refactor: Extract shared GPG temp-directory setup into a helper#10
Merged
refactor: Extract shared GPG temp-directory setup into a helper#10
Conversation
Extract the repeated temp-directory creation, key import, and cleanup from SignCleartext, SignDetachedBinary, and SignDetachedBinaryFromFile into a shared ensureGPGHome() helper with lazy initialization via sync.Once. The GPG home is created once on first use and reused for all subsequent CLI signing operations, avoiding redundant key imports (e.g., when Pacman signs each package individually in a loop). A Close() method is added for cleanup, called via io.Closer type assertion in generate.go. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In
internal/signer/gpg.go, three methods —SignCleartext(line 83),SignDetachedBinary(line 143), andSignDetachedBinaryFromFile(line 189) — each independently create a temporary GPG home directory, import the private key, and clean up afterward. This is ~15 lines of identical boilerplate repeated three times.Extract a helper like
withGPGHome(fn func(tmpDir string) error) error(or similar) that handles temp dir creation, key import, and deferred cleanup. Each signing method would then only contain its format-specific GPG invocation. This also ensures that any future bug fix to the setup/teardown logic (e.g., setting--no-permission-warning) only needs to happen in one place.Additionally, when
SignDetachedBinaryFromFileis called in a loop (e.g., Pacman signs every package individually ininternal/generator/pacman/generator.go:157), a new GPG home is created and the key is re-imported for every single package. Consider caching the GPG home directory for the lifetime of theGPGSigner(creating it lazily on first use, cleaning it up via aClose()method) to avoid redundant key imports.Automated improvement by yeti improvement-identifier