mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

builtin/verify-tag: add --format to verify-tag

Browse Source 
Callers of verify-tag may want to cross-check the tagname from refs/tags
with the tagname from the tag object header upon GPG verification. This
is to avoid tag refs that point to an incorrect object.

Add a --format parameter to git verify-tag to print the formatted tag
object header in addition to or instead of the --verbose or --raw GPG
verification output.

Signed-off-by: Santiago Torres <santiago@nyu.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Santiago Torres
2017-01-17 18:37:20 -05:00
committed by Junio C Hamano
parent 2111aa794b
commit ff3c8c8f12
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Documentation/git-verify-tag.txt
View File

@ -8,7 +8,7 @@ git-verify-tag - Check the GPG signature of tags
SYNOPSIS SYNOPSIS
-------- --------
[verse] [verse]
'git verify-tag' <tag>... 'git verify-tag' [--format=<format>] <tag>...
DESCRIPTION DESCRIPTION
----------- -----------

22
builtin/verify-tag.c
View File

@ -12,9 +12,10 @@
#include <signal.h> #include <signal.h>
#include "parse-options.h" #include "parse-options.h"
#include "gpg-interface.h" #include "gpg-interface.h"
#include "ref-filter.h"
static const char * const verify_tag_usage[] = { static const char * const verify_tag_usage[] = {
N_("git verify-tag [-v | --verbose] <tag>..."), N_("git verify-tag [-v | --verbose] [--format=<format>] <tag>..."),
NULL NULL
}; };
@ -30,9 +31,11 @@ int cmd_verify_tag(int argc, const char **argv, const char *prefix)
{ {
int i = 1, verbose = 0, had_error = 0; int i = 1, verbose = 0, had_error = 0;
unsigned flags = 0; unsigned flags = 0;
char *fmt_pretty = NULL;
const struct option verify_tag_options[] = { const struct option verify_tag_options[] = {
OPT__VERBOSE(&verbose, N_("print tag contents")), OPT__VERBOSE(&verbose, N_("print tag contents")),
OPT_BIT(0, "raw", &flags, N_("print raw gpg status output"), GPG_VERIFY_RAW), OPT_BIT(0, "raw", &flags, N_("print raw gpg status output"), GPG_VERIFY_RAW),
OPT_STRING( 0 , "format", &fmt_pretty, N_("format"), N_("format to use for the output")),
OPT_END() OPT_END()
}; };
@ -46,13 +49,26 @@ int cmd_verify_tag(int argc, const char **argv, const char *prefix)
if (verbose) if (verbose)
flags |= GPG_VERIFY_VERBOSE; flags |= GPG_VERIFY_VERBOSE;
if (fmt_pretty) {
verify_ref_format(fmt_pretty);
flags |= GPG_VERIFY_OMIT_STATUS;
}
while (i < argc) { while (i < argc) {
unsigned char sha1[20]; unsigned char sha1[20];
const char *name = argv[i++]; const char *name = argv[i++];
if (get_sha1(name, sha1)) if (get_sha1(name, sha1)) {
had_error = !!error("tag '%s' not found.", name); had_error = !!error("tag '%s' not found.", name);
else if (gpg_verify_tag(sha1, name, flags)) continue;
}
if (gpg_verify_tag(sha1, name, flags)) {
had_error = 1; had_error = 1;
continue;
}
if (fmt_pretty)
pretty_print_ref(name, sha1, fmt_pretty);
} }
return had_error; return had_error;
} }