From ef03e15038824c8951eede2f17ad9dafbd5a32d3 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Sun, 29 Aug 2021 10:14:01 -0400
Subject: rebase: deprecate signing_cb

The signing callback should not be used; instead, callers should provide
a commit_create_cb, perform the signing and commit creation themselves.
---
 include/git2/commit.h     | 21 ---------------------
 include/git2/deprecated.h | 21 +++++++++++++++++++++
 include/git2/rebase.h     | 11 ++++++++++-
 src/rebase.c              |  7 ++++++-
 tests/rebase/sign.c       | 37 ++++++++++++++++++++++++++-----------
 5 files changed, 63 insertions(+), 34 deletions(-)

diff --git a/include/git2/commit.h b/include/git2/commit.h
index 650bf65a5..4d74b8994 100644
--- a/include/git2/commit.h
+++ b/include/git2/commit.h
@@ -539,27 +539,6 @@ typedef int (*git_commit_create_cb)(
 	const git_commit *parents[],
 	void *payload);
 
-/**
- * Commit signing callback.
- *
- * The callback will be called with the commit content, giving a user an
- * opportunity to sign the commit content. The signature_field
- * buf may be left empty to specify the default field "gpgsig".
- *
- * Signatures can take the form of any string, and can be created on an arbitrary
- * header field. Signatures are most commonly used for verifying authorship of a
- * commit using GPG or a similar cryptographically secure signing algorithm.
- * See https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work for more
- * details.
- *
- * When the callback:
- * - returns GIT_PASSTHROUGH, no signature will be added to the commit.
- * - returns < 0, commit creation will be aborted.
- * - returns GIT_OK, the signature parameter is expected to be filled.
- */
-typedef int (*git_commit_signing_cb)(
-	git_buf *signature, git_buf *signature_field, const char *commit_content, void *payload);
-
 /** @} */
 GIT_END_DECL
 #endif
diff --git a/include/git2/deprecated.h b/include/git2/deprecated.h
index ac60488ac..611848e10 100644
--- a/include/git2/deprecated.h
+++ b/include/git2/deprecated.h
@@ -205,6 +205,27 @@ GIT_EXTERN(void) git_buf_free(git_buf *buffer);
 
 /**@}*/
 
+/** @name Deprecated Commit Definitions
+ */
+/**@{*/
+
+/**
+ * Provide a commit signature during commit creation.
+ *
+ * Callers should instead define a `git_commit_create_cb` that
+ * generates a commit buffer using `git_commit_create_buffer`, sign
+ * that buffer and call `git_commit_create_with_signature`.
+ *
+ * @deprecated use a `git_commit_create_cb` instead
+ */
+typedef int (*git_commit_signing_cb)(
+	git_buf *signature,
+	git_buf *signature_field,
+	const char *commit_content,
+	void *payload);
+
+/**@}*/
+
 /** @name Deprecated Config Functions and Constants
  */
 /**@{*/
diff --git a/include/git2/rebase.h b/include/git2/rebase.h
index 7d2d5de69..11e452cbf 100644
--- a/include/git2/rebase.h
+++ b/include/git2/rebase.h
@@ -86,17 +86,26 @@ typedef struct {
 	 */
 	git_commit_create_cb commit_create_cb;
 
+#ifdef GIT_DEPRECATE_HARD
+	void *reserved;
+#else
 	/**
 	 * If provided, this will be called with the commit content, allowing
 	 * a signature to be added to the rebase commit. Can be skipped with
 	 * GIT_PASSTHROUGH. If GIT_PASSTHROUGH is returned, a commit will be made
 	 * without a signature.
+	 *
 	 * This field is only used when performing git_rebase_commit.
 	 *
 	 * This callback is not invoked if a `git_commit_create_cb` is
 	 * specified.
+	 *
+	 * This callback is deprecated; users should provide a
+	 * creation callback as `commit_create_cb` that produces a
+	 * commit buffer, signs it, and commits it.
 	 */
-	git_commit_signing_cb signing_cb;
+	int (*signing_cb)(git_buf *, git_buf *, const char *, void *);
+#endif
 
