Revert "gpg-interface: prefer check_signature() for GPG verification"
This reverts commit 72b006f4bf, which
breaks the end-user experience when merging a signed tag without
having the public key. We should report "can't check because we
have no public key", but the code with this change claimed that
there was no signature.
This commit is contained in:
Junio C Hamano
@ -207,55 +207,6 @@ found_duplicate_status:
|
||||
FREE_AND_NULL(sigc->key);
|
||||
}
|
||||
|
||||
static int verify_signed_buffer(const char *payload, size_t payload_size,
|
||||
const char *signature, size_t signature_size,
|
||||
struct strbuf *gpg_output,
|
||||
struct strbuf *gpg_status)
|
||||
{
|
||||
struct child_process gpg = CHILD_PROCESS_INIT;
|
||||
struct gpg_format *fmt;
|
||||
struct tempfile *temp;
|
||||
int ret;
|
||||
struct strbuf buf = STRBUF_INIT;
|
||||
|
||||
temp = mks_tempfile_t(".git_vtag_tmpXXXXXX");
|
||||
if (!temp)
|
||||
return error_errno(_("could not create temporary file"));
|
||||
if (write_in_full(temp->fd, signature, signature_size) < 0 ||
|
||||
close_tempfile_gently(temp) < 0) {
|
||||
error_errno(_("failed writing detached signature to '%s'"),
|
||||
temp->filename.buf);
|
||||
delete_tempfile(&temp);
|
||||
return -1;
|
||||
}
|
||||
|
||||
fmt = get_format_by_sig(signature);
|
||||
if (!fmt)
|
||||
BUG("bad signature '%s'", signature);
|
||||
|
||||
argv_array_push(&gpg.args, fmt->program);
|
||||
argv_array_pushv(&gpg.args, fmt->verify_args);
|
||||
argv_array_pushl(&gpg.args,
|
||||
"--status-fd=1",
|
||||
"--verify", temp->filename.buf, "-",
|
||||
NULL);
|
||||
|
||||
if (!gpg_status)
|
||||
gpg_status = &buf;
|
||||
|
||||
sigchain_push(SIGPIPE, SIG_IGN);
|
||||
ret = pipe_command(&gpg, payload, payload_size,
|
||||
gpg_status, 0, gpg_output, 0);
|
||||
sigchain_pop(SIGPIPE);
|
||||
|
||||
delete_tempfile(&temp);
|
||||
|
||||
ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
|
||||
strbuf_release(&buf); /* no matter it was used or not */
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int check_signature(const char *payload, size_t plen, const char *signature,
|
||||
size_t slen, struct signature_check *sigc)
|
||||
{
|
||||
@ -400,3 +351,51 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int verify_signed_buffer(const char *payload, size_t payload_size,
|
||||
const char *signature, size_t signature_size,
|
||||
struct strbuf *gpg_output, struct strbuf *gpg_status)
|
||||
{
|
||||
struct child_process gpg = CHILD_PROCESS_INIT;
|
||||
struct gpg_format *fmt;
|
||||
struct tempfile *temp;
|
||||
int ret;
|
||||
struct strbuf buf = STRBUF_INIT;
|
||||
|
||||
temp = mks_tempfile_t(".git_vtag_tmpXXXXXX");
|
||||
if (!temp)
|
||||
return error_errno(_("could not create temporary file"));
|
||||
if (write_in_full(temp->fd, signature, signature_size) < 0 ||
|
||||
close_tempfile_gently(temp) < 0) {
|
||||
error_errno(_("failed writing detached signature to '%s'"),
|
||||
temp->filename.buf);
|
||||
delete_tempfile(&temp);
|
||||
return -1;
|
||||
}
|
||||
|
||||
fmt = get_format_by_sig(signature);
|
||||
if (!fmt)
|
||||
BUG("bad signature '%s'", signature);
|
||||
|
||||
argv_array_push(&gpg.args, fmt->program);
|
||||
argv_array_pushv(&gpg.args, fmt->verify_args);
|
||||
argv_array_pushl(&gpg.args,
|
||||
"--status-fd=1",
|
||||
"--verify", temp->filename.buf, "-",
|
||||
NULL);
|
||||
|
||||
if (!gpg_status)
|
||||
gpg_status = &buf;
|
||||
|
||||
sigchain_push(SIGPIPE, SIG_IGN);
|
||||
ret = pipe_command(&gpg, payload, payload_size,
|
||||
gpg_status, 0, gpg_output, 0);
|
||||
sigchain_pop(SIGPIPE);
|
||||
|
||||
delete_tempfile(&temp);
|
||||
|
||||
ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
|
||||
strbuf_release(&buf); /* no matter it was used or not */
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user