diff options
author | Junio C Hamano <gitster@pobox.com> | 2013-04-03 09:26:27 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2013-04-03 09:26:27 -0700 |
commit | b771d8d7cf9dd9d5901e68526be471722870a9f8 (patch) | |
tree | e1035ced0b988881dfede8fc5556575e78ab090f | |
parent | 14c79b1faa113707d8955912af6064d9844f71eb (diff) | |
parent | 0174eeaa736226a0bea19e9bf88c270d61aa9cce (diff) | |
download | git-b771d8d7cf9dd9d5901e68526be471722870a9f8.tar.gz |
Merge branch 'mg/gpg-interface-using-status' into maint
Verification of signed tags were not done correctly when not in C
or en/US locale.
* mg/gpg-interface-using-status:
pretty: make %GK output the signing key for signed commits
pretty: parse the gpg status lines rather than the output
gpg_interface: allow to request status return
log-tree: rely upon the check in the gpg_interface
gpg-interface: check good signature in a reliable way
-rw-r--r-- | Documentation/pretty-formats.txt | 1 | ||||
-rw-r--r-- | builtin/fmt-merge-msg.c | 2 | ||||
-rw-r--r-- | builtin/verify-tag.c | 2 | ||||
-rw-r--r-- | gpg-interface.c | 18 | ||||
-rw-r--r-- | gpg-interface.h | 2 | ||||
-rw-r--r-- | log-tree.c | 27 | ||||
-rw-r--r-- | pretty.c | 19 |
7 files changed, 46 insertions, 25 deletions
diff --git a/Documentation/pretty-formats.txt b/Documentation/pretty-formats.txt index 105f18a6f9..293965524e 100644 --- a/Documentation/pretty-formats.txt +++ b/Documentation/pretty-formats.txt @@ -133,6 +133,7 @@ The placeholders are: - '%GG': raw verification message from GPG for a signed commit - '%G?': show either "G" for Good or "B" for Bad for a signed commit - '%GS': show the name of the signer for a signed commit +- '%GK': show the key used to sign a signed commit - '%gD': reflog selector, e.g., `refs/stash@{1}` - '%gd': shortened reflog selector, e.g., `stash@{1}` - '%gn': reflog identity name diff --git a/builtin/fmt-merge-msg.c b/builtin/fmt-merge-msg.c index b49612f0ce..265a9253bf 100644 --- a/builtin/fmt-merge-msg.c +++ b/builtin/fmt-merge-msg.c @@ -492,7 +492,7 @@ static void fmt_merge_msg_sigs(struct strbuf *out) if (size == len) ; /* merely annotated */ - else if (verify_signed_buffer(buf, len, buf + len, size - len, &sig)) { + else if (verify_signed_buffer(buf, len, buf + len, size - len, &sig, NULL)) { if (!sig.len) strbuf_addstr(&sig, "gpg verification failed.\n"); } diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c index a8eee886a5..9cdf332333 100644 --- a/builtin/verify-tag.c +++ b/builtin/verify-tag.c @@ -29,7 +29,7 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose) if (size == len) return error("no signature found"); - return verify_signed_buffer(buf, len, buf + len, size - len, NULL); + return verify_signed_buffer(buf, len, buf + len, size - len, NULL, NULL); } static int verify_tag(const char *name, int verbose) diff --git a/gpg-interface.c b/gpg-interface.c index 45590330aa..8b0e87436b 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -96,15 +96,18 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig /* * Run "gpg" to see if the payload matches the detached signature. * gpg_output, when set, receives the diagnostic output from GPG. + * gpg_status, when set, receives the status output from GPG. */ int verify_signed_buffer(const char *payload, size_t payload_size, const char *signature, size_t signature_size, - struct strbuf *gpg_output) + struct strbuf *gpg_output, struct strbuf *gpg_status) { struct child_process gpg; - const char *args_gpg[] = {NULL, "--verify", "FILE", "-", NULL}; + const char *args_gpg[] = {NULL, "--status-fd=1", "--verify", "FILE", "-", NULL}; char path[PATH_MAX]; int fd, ret; + struct strbuf buf = STRBUF_INIT; + struct strbuf *pbuf = &buf; args_gpg[0] = gpg_program; fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX"); @@ -119,9 +122,10 @@ int verify_signed_buffer(const char *payload, size_t payload_size, memset(&gpg, 0, sizeof(gpg)); gpg.argv = args_gpg; gpg.in = -1; + gpg.out = -1; if (gpg_output) gpg.err = -1; - args_gpg[2] = path; + args_gpg[3] = path; if (start_command(&gpg)) { unlink(path); return error(_("could not run gpg.")); @@ -134,9 +138,17 @@ int verify_signed_buffer(const char *payload, size_t payload_size, strbuf_read(gpg_output, gpg.err, 0); close(gpg.err); } + if (gpg_status) + pbuf = gpg_status; + strbuf_read(pbuf, gpg.out, 0); + close(gpg.out); + ret = finish_command(&gpg); unlink_or_warn(path); + ret |= !strstr(pbuf->buf, "\n[GNUPG:] GOODSIG "); + strbuf_release(&buf); /* no matter it was used or not */ + return ret; } diff --git a/gpg-interface.h b/gpg-interface.h index b9c36088ce..cf99021842 100644 --- a/gpg-interface.h +++ b/gpg-interface.h @@ -2,7 +2,7 @@ #define GPG_INTERFACE_H extern int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key); -extern int verify_signed_buffer(const char *payload, size_t payload_size, const char *signature, size_t signature_size, struct strbuf *gpg_output); +extern int verify_signed_buffer(const char *payload, size_t payload_size, const char *signature, size_t signature_size, struct strbuf *gpg_output, struct strbuf *gpg_status); extern int git_gpg_config(const char *, const char *, void *); extern void set_signing_key(const char *); extern const char *get_signing_key(void); diff --git a/log-tree.c b/log-tree.c index 5dc45c4812..3d88823871 100644 --- a/log-tree.c +++ b/log-tree.c @@ -444,7 +444,7 @@ static void show_signature(struct rev_info *opt, struct commit *commit) status = verify_signed_buffer(payload.buf, payload.len, signature.buf, signature.len, - &gpg_output); + &gpg_output, NULL); if (status && !gpg_output.len) strbuf_addstr(&gpg_output, "No signature\n"); @@ -508,20 +508,17 @@ static void show_one_mergetag(struct rev_info *opt, gpg_message_offset = verify_message.len; payload_size = parse_signature(extra->value, extra->len); - if ((extra->len <= payload_size) || - (verify_signed_buffer(extra->value, payload_size, - extra->value + payload_size, - extra->len - payload_size, - &verify_message) && - verify_message.len <= gpg_message_offset)) { - strbuf_addstr(&verify_message, "No signature\n"); - status = -1; - } - else if (strstr(verify_message.buf + gpg_message_offset, - ": Good signature from ")) - status = 0; - else - status = -1; + status = -1; + if (extra->len > payload_size) + if (verify_signed_buffer(extra->value, payload_size, + extra->value + payload_size, + extra->len - payload_size, + &verify_message, NULL)) { + if (verify_message.len <= gpg_message_offset) + strbuf_addstr(&verify_message, "No signature\n"); + else + status = 0; + } show_sig_lines(opt, status, verify_message.buf); strbuf_release(&verify_message); @@ -769,8 +769,10 @@ struct format_commit_context { unsigned commit_signature_parsed:1; struct { char *gpg_output; + char *gpg_status; char good_bad; char *signer; + char *key; } signature; char *message; size_t width, indent1, indent2; @@ -958,13 +960,13 @@ static struct { char result; const char *check; } signature_check[] = { - { 'G', ": Good signature from " }, - { 'B', ": BAD signature from " }, + { 'G', "\n[GNUPG:] GOODSIG " }, + { 'B', "\n[GNUPG:] BADSIG " }, }; static void parse_signature_lines(struct format_commit_context *ctx) { - const char *buf = ctx->signature.gpg_output; + const char *buf = ctx->signature.gpg_status; int i; for (i = 0; i < ARRAY_SIZE(signature_check); i++) { @@ -974,6 +976,8 @@ static void parse_signature_lines(struct format_commit_context *ctx) continue; ctx->signature.good_bad = signature_check[i].result; found += strlen(signature_check[i].check); + ctx->signature.key = xmemdupz(found, 16); + found += 17; next = strchrnul(found, '\n'); ctx->signature.signer = xmemdupz(found, next - found); break; @@ -985,6 +989,7 @@ static void parse_commit_signature(struct format_commit_context *ctx) struct strbuf payload = STRBUF_INIT; struct strbuf signature = STRBUF_INIT; struct strbuf gpg_output = STRBUF_INIT; + struct strbuf gpg_status = STRBUF_INIT; int status; ctx->commit_signature_parsed = 1; @@ -994,13 +999,15 @@ static void parse_commit_signature(struct format_commit_context *ctx) goto out; status = verify_signed_buffer(payload.buf, payload.len, signature.buf, signature.len, - &gpg_output); + &gpg_output, &gpg_status); if (status && !gpg_output.len) goto out; ctx->signature.gpg_output = strbuf_detach(&gpg_output, NULL); + ctx->signature.gpg_status = strbuf_detach(&gpg_status, NULL); parse_signature_lines(ctx); out: + strbuf_release(&gpg_status); strbuf_release(&gpg_output); strbuf_release(&payload); strbuf_release(&signature); @@ -1210,6 +1217,10 @@ static size_t format_commit_one(struct strbuf *sb, const char *placeholder, if (c->signature.signer) strbuf_addstr(sb, c->signature.signer); break; + case 'K': + if (c->signature.key) + strbuf_addstr(sb, c->signature.key); + break; } return 2; } |