summaryrefslogtreecommitdiff
path: root/gpg-interface.c
diff options
context:
space:
mode:
authorbrian m. carlson <sandals@crustytoothpaste.net>2015-06-21 23:14:40 +0000
committerJunio C Hamano <gitster@pobox.com>2015-06-22 14:20:46 -0700
commit434060ec6d9bf50f095db901da3fb9b557e11df1 (patch)
tree7a7dc99fb6b8e1e5eaa566ec4eb5e29ff807e8f2 /gpg-interface.c
parent8e98e5f27aba812c0f095b7e546871e14a4139f6 (diff)
downloadgit-434060ec6d9bf50f095db901da3fb9b557e11df1.tar.gz
gpg: centralize signature check
verify-commit and verify-tag both share a central codepath for verifying commits: check_signature. However, verify-tag exited successfully for untrusted signature, while verify-commit exited unsuccessfully. Centralize this signature check and make verify-commit adopt the older verify-tag behavior. This behavior is more logical anyway, as the signature is in fact valid, whether or not there's a path of trust to the author. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'gpg-interface.c')
-rw-r--r--gpg-interface.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/gpg-interface.c b/gpg-interface.c
index 66dbee25b3..77a4da627e 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -60,7 +60,7 @@ void parse_gpg_output(struct signature_check *sigc)
}
}
-void check_signature(const char *payload, size_t plen, const char *signature,
+int check_signature(const char *payload, size_t plen, const char *signature,
size_t slen, struct signature_check *sigc)
{
struct strbuf gpg_output = STRBUF_INIT;
@@ -81,6 +81,8 @@ void check_signature(const char *payload, size_t plen, const char *signature,
out:
strbuf_release(&gpg_status);
strbuf_release(&gpg_output);
+
+ return sigc->result != 'G' && sigc->result != 'U';
}
/*