summaryrefslogtreecommitdiff
path: root/gpg-interface.c
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2018-10-22 16:38:20 (GMT)
committerJunio C Hamano <gitster@pobox.com>2018-10-22 23:00:09 (GMT)
commit3daaaabe7ed22c17bff04d19c711be427bd2e225 (patch)
treea731b31651b54e0f23b079e10e8aeaf9b094aaf2 /gpg-interface.c
parent0b11a84e1ba26fa3c9995f19e224848d8afc9bcf (diff)
downloadgit-3daaaabe7ed22c17bff04d19c711be427bd2e225.zip
git-3daaaabe7ed22c17bff04d19c711be427bd2e225.tar.gz
git-3daaaabe7ed22c17bff04d19c711be427bd2e225.tar.bz2
gpg-interface.c: support getting key fingerprint via %GF format
Support processing VALIDSIG status that provides additional information for valid signatures. Use this information to propagate signing key fingerprint and expose it via %GF pretty format. This format can be used to build safer key verification systems that verify the key via complete fingerprint rather than short/long identifier provided by %GK. Signed-off-by: Michał Górny <mgorny@gentoo.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'gpg-interface.c')
-rw-r--r--gpg-interface.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/gpg-interface.c b/gpg-interface.c
index 71618d8..1d33a7e 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -73,6 +73,7 @@ void signature_check_clear(struct signature_check *sigc)
FREE_AND_NULL(sigc->gpg_status);
FREE_AND_NULL(sigc->signer);
FREE_AND_NULL(sigc->key);
+ FREE_AND_NULL(sigc->fingerprint);
}
/* An exclusive status -- only one of them can appear in output */
@@ -81,6 +82,8 @@ void signature_check_clear(struct signature_check *sigc)
#define GPG_STATUS_KEYID (1<<1)
/* The status includes user identifier */
#define GPG_STATUS_UID (1<<2)
+/* The status includes key fingerprints */
+#define GPG_STATUS_FINGERPRINT (1<<3)
/* Short-hand for standard exclusive *SIG status with keyid & UID */
#define GPG_STATUS_STDSIG (GPG_STATUS_EXCLUSIVE|GPG_STATUS_KEYID|GPG_STATUS_UID)
@@ -98,6 +101,7 @@ static struct {
{ 'X', "EXPSIG ", GPG_STATUS_STDSIG },
{ 'Y', "EXPKEYSIG ", GPG_STATUS_STDSIG },
{ 'R', "REVKEYSIG ", GPG_STATUS_STDSIG },
+ { 0, "VALIDSIG ", GPG_STATUS_FINGERPRINT },
};
static void parse_gpg_output(struct signature_check *sigc)
@@ -123,7 +127,8 @@ static void parse_gpg_output(struct signature_check *sigc)
goto found_duplicate_status;
}
- sigc->result = sigcheck_gpg_status[i].result;
+ if (sigcheck_gpg_status[i].result)
+ sigc->result = sigcheck_gpg_status[i].result;
/* Do we have key information? */
if (sigcheck_gpg_status[i].flags & GPG_STATUS_KEYID) {
next = strchrnul(line, ' ');
@@ -137,6 +142,12 @@ static void parse_gpg_output(struct signature_check *sigc)
sigc->signer = xmemdupz(line, next - line);
}
}
+ /* Do we have fingerprint? */
+ if (sigcheck_gpg_status[i].flags & GPG_STATUS_FINGERPRINT) {
+ next = strchrnul(line, ' ');
+ free(sigc->fingerprint);
+ sigc->fingerprint = xmemdupz(line, next - line);
+ }
break;
}
@@ -154,6 +165,7 @@ found_duplicate_status:
*/
sigc->result = 'E';
/* Clear partial data to avoid confusion */
+ FREE_AND_NULL(sigc->fingerprint);
FREE_AND_NULL(sigc->signer);
FREE_AND_NULL(sigc->key);
}