mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'hi/gpg-use-check-signature'

Browse Source 
"git merge signed-tag" while lacking the public key started to say
"No signature", which was utterly wrong.  This regression has been
reverted.

* hi/gpg-use-check-signature:
  Revert "gpg-interface: prefer check_signature() for GPG verification"
This commit is contained in:
Junio C Hamano
2020-03-05 10:43:05 -08:00
parent 5da7329e29 0106b1d4be
commit e63cefb024
4 changed files with 75 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
log-tree.c
View File

@ -449,22 +449,22 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
{
struct strbuf payload = STRBUF_INIT;
struct strbuf signature = STRBUF_INIT;
struct signature_check sigc = { 0 };
struct strbuf gpg_output = STRBUF_INIT;
int status;
if (parse_signed_commit(commit, &payload, &signature) <= 0)
goto out;
status = check_signature(payload.buf, payload.len, signature.buf,
signature.len, &sigc);
if (status && sigc.result == 'N')
show_sig_lines(opt, status, "No signature\n");
else {
show_sig_lines(opt, status, sigc.gpg_output);
signature_check_clear(&sigc);
}
status = verify_signed_buffer(payload.buf, payload.len,
signature.buf, signature.len,
&gpg_output, NULL);
if (status && !gpg_output.len)
strbuf_addstr(&gpg_output, "No signature\n");
show_sig_lines(opt, status, gpg_output.buf);
out:
strbuf_release(&gpg_output);
strbuf_release(&payload);
strbuf_release(&signature);
}
@ -497,7 +497,6 @@ static int show_one_mergetag(struct commit *commit,
struct object_id oid;
struct tag *tag;
struct strbuf verify_message;
struct signature_check sigc = { 0 };
int status, nth;
size_t payload_size, gpg_message_offset;
@ -527,13 +526,12 @@ static int show_one_mergetag(struct commit *commit,
status = -1;
if (extra->len > payload_size) {
/* could have a good signature */
if (!check_signature(extra->value, payload_size,
extra->value + payload_size,
extra->len - payload_size, &sigc)) {
strbuf_addstr(&verify_message, sigc.gpg_output);
signature_check_clear(&sigc);
if (!verify_signed_buffer(extra->value, payload_size,
extra->value + payload_size,
extra->len - payload_size,
&verify_message, NULL))
status = 0; /* good */
} else if (verify_message.len <= gpg_message_offset)
else if (verify_message.len <= gpg_message_offset)
strbuf_addstr(&verify_message, "No signature\n");
/* otherwise we couldn't verify, which is shown as bad */
}