Merge branch 'jc/push-cert'
Allow "git push" request to be signed, so that it can be verified and audited, using the GPG signature of the person who pushed, that the tips of branches at a public repository really point the commits the pusher wanted to, without having to "trust" the server. * jc/push-cert: (24 commits) receive-pack::hmac_sha1(): copy the entire SHA-1 hash out signed push: allow stale nonce in stateless mode signed push: teach smart-HTTP to pass "git push --signed" around signed push: fortify against replay attacks signed push: add "pushee" header to push certificate signed push: remove duplicated protocol info send-pack: send feature request on push-cert packet receive-pack: GPG-validate push certificates push: the beginning of "git push --signed" pack-protocol doc: typofix for PKT-LINE gpg-interface: move parse_signature() to where it should be gpg-interface: move parse_gpg_output() to where it should be send-pack: clarify that cmds_sent is a boolean send-pack: refactor inspecting and resetting status and sending commands send-pack: rename "new_refs" to "need_pack_data" receive-pack: factor out capability string generation send-pack: factor out capability string generation send-pack: always send capabilities send-pack: refactor decision to send update per ref send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher ...
This commit is contained in:
Junio C Hamano
@ -7,6 +7,9 @@
|
||||
static char *configured_signing_key;
|
||||
static const char *gpg_program = "gpg";
|
||||
|
||||
#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
|
||||
#define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----"
|
||||
|
||||
void signature_check_clear(struct signature_check *sigc)
|
||||
{
|
||||
free(sigc->payload);
|
||||
@ -21,6 +24,60 @@ void signature_check_clear(struct signature_check *sigc)
|
||||
sigc->key = NULL;
|
||||
}
|
||||
|
||||
static struct {
|
||||
char result;
|
||||
const char *check;
|
||||
} sigcheck_gpg_status[] = {
|
||||
{ 'G', "\n[GNUPG:] GOODSIG " },
|
||||
{ 'B', "\n[GNUPG:] BADSIG " },
|
||||
{ 'U', "\n[GNUPG:] TRUST_NEVER" },
|
||||
{ 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
|
||||
};
|
||||
|
||||
void parse_gpg_output(struct signature_check *sigc)
|
||||
{
|
||||
const char *buf = sigc->gpg_status;
|
||||
int i;
|
||||
|
||||
/* Iterate over all search strings */
|
||||
for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
|
||||
const char *found, *next;
|
||||
|
||||
if (!skip_prefix(buf, sigcheck_gpg_status[i].check + 1, &found)) {
|
||||
found = strstr(buf, sigcheck_gpg_status[i].check);
|
||||
if (!found)
|
||||
continue;
|
||||
found += strlen(sigcheck_gpg_status[i].check);
|
||||
}
|
||||
sigc->result = sigcheck_gpg_status[i].result;
|
||||
/* The trust messages are not followed by key/signer information */
|
||||
if (sigc->result != 'U') {
|
||||
sigc->key = xmemdupz(found, 16);
|
||||
found += 17;
|
||||
next = strchrnul(found, '\n');
|
||||
sigc->signer = xmemdupz(found, next - found);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Look at GPG signed content (e.g. a signed tag object), whose
|
||||
* payload is followed by a detached signature on it. Return the
|
||||
* offset where the embedded detached signature begins, or the end of
|
||||
* the data when there is no such signature.
|
||||
*/
|
||||
size_t parse_signature(const char *buf, unsigned long size)
|
||||
{
|
||||
char *eol;
|
||||
size_t len = 0;
|
||||
while (len < size && !starts_with(buf + len, PGP_SIGNATURE) &&
|
||||
!starts_with(buf + len, PGP_MESSAGE)) {
|
||||
eol = memchr(buf + len, '\n', size - len);
|
||||
len += eol ? eol - (buf + len) + 1 : size - len;
|
||||
}
|
||||
return len;
|
||||
}
|
||||
|
||||
void set_signing_key(const char *key)
|
||||
{
|
||||
free(configured_signing_key);
|
||||
|
||||
Reference in New Issue
Block a user