From a4cc18f2934b8d2f00c7c3e11107acb6bfafe2c6 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Sun, 21 Jun 2015 23:14:38 +0000 Subject: verify-tag: share code with verify-commit verify-tag was executing an entirely different codepath than verify-commit, except for the underlying verify_signed_buffer. Move much of the code from check_commit_signature to a generic check_signature function and adjust both codepaths to call it. Update verify-tag to explicitly output the signature text, as we now call verify_signed_buffer with strbufs to catch the output, which prevents it from being printed automatically. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- commit.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'commit.c') diff --git a/commit.c b/commit.c index a8c7577d28..d07a984985 100644 --- a/commit.c +++ b/commit.c @@ -1231,27 +1231,14 @@ void check_commit_signature(const struct commit *commit, struct signature_check { struct strbuf payload = STRBUF_INIT; struct strbuf signature = STRBUF_INIT; - struct strbuf gpg_output = STRBUF_INIT; - struct strbuf gpg_status = STRBUF_INIT; - int status; sigc->result = 'N'; if (parse_signed_commit(commit, &payload, &signature) <= 0) goto out; - status = verify_signed_buffer(payload.buf, payload.len, - signature.buf, signature.len, - &gpg_output, &gpg_status); - if (status && !gpg_output.len) - goto out; - sigc->payload = strbuf_detach(&payload, NULL); - sigc->gpg_output = strbuf_detach(&gpg_output, NULL); - sigc->gpg_status = strbuf_detach(&gpg_status, NULL); - parse_gpg_output(sigc); + check_signature(payload.buf, payload.len, signature.buf, signature.len, sigc); out: - strbuf_release(&gpg_status); - strbuf_release(&gpg_output); strbuf_release(&payload); strbuf_release(&signature); } -- cgit v1.2.1 From 434060ec6d9bf50f095db901da3fb9b557e11df1 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Sun, 21 Jun 2015 23:14:40 +0000 Subject: gpg: centralize signature check verify-commit and verify-tag both share a central codepath for verifying commits: check_signature. However, verify-tag exited successfully for untrusted signature, while verify-commit exited unsuccessfully. Centralize this signature check and make verify-commit adopt the older verify-tag behavior. This behavior is more logical anyway, as the signature is in fact valid, whether or not there's a path of trust to the author. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- commit.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'commit.c') diff --git a/commit.c b/commit.c index d07a984985..909419a13b 100644 --- a/commit.c +++ b/commit.c @@ -1227,20 +1227,24 @@ free_return: free(buf); } -void check_commit_signature(const struct commit *commit, struct signature_check *sigc) +int check_commit_signature(const struct commit *commit, struct signature_check *sigc) { struct strbuf payload = STRBUF_INIT; struct strbuf signature = STRBUF_INIT; + int ret = 1; sigc->result = 'N'; if (parse_signed_commit(commit, &payload, &signature) <= 0) goto out; - check_signature(payload.buf, payload.len, signature.buf, signature.len, sigc); + ret = check_signature(payload.buf, payload.len, signature.buf, + signature.len, sigc); out: strbuf_release(&payload); strbuf_release(&signature); + + return ret; } -- cgit v1.2.1