mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'mg/gpg-interface-using-status' into maint

Browse Source 
Verification of signed tags were not done correctly when not in C
or en/US locale.

* mg/gpg-interface-using-status:
  pretty: make %GK output the signing key for signed commits
  pretty: parse the gpg status lines rather than the output
  gpg_interface: allow to request status return
  log-tree: rely upon the check in the gpg_interface
  gpg-interface: check good signature in a reliable way
This commit is contained in:
Junio C Hamano
2013-04-03 09:26:27 -07:00
parent 14c79b1faa 0174eeaa73
commit b771d8d7cf
7 changed files with 46 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
gpg-interface.c
View File

@ -96,15 +96,18 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig
/*
* Run "gpg" to see if the payload matches the detached signature.
* gpg_output, when set, receives the diagnostic output from GPG.
* gpg_status, when set, receives the status output from GPG.
*/
int verify_signed_buffer(const char *payload, size_t payload_size,
const char *signature, size_t signature_size,
struct strbuf *gpg_output)
struct strbuf *gpg_output, struct strbuf *gpg_status)
{
struct child_process gpg;
const char *args_gpg[] = {NULL, "--verify", "FILE", "-", NULL};
const char *args_gpg[] = {NULL, "--status-fd=1", "--verify", "FILE", "-", NULL};
char path[PATH_MAX];
int fd, ret;
struct strbuf buf = STRBUF_INIT;
struct strbuf *pbuf = &buf;
args_gpg[0] = gpg_program;
fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
@ -119,9 +122,10 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
memset(&gpg, 0, sizeof(gpg));
gpg.argv = args_gpg;
gpg.in = -1;
gpg.out = -1;
if (gpg_output)
gpg.err = -1;
args_gpg[2] = path;
args_gpg[3] = path;
if (start_command(&gpg)) {
unlink(path);
return error(_("could not run gpg."));
@ -134,9 +138,17 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
strbuf_read(gpg_output, gpg.err, 0);
close(gpg.err);
}
if (gpg_status)
pbuf = gpg_status;
strbuf_read(pbuf, gpg.out, 0);
close(gpg.out);
ret = finish_command(&gpg);
unlink_or_warn(path);
ret |= !strstr(pbuf->buf, "\n[GNUPG:] GOODSIG ");
strbuf_release(&buf); /* no matter it was used or not */
return ret;
}