diff options
Diffstat (limited to 'builtin-verify-tag.c')
-rw-r--r-- | builtin-verify-tag.c | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/builtin-verify-tag.c b/builtin-verify-tag.c new file mode 100644 index 0000000..dfcfcd0 --- /dev/null +++ b/builtin-verify-tag.c @@ -0,0 +1,110 @@ +/* + * Builtin "git verify-tag" + * + * Copyright (c) 2007 Carlos Rica <jasampler@gmail.com> + * + * Based on git-verify-tag.sh + */ +#include "cache.h" +#include "builtin.h" +#include "tag.h" +#include "run-command.h" +#include <signal.h> + +static const char builtin_verify_tag_usage[] = + "git-verify-tag [-v|--verbose] <tag>..."; + +#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----" + +static int run_gpg_verify(const char *buf, unsigned long size, int verbose) +{ + struct child_process gpg; + const char *args_gpg[] = {"gpg", "--verify", "FILE", "-", NULL}; + char path[PATH_MAX], *eol; + size_t len; + int fd, ret; + + fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX"); + if (fd < 0) + return error("could not create temporary file '%s': %s", + path, strerror(errno)); + if (write_in_full(fd, buf, size) < 0) + return error("failed writing temporary file '%s': %s", + path, strerror(errno)); + close(fd); + + /* find the length without signature */ + len = 0; + while (len < size && prefixcmp(buf + len, PGP_SIGNATURE "\n")) { + eol = memchr(buf + len, '\n', size - len); + len += eol ? eol - (buf + len) + 1 : size - len; + } + if (verbose) + write_in_full(1, buf, len); + + memset(&gpg, 0, sizeof(gpg)); + gpg.argv = args_gpg; + gpg.in = -1; + gpg.out = 1; + args_gpg[2] = path; + if (start_command(&gpg)) + return error("could not run gpg."); + + write_in_full(gpg.in, buf, len); + close(gpg.in); + gpg.close_in = 0; + ret = finish_command(&gpg); + + unlink(path); + + return ret; +} + +static int verify_tag(const char *name, int verbose) +{ + enum object_type type; + unsigned char sha1[20]; + char *buf; + unsigned long size; + int ret; + + if (get_sha1(name, sha1)) + return error("tag '%s' not found.", name); + + type = sha1_object_info(sha1, NULL); + if (type != OBJ_TAG) + return error("%s: cannot verify a non-tag object of type %s.", + name, typename(type)); + + buf = read_sha1_file(sha1, &type, &size); + if (!buf) + return error("%s: unable to read file.", name); + + ret = run_gpg_verify(buf, size, verbose); + + free(buf); + return ret; +} + +int cmd_verify_tag(int argc, const char **argv, const char *prefix) +{ + int i = 1, verbose = 0, had_error = 0; + + git_config(git_default_config); + + if (argc == 1) + usage(builtin_verify_tag_usage); + + if (!strcmp(argv[i], "-v") || !strcmp(argv[i], "--verbose")) { + verbose = 1; + i++; + } + + /* sometimes the program was terminated because this signal + * was received in the process of writing the gpg input: */ + signal(SIGPIPE, SIG_IGN); + while (i < argc) + if (verify_tag(argv[i++], verbose)) + had_error = 1; + return had_error; +} |