mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merge/pull Check for untrusted good GPG signatures

Browse Source 
When --verify-signatures is specified, abort the merge in case a good
GPG signature from an untrusted key is encountered.

Signed-off-by: Sebastian Götte <jaseg@physik-pool.tu-berlin.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Sebastian Götte
2013-03-31 18:02:46 +02:00
committed by Junio C Hamano
parent efed002249
commit eb307ae7bb
10 changed files with 29 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
commit.c
View File

@ -1047,6 +1047,8 @@ static struct {
} sigcheck_gpg_status[] = {
{ 'G', "\n[GNUPG:] GOODSIG " },
{ 'B', "\n[GNUPG:] BADSIG " },
{ 'U', "\n[GNUPG:] TRUST_NEVER" },
{ 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
};
static void parse_gpg_output(struct signature_check *sigc)
@ -1068,11 +1070,13 @@ static void parse_gpg_output(struct signature_check *sigc)
found += strlen(sigcheck_gpg_status[i].check);
}
sigc->result = sigcheck_gpg_status[i].result;
sigc->key = xmemdupz(found, 16);
found += 17;
next = strchrnul(found, '\n');
sigc->signer = xmemdupz(found, next - found);
break;
/* The trust messages are not followed by key/signer information */
if (sigc->result != 'U') {
sigc->key = xmemdupz(found, 16);
found += 17;
next = strchrnul(found, '\n');
sigc->signer = xmemdupz(found, next - found);
}
}
}