path: root/builtin/verify-tag.c
diff options
authorbrian m. carlson <>2015-06-21 23:14:40 (GMT)
committerJunio C Hamano <>2015-06-22 21:20:46 (GMT)
commit434060ec6d9bf50f095db901da3fb9b557e11df1 (patch)
tree7a7dc99fb6b8e1e5eaa566ec4eb5e29ff807e8f2 /builtin/verify-tag.c
parent8e98e5f27aba812c0f095b7e546871e14a4139f6 (diff)
gpg: centralize signature check
verify-commit and verify-tag both share a central codepath for verifying commits: check_signature. However, verify-tag exited successfully for untrusted signature, while verify-commit exited unsuccessfully. Centralize this signature check and make verify-commit adopt the older verify-tag behavior. This behavior is more logical anyway, as the signature is in fact valid, whether or not there's a path of trust to the author. Signed-off-by: brian m. carlson <> Signed-off-by: Junio C Hamano <>
Diffstat (limited to 'builtin/verify-tag.c')
1 files changed, 3 insertions, 2 deletions
diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c
index e1eb341..8750bef 100644
--- a/builtin/verify-tag.c
+++ b/builtin/verify-tag.c
@@ -22,6 +22,7 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
struct signature_check sigc;
int len;
+ int ret;
memset(&sigc, 0, sizeof(sigc));
@@ -32,11 +33,11 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
if (size == len)
return error("no signature found");
- check_signature(buf, len, buf + len, size - len, &sigc);
+ ret = check_signature(buf, len, buf + len, size - len, &sigc);
fputs(sigc.gpg_output, stderr);
- return sigc.result != 'G' && sigc.result != 'U';
+ return ret;
static int verify_tag(const char *name, int verbose)