diff options
| author | Junio C Hamano <gitster@pobox.com> | 2013-03-21 21:02:55 (GMT) |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2013-03-21 21:02:55 (GMT) |
| commit | 0f6875dbe2598fd2e9a597a9e42cde4a507140dd (patch) | |
| tree | 9934b604245af8bb26f1c9b2c8198a6c46a34284 /gpg-interface.c | |
| parent | dcf0d12aed0d4627dcbfdbc52cea75ce74103e46 (diff) | |
| parent | 0174eeaa736226a0bea19e9bf88c270d61aa9cce (diff) | |
| download | git-0f6875dbe2598fd2e9a597a9e42cde4a507140dd.zip git-0f6875dbe2598fd2e9a597a9e42cde4a507140dd.tar.gz git-0f6875dbe2598fd2e9a597a9e42cde4a507140dd.tar.bz2 | |
Merge branch 'mg/gpg-interface-using-status'
Call "gpg" using the right API when validating the signature on
tags.
* mg/gpg-interface-using-status:
pretty: make %GK output the signing key for signed commits
pretty: parse the gpg status lines rather than the output
gpg_interface: allow to request status return
log-tree: rely upon the check in the gpg_interface
gpg-interface: check good signature in a reliable way
Diffstat (limited to 'gpg-interface.c')
| -rw-r--r-- | gpg-interface.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/gpg-interface.c b/gpg-interface.c index 4559033..8b0e874 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -96,15 +96,18 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig /* * Run "gpg" to see if the payload matches the detached signature. * gpg_output, when set, receives the diagnostic output from GPG. + * gpg_status, when set, receives the status output from GPG. */ int verify_signed_buffer(const char *payload, size_t payload_size, const char *signature, size_t signature_size, - struct strbuf *gpg_output) + struct strbuf *gpg_output, struct strbuf *gpg_status) { struct child_process gpg; - const char *args_gpg[] = {NULL, "--verify", "FILE", "-", NULL}; + const char *args_gpg[] = {NULL, "--status-fd=1", "--verify", "FILE", "-", NULL}; char path[PATH_MAX]; int fd, ret; + struct strbuf buf = STRBUF_INIT; + struct strbuf *pbuf = &buf; args_gpg[0] = gpg_program; fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX"); @@ -119,9 +122,10 @@ int verify_signed_buffer(const char *payload, size_t payload_size, memset(&gpg, 0, sizeof(gpg)); gpg.argv = args_gpg; gpg.in = -1; + gpg.out = -1; if (gpg_output) gpg.err = -1; - args_gpg[2] = path; + args_gpg[3] = path; if (start_command(&gpg)) { unlink(path); return error(_("could not run gpg.")); @@ -134,9 +138,17 @@ int verify_signed_buffer(const char *payload, size_t payload_size, strbuf_read(gpg_output, gpg.err, 0); close(gpg.err); } + if (gpg_status) + pbuf = gpg_status; + strbuf_read(pbuf, gpg.out, 0); + close(gpg.out); + ret = finish_command(&gpg); unlink_or_warn(path); + ret |= !strstr(pbuf->buf, "\n[GNUPG:] GOODSIG "); + strbuf_release(&buf); /* no matter it was used or not */ + return ret; } |