mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gpg: centralize signature check

Browse Source 
verify-commit and verify-tag both share a central codepath for verifying
commits: check_signature.  However, verify-tag exited successfully for
untrusted signature, while verify-commit exited unsuccessfully.
Centralize this signature check and make verify-commit adopt the older
verify-tag behavior.  This behavior is more logical anyway, as the
signature is in fact valid, whether or not there's a path of trust to
the author.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
brian m. carlson
2015-06-21 23:14:40 +00:00
committed by Junio C Hamano
parent 8e98e5f27a
commit 434060ec6d
7 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
builtin/verify-commit.c
View File

@ -21,10 +21,11 @@ static const char * const verify_commit_usage[] = {
static int run_gpg_verify(const unsigned char *sha1, const char *buf, unsigned long size, int verbose)
{
struct signature_check signature_check;
int ret;
memset(&signature_check, 0, sizeof(signature_check));
check_commit_signature(lookup_commit(sha1), &signature_check);
ret = check_commit_signature(lookup_commit(sha1), &signature_check);
if (verbose && signature_check.payload)
fputs(signature_check.payload, stdout);
@ -33,7 +34,7 @@ static int run_gpg_verify(const unsigned char *sha1, const char *buf, unsigned l
fputs(signature_check.gpg_output, stderr);
signature_check_clear(&signature_check);
return signature_check.result != 'G';
return ret;
}
static int verify_commit(const char *name, int verbose)

5
builtin/verify-tag.c
View File

@ -22,6 +22,7 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
{
struct signature_check sigc;
int len;
int ret;
memset(&sigc, 0, sizeof(sigc));
@ -32,11 +33,11 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
if (size == len)
return error("no signature found");
check_signature(buf, len, buf + len, size - len, &sigc);
ret = check_signature(buf, len, buf + len, size - len, &sigc);
fputs(sigc.gpg_output, stderr);
signature_check_clear(&sigc);
return sigc.result != 'G' && sigc.result != 'U';
return ret;
}
static int verify_tag(const char *name, int verbose)