gpg: centralize signature check

verify-commit and verify-tag both share a central codepath for verifying
commits: check_signature.  However, verify-tag exited successfully for
untrusted signature, while verify-commit exited unsuccessfully.
Centralize this signature check and make verify-commit adopt the older
verify-tag behavior.  This behavior is more logical anyway, as the
signature is in fact valid, whether or not there's a path of trust to
the author.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

1 files changed, 3 insertions, 2 deletions

diff --git a/builtin/verify-commit.c b/builtin/verify-commit.c
index ec0c4e3..e30f7cf 100644
--- a/builtin/verify-commit.c
+++ b/builtin/verify-commit.c
@@ -21,10 +21,11 @@ static const char * const verify_commit_usage[] = {
 static int run_gpg_verify(const unsigned char *sha1, const char *buf, unsigned long size, int verbose)
 {
 	struct signature_check signature_check;
+	int ret;
 
 	memset(&signature_check, 0, sizeof(signature_check));
 
-	check_commit_signature(lookup_commit(sha1), &signature_check);
+	ret = check_commit_signature(lookup_commit(sha1), &signature_check);
 
 	if (verbose && signature_check.payload)
 		fputs(signature_check.payload, stdout);
@@ -33,7 +34,7 @@ static int run_gpg_verify(const unsigned char *sha1, const char *buf, unsigned l
 		fputs(signature_check.gpg_output, stderr);
 
 	signature_check_clear(&signature_check);
-	return signature_check.result != 'G';
+	return ret;
 }
 
 static int verify_commit(const char *name, int verbose)