summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian m. carlson <sandals@crustytoothpaste.net>2015-06-21 23:14:38 (GMT)
committerJunio C Hamano <gitster@pobox.com>2015-06-22 21:20:45 (GMT)
commita4cc18f2934b8d2f00c7c3e11107acb6bfafe2c6 (patch)
treed01e654e36d66e2abfb3513d9c716be752a22451
parentd66aeff21e8ce92d742aa04c5e59ca3eee5e39d8 (diff)
downloadgit-a4cc18f2934b8d2f00c7c3e11107acb6bfafe2c6.zip
git-a4cc18f2934b8d2f00c7c3e11107acb6bfafe2c6.tar.gz
git-a4cc18f2934b8d2f00c7c3e11107acb6bfafe2c6.tar.bz2
verify-tag: share code with verify-commit
verify-tag was executing an entirely different codepath than verify-commit, except for the underlying verify_signed_buffer. Move much of the code from check_commit_signature to a generic check_signature function and adjust both codepaths to call it. Update verify-tag to explicitly output the signature text, as we now call verify_signed_buffer with strbufs to catch the output, which prevents it from being printed automatically. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--builtin/verify-tag.c9
-rw-r--r--commit.c15
-rw-r--r--gpg-interface.c23
-rw-r--r--gpg-interface.h2
4 files changed, 34 insertions, 15 deletions
diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c
index 53c68fc..e1eb341 100644
--- a/builtin/verify-tag.c
+++ b/builtin/verify-tag.c
@@ -20,8 +20,11 @@ static const char * const verify_tag_usage[] = {
static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
{
+ struct signature_check sigc;
int len;
+ memset(&sigc, 0, sizeof(sigc));
+
len = parse_signature(buf, size);
if (verbose)
write_in_full(1, buf, len);
@@ -29,7 +32,11 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
if (size == len)
return error("no signature found");
- return verify_signed_buffer(buf, len, buf + len, size - len, NULL, NULL);
+ check_signature(buf, len, buf + len, size - len, &sigc);
+ fputs(sigc.gpg_output, stderr);
+
+ signature_check_clear(&sigc);
+ return sigc.result != 'G' && sigc.result != 'U';
}
static int verify_tag(const char *name, int verbose)
diff --git a/commit.c b/commit.c
index a8c7577..d07a984 100644
--- a/commit.c
+++ b/commit.c
@@ -1231,27 +1231,14 @@ void check_commit_signature(const struct commit *commit, struct signature_check
{
struct strbuf payload = STRBUF_INIT;
struct strbuf signature = STRBUF_INIT;
- struct strbuf gpg_output = STRBUF_INIT;
- struct strbuf gpg_status = STRBUF_INIT;
- int status;
sigc->result = 'N';
if (parse_signed_commit(commit, &payload, &signature) <= 0)
goto out;
- status = verify_signed_buffer(payload.buf, payload.len,
- signature.buf, signature.len,
- &gpg_output, &gpg_status);
- if (status && !gpg_output.len)
- goto out;
- sigc->payload = strbuf_detach(&payload, NULL);
- sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
- sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
- parse_gpg_output(sigc);
+ check_signature(payload.buf, payload.len, signature.buf, signature.len, sigc);
out:
- strbuf_release(&gpg_status);
- strbuf_release(&gpg_output);
strbuf_release(&payload);
strbuf_release(&signature);
}
diff --git a/gpg-interface.c b/gpg-interface.c
index 68b0c81..66dbee2 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -60,6 +60,29 @@ void parse_gpg_output(struct signature_check *sigc)
}
}
+void check_signature(const char *payload, size_t plen, const char *signature,
+ size_t slen, struct signature_check *sigc)
+{
+ struct strbuf gpg_output = STRBUF_INIT;
+ struct strbuf gpg_status = STRBUF_INIT;
+ int status;
+
+ sigc->result = 'N';
+
+ status = verify_signed_buffer(payload, plen, signature, slen,
+ &gpg_output, &gpg_status);
+ if (status && !gpg_output.len)
+ goto out;
+ sigc->payload = xmemdupz(payload, plen);
+ sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
+ sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
+ parse_gpg_output(sigc);
+
+ out:
+ strbuf_release(&gpg_status);
+ strbuf_release(&gpg_output);
+}
+
/*
* Look at GPG signed content (e.g. a signed tag object), whose
* payload is followed by a detached signature on it. Return the
diff --git a/gpg-interface.h b/gpg-interface.h
index 87a4f2e..043bcaa 100644
--- a/gpg-interface.h
+++ b/gpg-interface.h
@@ -27,5 +27,7 @@ extern int verify_signed_buffer(const char *payload, size_t payload_size, const
extern int git_gpg_config(const char *, const char *, void *);
extern void set_signing_key(const char *);
extern const char *get_signing_key(void);
+extern void check_signature(const char *payload, size_t plen,
+ const char *signature, size_t slen, struct signature_check *sigc);
#endif