 	/**
 	 * This will be passed to each of the callbacks in this struct
diff --git a/src/rebase.c b/src/rebase.c
index ddd82e910..4f10c296b 100644
--- a/src/rebase.c
+++ b/src/rebase.c
@@ -943,6 +943,7 @@ int git_rebase_inmemory_index(
 	return 0;
 }
 
+#ifndef GIT_DEPRECATE_HARD
 static int create_signed(
 	git_oid *out,
 	git_rebase *rebase,
@@ -988,6 +989,7 @@ done:
 	git_buf_dispose(&commit_content);
 	return error;
 }
+#endif
 
 static int rebase_commit__create(
 	git_commit **out,
@@ -1044,11 +1046,14 @@ static int rebase_commit__create(
 
 		git_error_set_after_callback_function(error,
 			"commit_create_cb");
-	} else if (rebase->options.signing_cb) {
+	}
+#ifndef GIT_DEPRECATE_HARD
+	else if (rebase->options.signing_cb) {
 		error = create_signed(&commit_id, rebase, author,
 			committer, message_encoding, message, tree,
 			1, (const git_commit **)&parent_commit);
 	}
+#endif
 
 	if (error == GIT_PASSTHROUGH)
 		error = git_commit_create(&commit_id, rebase->repo, NULL,
diff --git a/tests/rebase/sign.c b/tests/rebase/sign.c
index 464767800..8b0473c3c 100644
--- a/tests/rebase/sign.c
+++ b/tests/rebase/sign.c
@@ -248,29 +248,33 @@ void test_rebase_sign__create_propagates_error(void)
 	git_rebase_free(rebase);
 }
 
-static const char *expected_commit_content = "tree cd99b26250099fc38d30bfaed7797a7275ed3366\n\
-parent f87d14a4a236582a0278a916340a793714256864\n\
-author Edward Thomson <ethomson@edwardthomson.com> 1405625055 -0400\n\
-committer Rebaser <rebaser@rebaser.rb> 1405694510 +0000\n\
-\n\
-Modification 3 to gravy\n";
-
+#ifndef GIT_DEPRECATE_HARD
 int signing_cb_passthrough(
 	git_buf *signature,
 	git_buf *signature_field,
 	const char *commit_content,
 	void *payload)
 {
+	static const char *expected_commit_content = "\
+tree cd99b26250099fc38d30bfaed7797a7275ed3366\n\
+parent f87d14a4a236582a0278a916340a793714256864\n\
+author Edward Thomson <ethomson@edwardthomson.com> 1405625055 -0400\n\
+committer Rebaser <rebaser@rebaser.rb> 1405694510 +0000\n\
+\n\
+Modification 3 to gravy\n";
+
 	cl_assert_equal_b(false, git_buf_is_allocated(signature));
 	cl_assert_equal_b(false, git_buf_is_allocated(signature_field));
 	cl_assert_equal_s(expected_commit_content, commit_content);
 	cl_assert_equal_p(NULL, payload);
 	return GIT_PASSTHROUGH;
 }
+#endif /* !GIT_DEPRECATE_HARD */
 
 /* git checkout gravy ; git rebase --merge veal */
 void test_rebase_sign__passthrough_signing_cb(void)
 {
+#ifndef GIT_DEPRECATE_HARD
 	git_rebase *rebase;
 	git_reference *branch_ref, *upstream_ref;
 	git_annotated_commit *branch_head, *upstream_head;
@@ -310,15 +314,18 @@ committer Rebaser <rebaser@rebaser.rb> 1405694510 +0000\n";
 	git_annotated_commit_free(upstream_head);
 	git_commit_free(commit);
 	git_rebase_free(rebase);
+#endif /* !GIT_DEPRECATE_HARD */
 }
 
