Revert "gpg-interface: prefer check_signature() for GPG verification"
This reverts commit 72b006f4bf, which
breaks the end-user experience when merging a signed tag without
having the public key. We should report "can't check because we
have no public key", but the code with this change claimed that
there was no signature.
This commit is contained in:
Junio C Hamano
30
log-tree.c
30
log-tree.c
@ -448,22 +448,22 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
|
||||
{
|
||||
struct strbuf payload = STRBUF_INIT;
|
||||
struct strbuf signature = STRBUF_INIT;
|
||||
struct signature_check sigc = { 0 };
|
||||
struct strbuf gpg_output = STRBUF_INIT;
|
||||
int status;
|
||||
|
||||
if (parse_signed_commit(commit, &payload, &signature) <= 0)
|
||||
goto out;
|
||||
|
||||
status = check_signature(payload.buf, payload.len, signature.buf,
|
||||
signature.len, &sigc);
|
||||
if (status && sigc.result == 'N')
|
||||
show_sig_lines(opt, status, "No signature\n");
|
||||
else {
|
||||
show_sig_lines(opt, status, sigc.gpg_output);
|
||||
signature_check_clear(&sigc);
|
||||
}
|
||||
status = verify_signed_buffer(payload.buf, payload.len,
|
||||
signature.buf, signature.len,
|
||||
&gpg_output, NULL);
|
||||
if (status && !gpg_output.len)
|
||||
strbuf_addstr(&gpg_output, "No signature\n");
|
||||
|
||||
show_sig_lines(opt, status, gpg_output.buf);
|
||||
|
||||
out:
|
||||
strbuf_release(&gpg_output);
|
||||
strbuf_release(&payload);
|
||||
strbuf_release(&signature);
|
||||
}
|
||||
@ -496,7 +496,6 @@ static int show_one_mergetag(struct commit *commit,
|
||||
struct object_id oid;
|
||||
struct tag *tag;
|
||||
struct strbuf verify_message;
|
||||
struct signature_check sigc = { 0 };
|
||||
int status, nth;
|
||||
size_t payload_size, gpg_message_offset;
|
||||
|
||||
@ -525,13 +524,12 @@ static int show_one_mergetag(struct commit *commit,
|
||||
status = -1;
|
||||
if (extra->len > payload_size) {
|
||||
/* could have a good signature */
|
||||
if (!check_signature(extra->value, payload_size,
|
||||
extra->value + payload_size,
|
||||
extra->len - payload_size, &sigc)) {
|
||||
strbuf_addstr(&verify_message, sigc.gpg_output);
|
||||
signature_check_clear(&sigc);
|
||||
if (!verify_signed_buffer(extra->value, payload_size,
|
||||
extra->value + payload_size,
|
||||
extra->len - payload_size,
|
||||
&verify_message, NULL))
|
||||
status = 0; /* good */
|
||||
} else if (verify_message.len <= gpg_message_offset)
|
||||
else if (verify_message.len <= gpg_message_offset)
|
||||
strbuf_addstr(&verify_message, "No signature\n");
|
||||
/* otherwise we couldn't verify, which is shown as bad */
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user