Module allowed_signers

Expand description

Parser for the OpenSSH allowed_signers file format.

Git uses this file to map SSH public keys to the principals (usually email addresses) that are authorized to sign commits under a given namespace. The format is documented in ssh-keygen(1) under the ALLOWED SIGNERS heading.

Each non-blank, non-comment line has the form:

principals [options] key-type base64-key [comment]

principals is a comma-separated list of fnmatch-style patterns (a quoted string if any pattern contains spaces).
options is an optional comma-separated list of key[="value"] pairs. Only namespaces="<list>" is honored for git’s purposes.
key-type + base64-key is the public key, in the same wire form used by authorized_keys.

§Examples

use gitway_lib::allowed_signers::AllowedSigners;

let signers = AllowedSigners::load(std::path::Path::new("~/.config/git/allowed_signers"))
    .unwrap();
for entry in signers.entries() {
    println!("{:?}", entry.principals);
}

§Errors

AllowedSigners::parse rejects lines that are syntactically ill-formed (missing key type, unterminated quoted principals, invalid base64). Blank lines and #-comments are skipped silently.

Structs§

AllowedSigners: The parsed contents of an allowed_signers file.
Entry: A single principal-to-key mapping parsed from an allowed_signers file.