+#ifndef GIT_DEPRECATE_HARD
 int signing_cb_gpg(
 	git_buf *signature,
 	git_buf *signature_field,
 	const char *commit_content,
 	void *payload)
 {
-	const char *gpg_signature = "-----BEGIN PGP SIGNATURE-----\n\
+	const char *gpg_signature = "\
+-----BEGIN PGP SIGNATURE-----\n\
 \n\
 iQIzBAEBCgAdFiEEgVlDEfSlmKn0fvGgK++h5T2/ctIFAlwZcrAACgkQK++h5T2/\n\
 ctIPVhAA42RyZhMdKl5Bm0KtQco2scsukIg2y7tjSwhti91zDu3HQgpusjjo0fQx\n\
@@ -343,10 +350,12 @@ cttVRsdOoego+fiy08eFE+aJIeYiINRGhqOBTsuqG4jIdpdKxPE=\n\
 	cl_git_pass(git_buf_set(signature, gpg_signature, strlen(gpg_signature) + 1));
 	return GIT_OK;
 }
+#endif /* !GIT_DEPRECATE_HARD */
 
 /* git checkout gravy ; git rebase --merge veal */
 void test_rebase_sign__gpg_with_no_field(void)
 {
+#ifndef GIT_DEPRECATE_HARD
 	git_rebase *rebase;
 	git_reference *branch_ref, *upstream_ref;
 	git_annotated_commit *branch_head, *upstream_head;
@@ -354,7 +363,8 @@ void test_rebase_sign__gpg_with_no_field(void)
 	git_oid commit_id, expected_id;
 	git_rebase_options rebase_opts = GIT_REBASE_OPTIONS_INIT;
 	git_commit *commit;
-	const char *expected_commit_raw_header = "tree cd99b26250099fc38d30bfaed7797a7275ed3366\n\
+	const char *expected_commit_raw_header = "\
+tree cd99b26250099fc38d30bfaed7797a7275ed3366\n\
 parent f87d14a4a236582a0278a916340a793714256864\n\
 author Edward Thomson <ethomson@edwardthomson.com> 1405625055 -0400\n\
 committer Rebaser <rebaser@rebaser.rb> 1405694510 +0000\n\
@@ -402,9 +412,11 @@ gpgsig -----BEGIN PGP SIGNATURE-----\n\
 	git_annotated_commit_free(upstream_head);
 	git_commit_free(commit);
 	git_rebase_free(rebase);
+#endif /* !GIT_DEPRECATE_HARD */
 }
 
 
+#ifndef GIT_DEPRECATE_HARD
 int signing_cb_magic_field(
 	git_buf *signature,
 	git_buf *signature_field,
@@ -426,10 +438,12 @@ int signing_cb_magic_field(
 
 	return GIT_OK;
 }
+#endif /* !GIT_DEPRECATE_HARD */
 
 /* git checkout gravy ; git rebase --merge veal */
 void test_rebase_sign__custom_signature_field(void)
 {
+#ifndef GIT_DEPRECATE_HARD
 	git_rebase *rebase;
 	git_reference *branch_ref, *upstream_ref;
 	git_annotated_commit *branch_head, *upstream_head;
@@ -437,7 +451,8 @@ void test_rebase_sign__custom_signature_field(void)
 	git_oid commit_id, expected_id;
 	git_rebase_options rebase_opts = GIT_REBASE_OPTIONS_INIT;
 	git_commit *commit;
-	const char *expected_commit_raw_header = "tree cd99b26250099fc38d30bfaed7797a7275ed3366\n\
+	const char *expected_commit_raw_header = "\
+tree cd99b26250099fc38d30bfaed7797a7275ed3366\n\
 parent f87d14a4a236582a0278a916340a793714256864\n\
 author Edward Thomson <ethomson@edwardthomson.com> 1405625055 -0400\n\
 committer Rebaser <rebaser@rebaser.rb> 1405694510 +0000\n\
@@ -470,5 +485,5 @@ magicsig magic word: pretty please\n";
 	git_annotated_commit_free(upstream_head);
 	git_commit_free(commit);
 	git_rebase_free(rebase);
+#endif /* !GIT_DEPRECATE_HARD */
 }
-
-- 
cgit v1.2.1