diff options
author | Junio C Hamano <gitster@pobox.com> | 2013-04-03 09:26:27 -0700 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2013-04-03 09:26:27 -0700 |
commit | b771d8d7cf9dd9d5901e68526be471722870a9f8 (patch) | |
tree | e1035ced0b988881dfede8fc5556575e78ab090f /gpg-interface.c | |
parent | 14c79b1faa113707d8955912af6064d9844f71eb (diff) | |
parent | 0174eeaa736226a0bea19e9bf88c270d61aa9cce (diff) | |
download | git-b771d8d7cf9dd9d5901e68526be471722870a9f8.tar.gz |
Merge branch 'mg/gpg-interface-using-status' into maint
Verification of signed tags were not done correctly when not in C
or en/US locale.
* mg/gpg-interface-using-status:
pretty: make %GK output the signing key for signed commits
pretty: parse the gpg status lines rather than the output
gpg_interface: allow to request status return
log-tree: rely upon the check in the gpg_interface
gpg-interface: check good signature in a reliable way
Diffstat (limited to 'gpg-interface.c')
-rw-r--r-- | gpg-interface.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/gpg-interface.c b/gpg-interface.c index 45590330aa..8b0e87436b 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -96,15 +96,18 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig /* * Run "gpg" to see if the payload matches the detached signature. * gpg_output, when set, receives the diagnostic output from GPG. + * gpg_status, when set, receives the status output from GPG. */ int verify_signed_buffer(const char *payload, size_t payload_size, const char *signature, size_t signature_size, - struct strbuf *gpg_output) + struct strbuf *gpg_output, struct strbuf *gpg_status) { struct child_process gpg; - const char *args_gpg[] = {NULL, "--verify", "FILE", "-", NULL}; + const char *args_gpg[] = {NULL, "--status-fd=1", "--verify", "FILE", "-", NULL}; char path[PATH_MAX]; int fd, ret; + struct strbuf buf = STRBUF_INIT; + struct strbuf *pbuf = &buf; args_gpg[0] = gpg_program; fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX"); @@ -119,9 +122,10 @@ int verify_signed_buffer(const char *payload, size_t payload_size, memset(&gpg, 0, sizeof(gpg)); gpg.argv = args_gpg; gpg.in = -1; + gpg.out = -1; if (gpg_output) gpg.err = -1; - args_gpg[2] = path; + args_gpg[3] = path; if (start_command(&gpg)) { unlink(path); return error(_("could not run gpg.")); @@ -134,9 +138,17 @@ int verify_signed_buffer(const char *payload, size_t payload_size, strbuf_read(gpg_output, gpg.err, 0); close(gpg.err); } + if (gpg_status) + pbuf = gpg_status; + strbuf_read(pbuf, gpg.out, 0); + close(gpg.out); + ret = finish_command(&gpg); unlink_or_warn(path); + ret |= !strstr(pbuf->buf, "\n[GNUPG:] GOODSIG "); + strbuf_release(&buf); /* no matter it was used or not */ + return ret; } |