diff options
| author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-08-28 15:39:59 +0100 |
|---|---|---|
| committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-08-28 15:39:59 +0100 |
| commit | ebc68394fbb3e731959a0561c2ffa1c98e7256a8 (patch) | |
| tree | 2933c03b1fe82f79c94b48ca2b17b8ffeb6d58ca | |
| parent | 20f8d6f5f8eceadc238a93cfdc23725eca284eae (diff) | |
| download | gall-ebc68394fbb3e731959a0561c2ffa1c98e7256a8.tar.gz | |
Support signed certificate generation ready for gpgv like validation
| -rw-r--r-- | lib/gall/commit.lua | 11 | ||||
| -rw-r--r-- | lib/gall/tag.lua | 10 |
2 files changed, 21 insertions, 0 deletions
diff --git a/lib/gall/commit.lua b/lib/gall/commit.lua index ce1d375..b87904e 100644 --- a/lib/gall/commit.lua +++ b/lib/gall/commit.lua @@ -69,6 +69,7 @@ end local function commitindex(commit, field) if not parsed[commit] then local raw = objs[commit].raw + local sigcert = {} local headers, body, signature = {}, "" local state = "headers" @@ -80,6 +81,7 @@ local function commitindex(commit, field) signature = second .. "\n" state = "signature" else + sigcert[#sigcert+1] = l if headers[first] then headers[first][#headers[first]+1] = second else @@ -88,6 +90,7 @@ local function commitindex(commit, field) end else state = "message" + sigcert[#sigcert+1] = l end elseif state == "signature" then signature = signature .. l:sub(2) .. "\n" @@ -98,6 +101,7 @@ local function commitindex(commit, field) body = body .. l .. "\n" end end + sigcert[#sigcert+1] = body -- there's always one tree rawset(commit, "tree", repos[commit]:get(headers.tree[1])) @@ -112,6 +116,8 @@ local function commitindex(commit, field) rawset(commit, "message", body) -- And an optional signature rawset(commit, "signature", signature) + -- The optional signature has to sign something + rawset(commit, "signedcert", table.concat(sigcert, "\n")) -- Promote the SHA rawset(commit, "sha", objs[commit].sha) @@ -163,6 +169,11 @@ end -- @field signature --- +-- The certificate which the signature (if present) signs +-- +-- @field signedcert + +--- -- The SHA1 OID of the commit -- -- @field sha diff --git a/lib/gall/tag.lua b/lib/gall/tag.lua index 6beafaa..589b7fa 100644 --- a/lib/gall/tag.lua +++ b/lib/gall/tag.lua @@ -61,11 +61,13 @@ local PGP_SIG_START = "-----BEGIN PGP SIGNATURE-----" local function tagindex(tag, field) if not parsed[tag] then local raw = objs[tag].raw + local sigcert = {} local headers, body, signature = {}, "" local state = "headers" for l in raw:gmatch("([^\n]*)\n") do if state == "headers" then + sigcert[#sigcert+1] = l local first, second = l:match("^([^ ]+) (.+)$") if first then assert(not headers[first]) @@ -84,6 +86,7 @@ local function tagindex(tag, field) signature = signature .. l .. "\n" end end + sigcert[#sigcert+1] = body -- there's always one object rawset(tag, "object", repos[tag]:get(headers.object[1])) @@ -97,6 +100,8 @@ local function tagindex(tag, field) rawset(tag, "message", body) -- And an optional signature rawset(tag, "signature", signature) + -- And the certificate it signed + rawset(tag, "signedcert", table.concat(sigcert, "\n")) -- Promote the SHA rawset(tag, "sha", objs[tag].sha) @@ -143,6 +148,11 @@ end -- @field signature --- +-- The certificate which is signed by the signature (if present) +-- +-- @field signedcert + +--- -- The SHA1 OID of the tag -- -- @field sha |