Merge branch 'bc/signed-objects-with-both-hashes'

Signed commits and tags now allow verification of objects, whose
two object names (one in SHA-1, the other in SHA-256) are both
signed.

* bc/signed-objects-with-both-hashes:
  gpg-interface: remove other signature headers before verifying
  ref-filter: hoist signature parsing
  commit: allow parsing arbitrary buffers with headers
  gpg-interface: improve interface for parsing tags
  commit: ignore additional signatures when parsing signed commits
  ref-filter: switch some uses of unsigned long to size_t
This commit is contained in:
Junio C Hamano
2021-02-22 16:12:42 -08:00
12 changed files with 226 additions and 75 deletions

View File

@ -198,11 +198,17 @@ static void write_tag_body(int fd, const struct object_id *oid)
{
unsigned long size;
enum object_type type;
char *buf, *sp;
char *buf, *sp, *orig;
struct strbuf payload = STRBUF_INIT;
struct strbuf signature = STRBUF_INIT;
buf = read_object_file(oid, &type, &size);
orig = buf = read_object_file(oid, &type, &size);
if (!buf)
return;
if (parse_signature(buf, size, &payload, &signature)) {
buf = payload.buf;
size = payload.len;
}
/* skip header */
sp = strstr(buf, "\n\n");
@ -211,9 +217,11 @@ static void write_tag_body(int fd, const struct object_id *oid)
return;
}
sp += 2; /* skip the 2 LFs */
write_or_die(fd, sp, parse_signature(sp, buf + size - sp));
write_or_die(fd, sp, buf + size - sp);
free(buf);
free(orig);
strbuf_release(&payload);
strbuf_release(&signature);
}
static int build_tag_object(struct strbuf *buf, int sign, struct object_id *result)