signRelease(dist string, s *pgp.Signer) error {
 	in, err := os.Open(filepath.Join(dist, "Release"))
 	if err != nil {
 		return err

internal/sign/publish.go

@@ -0,0 +1,40 @@
+package sign
+
+import (
+	"fmt"
+	"os"
+
+	"kastelo.dev/ezapt/internal/pgp"
+)
+
+type CLI struct {
+	Files []string `arg:"" help:"Files to sign" type:"existingfile" env:"EZAPT_FILES"`
+	pgp.CLI
+}
+
+func (c *CLI) Run() error {
+	sign, err := c.Signer()
+	if err != nil {
+		return fmt.Errorf("sign: %w", err)
+	}
+
+	for _, file := range c.Files {
+		in, err := os.Open(file)
+		if err != nil {
+			return fmt.Errorf("open: %w", err)
+		}
+		defer in.Close()
+		out, err := os.Create(file + ".asc")
+		if err != nil {
+			return fmt.Errorf("create: %w", err)
+		}
+		if err := sign.ClearSign(in, out); err != nil {
+			return fmt.Errorf("sign: %w", err)
+		}
+		if err := out.Close(); err != nil {
+			return fmt.Errorf("close: %w", err)
+		}
+	}
+
+	return nil
+}

main.go

@@ -6,10 +6,16 @@ import (
 
 	"github.com/alecthomas/kong"
 	"kastelo.dev/ezapt/internal/publish"
+	"kastelo.dev/ezapt/internal/sign"
 )
 
+type CLI struct {
+	Publish publish.CLI `cmd:"" help:"Publish a repository." default:""`
+	Sign    sign.CLI    `cmd:"" help:"Sign files."`
+}
+
 func main() {
-	var cli publish.CLI
+	var cli CLI
 	ctx := kong.Parse(&cli)
 	if err := ctx.Run(); err != nil {
 		slog.Error("Failed to run", "error", err)