mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gpg: centralize signature check

Browse Source 
verify-commit and verify-tag both share a central codepath for verifying
commits: check_signature.  However, verify-tag exited successfully for
untrusted signature, while verify-commit exited unsuccessfully.
Centralize this signature check and make verify-commit adopt the older
verify-tag behavior.  This behavior is more logical anyway, as the
signature is in fact valid, whether or not there's a path of trust to
the author.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
brian m. carlson
2015-06-21 23:14:40 +00:00
committed by Junio C Hamano
parent 8e98e5f27a
commit 434060ec6d
7 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
t/t7510-signed-commit.sh
View File

@ -81,7 +81,7 @@ test_expect_success GPG 'verify and show signatures' '
)
'
test_expect_failure GPG 'verify-commit exits success on untrusted signature' '
test_expect_success GPG 'verify-commit exits success on untrusted signature' '
git verify-commit eighth-signed-alt 2>actual &&
grep "Good signature from" actual &&
! grep "BAD signature from" actual &&