#
#
# patch "cert.cc"
#  from [4dfcd5002bb3c18c3036bc51a9b17bb72446d1ff]
#    to [44058fa1abee01113e0b345b05d3ccf8d3ff8d8b]
# 
# patch "cert.hh"
#  from [4f90382d5837117659acaa5208a7561e7f8514b2]
#    to [e701aae7d97a2002010ca4b2ae34d71afc44e61f]
# 
# patch "cmd_key_cert.cc"
#  from [cf5e55e1b74816d4e881626ba63c4efe712ef1e3]
#    to [f86c02cb2c35fc5fcf0f230ce4401d2dbae80023]
# 
# patch "cmd_netsync.cc"
#  from [85389e376de990a6beb16c7cef2a9508e58c460c]
#    to [b6f9c849aff12fe7342afa7006152210124a4ad1]
# 
# patch "cmd_ws_commit.cc"
#  from [981134c77ca685b9872bfffe1814efefb686a7f8]
#    to [f11a3f1a5a4514f555f694ad8a6900d22a74ea5d]
# 
# patch "key_store.cc"
#  from [c80ab11d5a63b7d353bbdbc5d90fae99722e8793]
#    to [0aeeb39500d4d38fde8deebadeb33e375f6468f1]
# 
# patch "key_store.hh"
#  from [3add5fc4cc7026191dcabfc3401532881dec29d2]
#    to [9a06452a95d8bdaabfc38962b8cd2e405793f120]
# 
# patch "rcs_import.cc"
#  from [c4343f5f7eb1a9c2952b9c31ec3c8b88ece5b4b5]
#    to [9e1be182841139486ddd18f69aaa0b99b1c86cee]
# 
# patch "revision.cc"
#  from [b7e38b645c5490b8e8bcab40b05c468d188f815e]
#    to [0e3aadb55aff09d27f37f879d011ca3063705619]
#
============================================================
--- cert.cc	4dfcd5002bb3c18c3036bc51a9b17bb72446d1ff
+++ cert.cc	44058fa1abee01113e0b345b05d3ccf8d3ff8d8b
@@ -440,20 +440,20 @@ void
 // "special certs"
 
 void
-get_user_key(rsa_keypair_id & key, app_state & app)
+get_user_key(rsa_keypair_id & key, key_store & keys)
 {
 
-  if (app.opts.signing_key() != "")
+  if (keys.has_opt_signing_key())
     {
-      key = app.opts.signing_key;
+      key = keys.get_opt_signing_key();
       return;
     }
 
-  if (app.lua.hook_get_branch_key(app.opts.branchname, key))
+  if (keys.hook_get_current_branch_key(key))
     return;
 
   vector<rsa_keypair_id> all_privkeys;
-  app.keys.get_keys(all_privkeys);
+  keys.get_keys(all_privkeys);
   N(!all_privkeys.empty(), 
     F("you have no private key to make signatures with\n"
       "perhaps you need to 'genkey <your email>'"));
@@ -511,7 +511,7 @@ make_simple_cert(hexenc<id> const & id,
                  cert & c)
 {
   rsa_keypair_id key;
-  get_user_key(key, app);
+  get_user_key(key, app.keys);
   base64<cert_value> encoded_val;
   encode_base64(cv, encoded_val);
   cert t(id, nm, encoded_val, key);
@@ -566,7 +566,7 @@ cert_revision_author_default(revision_id
 {
   string author;
   rsa_keypair_id key;
-  get_user_key(key, app);
+  get_user_key(key, app.keys);
 
   if (!app.lua.hook_get_author(app.opts.branchname, key, author))
     {
============================================================
--- cert.hh	4f90382d5837117659acaa5208a7561e7f8514b2
+++ cert.hh	e701aae7d97a2002010ca4b2ae34d71afc44e61f
@@ -105,7 +105,7 @@ void
 
 // N()'s out if there is no unique key for us to use
 void
-get_user_key(rsa_keypair_id & key, app_state & app);
+get_user_key(rsa_keypair_id & key, key_store & keys);
 
 void
 guess_branch(revision_id const & id, app_state & app, branch_name & branchname);
============================================================
--- cmd_key_cert.cc	cf5e55e1b74816d4e881626ba63c4efe712ef1e3
+++ cmd_key_cert.cc	f86c02cb2c35fc5fcf0f230ce4401d2dbae80023
@@ -126,7 +126,7 @@ CMD(ssh_agent_export, N_("key and cert")
 
   rsa_keypair_id id;
   keypair key;
-  get_user_key(id, app);
+  get_user_key(id, app.keys);
   N(priv_key_exists(app.keys, id), F("the key you specified cannot be found"));
   app.keys.get_key_pair(id, key);
   shared_ptr<RSA_PrivateKey> priv = get_private_key(app.keys, id, key.priv);
@@ -164,7 +164,7 @@ CMD(ssh_agent_add, N_("key and cert"), "
 
