build: only sign if a gpg key able to sign is present

2026-01-06 18:07:34 +01:00
parent b3365afe5b
commit 1c9f6cccd2
6 changed files with 107 additions and 2 deletions
--- a/src/utils/gpg.rs
+++ b/src/utils/gpg.rs
@@ -0,0 +1,32 @@
+use gpgme::{Context, Protocol};
+
+/// Check if a GPG key matching 'email' exists
+/// Returns the key ID if found, None otherwise
+pub fn find_signing_key_for_email(
+    email: &str,
+) -> Result<Option<String>, Box<dyn std::error::Error>> {
+    // Create a new GPG context
+    let mut ctx = Context::from_protocol(Protocol::OpenPgp)?;
+
+    // List all secret keys
+    let keys = ctx.secret_keys()?;
+
+    // Find a key that matches the email and can sign
+    for key_result in keys {
+        let key = key_result?;
+        // Check if the key has signing capability
+        if key.can_sign() {
+            // Check user IDs for email match
+            for user_id in key.user_ids() {
+                if let Ok(userid_email) = user_id.email()
+                    && userid_email.eq_ignore_ascii_case(email)
+                    && let Ok(fingerprint) = key.fingerprint()
+                {
+                    return Ok(Some(fingerprint.to_string()));
+                }
+            }
+        }
+    }
+
+    Ok(None)
+}