   rsa_keypair_id id;
   keypair key;
-  get_user_key(id, app);
+  get_user_key(id, app.keys);
   N(priv_key_exists(app.keys, id), F("the key you specified cannot be found"));
   app.keys.get_key_pair(id, key);
   shared_ptr<RSA_PrivateKey> priv = get_private_key(app.keys, id, key.priv);
@@ -186,7 +186,7 @@ CMD(cert, N_("key and cert"), N_("REVISI
   internalize_cert_name(idx(args, 1), name);
 
   rsa_keypair_id key;
-  get_user_key(key, app);
+  get_user_key(key, app.keys);
 
   cert_value val;
   if (args.size() == 3)
============================================================
--- cmd_netsync.cc	85389e376de990a6beb16c7cef2a9508e58c460c
+++ cmd_netsync.cc	b6f9c849aff12fe7342afa7006152210124a4ad1
@@ -67,7 +67,7 @@ find_key_if_needed(utf8 & addr, app_stat
       if (transport_requires_auth)
         {
           rsa_keypair_id key;
-          get_user_key(key, app);
+          get_user_key(key, app.keys);
           app.opts.signing_key = key;
         }
 }
@@ -394,7 +394,7 @@ CMD_NO_WORKSPACE(serve, N_("network"), "
   if (app.opts.use_transport_auth)
     {
       rsa_keypair_id key;
-      get_user_key(key, app);
+      get_user_key(key, app.keys);
       app.opts.signing_key = key;
 
       N(app.lua.hook_persist_phrase_ok(),
============================================================
--- cmd_ws_commit.cc	981134c77ca685b9872bfffe1814efefb686a7f8
+++ cmd_ws_commit.cc	f11a3f1a5a4514f555f694ad8a6900d22a74ea5d
@@ -712,7 +712,7 @@ CMD(commit, N_("workspace"), N_("[PATH].
   {
     // fail early if there isn't a key
     rsa_keypair_id key;
-    get_user_key(key, app);
+    get_user_key(key, app.keys);
   }
 
   app.make_branch_sticky();
============================================================
--- key_store.cc	c80ab11d5a63b7d353bbdbc5d90fae99722e8793
+++ key_store.cc	0aeeb39500d4d38fde8deebadeb33e375f6468f1
@@ -285,6 +285,24 @@ key_store::hook_persist_phrase_ok()
   return app.lua.hook_persist_phrase_ok();
 }
 
+bool
+key_store::hook_get_current_branch_key(rsa_keypair_id & k)
+{
+  return app.lua.hook_get_branch_key(app.opts.branchname, k);
+}
+
+bool
+key_store::has_opt_signing_key()
+{
+  return (app.opts.signing_key() != "");
+}
+
+rsa_keypair_id
+key_store::get_opt_signing_key()
+{
+  return app.opts.signing_key;
+}
+
 // Local Variables:
 // mode: C++
 // fill-column: 76
============================================================
--- key_store.hh	3add5fc4cc7026191dcabfc3401532881dec29d2
+++ key_store.hh	9a06452a95d8bdaabfc38962b8cd2e405793f120
@@ -73,9 +73,13 @@ public:
     std::pair<boost::shared_ptr<Botan::PK_Verifier>,
         boost::shared_ptr<Botan::RSA_PublicKey> > > verifiers;
 
-  // FIXME: quick hack to make these hooks available via the key_store context
+  // FIXME: quick hack to make these hooks and options available via
+  //        the key_store context
   bool hook_get_passphrase(rsa_keypair_id const & k, std::string & phrase);
   bool hook_persist_phrase_ok();
+  bool hook_get_current_branch_key(rsa_keypair_id & k);
+  bool has_opt_signing_key();
+  rsa_keypair_id get_opt_signing_key();
 };
 
 // Local Variables:
============================================================
--- rcs_import.cc	c4343f5f7eb1a9c2952b9c31ec3c8b88ece5b4b5
+++ rcs_import.cc	9e1be182841139486ddd18f69aaa0b99b1c86cee
@@ -1208,7 +1208,7 @@ import_cvs_repo(system_path const & cvsr
   {
     // early short-circuit to avoid failure after lots of work
     rsa_keypair_id key;
-    get_user_key(key, app);
+    get_user_key(key, app.keys);
     require_password(key, app);
   }
 
============================================================
--- revision.cc	b7e38b645c5490b8e8bcab40b05c468d188f815e
+++ revision.cc	0e3aadb55aff09d27f37f879d011ca3063705619
@@ -1646,7 +1646,7 @@ build_roster_style_revs_from_manifest_st
   {
     // early short-circuit to avoid failure after lots of work
     rsa_keypair_id key;
-    get_user_key(key,app);
+    get_user_key(key, app.keys);
     require_password(key, app);
   }
 
@@ -1700,7 +1700,7 @@ build_changesets_from_manifest_ancestry(
   {
     // early short-circuit to avoid failure after lots of work
     rsa_keypair_id key;
-    get_user_key(key,app);
+    get_user_key(key, app.keys);
     require_password(key, app);
   }