Merge branch 'jk/verify-sig-merge-into-void'
"git merge" and "git pull" that merges into an unborn branch used to completely ignore "--verify-signatures", which has been corrected. * jk/verify-sig-merge-into-void: pull: handle --verify-signatures for unborn branch merge: handle --verify-signatures for unborn branch merge: extract verify_merge_signature() helper
This commit is contained in:
Junio C Hamano
commit
6d2035ee60
@ -1337,6 +1337,10 @@ int cmd_merge(int argc, const char **argv, const char *prefix)
|
||||
die(_("%s - not something we can merge"), argv[0]);
|
||||
if (remoteheads->next)
|
||||
die(_("Can merge only exactly one commit into empty head"));
|
||||
|
||||
if (verify_signatures)
|
||||
verify_merge_signature(remoteheads->item, verbosity);
|
||||
|
||||
remote_head_oid = &remoteheads->item->object.oid;
|
||||
read_empty(remote_head_oid, 0);
|
||||
update_ref("initial pull", "HEAD", remote_head_oid, NULL, 0,
|
||||
@ -1358,31 +1362,7 @@ int cmd_merge(int argc, const char **argv, const char *prefix)
|
||||
|
||||
if (verify_signatures) {
|
||||
for (p = remoteheads; p; p = p->next) {
|
||||
struct commit *commit = p->item;
|
||||
char hex[GIT_MAX_HEXSZ + 1];
|
||||
struct signature_check signature_check;
|
||||
memset(&signature_check, 0, sizeof(signature_check));
|
||||
|
||||
check_commit_signature(commit, &signature_check);
|
||||
|
||||
find_unique_abbrev_r(hex, &commit->object.oid, DEFAULT_ABBREV);
|
||||
switch (signature_check.result) {
|
||||
case 'G':
|
||||
break;
|
||||
case 'U':
|
||||
die(_("Commit %s has an untrusted GPG signature, "
|
||||
"allegedly by %s."), hex, signature_check.signer);
|
||||
case 'B':
|
||||
die(_("Commit %s has a bad GPG signature "
|
||||
"allegedly by %s."), hex, signature_check.signer);
|
||||
default: /* 'N' */
|
||||
die(_("Commit %s does not have a GPG signature."), hex);
|
||||
}
|
||||
if (verbosity >= 0 && signature_check.result == 'G')
|
||||
printf(_("Commit %s has a good GPG signature by %s\n"),
|
||||
hex, signature_check.signer);
|
||||
|
||||
signature_check_clear(&signature_check);
|
||||
verify_merge_signature(p->item, verbosity);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -557,6 +557,17 @@ static int run_fetch(const char *repo, const char **refspecs)
|
||||
static int pull_into_void(const struct object_id *merge_head,
|
||||
const struct object_id *curr_head)
|
||||
{
|
||||
if (opt_verify_signatures) {
|
||||
struct commit *commit;
|
||||
|
||||
commit = lookup_commit(the_repository, merge_head);
|
||||
if (!commit)
|
||||
die(_("unable to access commit %s"),
|
||||
oid_to_hex(merge_head));
|
||||
|
||||
verify_merge_signature(commit, opt_verbosity);
|
||||
}
|
||||
|
||||
/*
|
||||
* Two-way merge: we treat the index as based on an empty tree,
|
||||
* and try to fast-forward to HEAD. This ensures we will not lose
|
||||
|
||||
26
commit.c
26
commit.c
@ -1099,7 +1099,33 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
|
||||
return ret;
|
||||
}
|
||||
|
||||
void verify_merge_signature(struct commit *commit, int verbosity)
|
||||
{
|
||||
char hex[GIT_MAX_HEXSZ + 1];
|
||||
struct signature_check signature_check;
|
||||
memset(&signature_check, 0, sizeof(signature_check));
|
||||
|
||||
check_commit_signature(commit, &signature_check);
|
||||
|
||||
find_unique_abbrev_r(hex, &commit->object.oid, DEFAULT_ABBREV);
|
||||
switch (signature_check.result) {
|
||||
case 'G':
|
||||
break;
|
||||
case 'U':
|
||||
die(_("Commit %s has an untrusted GPG signature, "
|
||||
"allegedly by %s."), hex, signature_check.signer);
|
||||
case 'B':
|
||||
die(_("Commit %s has a bad GPG signature "
|
||||
"allegedly by %s."), hex, signature_check.signer);
|
||||
default: /* 'N' */
|
||||
die(_("Commit %s does not have a GPG signature."), hex);
|
||||
}
|
||||
if (verbosity >= 0 && signature_check.result == 'G')
|
||||
printf(_("Commit %s has a good GPG signature by %s\n"),
|
||||
hex, signature_check.signer);
|
||||
|
||||
signature_check_clear(&signature_check);
|
||||
}
|
||||
|
||||
void append_merge_tag_headers(struct commit_list *parents,
|
||||
struct commit_extra_header ***tail)
|
||||
|
||||
8
commit.h
8
commit.h
@ -340,6 +340,14 @@ void record_author_date(struct author_date_slab *author_date,
|
||||
struct commit *commit);
|
||||
|
||||
int compare_commits_by_author_date(const void *a_, const void *b_, void *unused);
|
||||
|
||||
/*
|
||||
* Verify a single commit with check_commit_signature() and die() if it is not
|
||||
* a good signature. This isn't really suitable for general use, but is a
|
||||
* helper to implement consistent logic for pull/merge --verify-signatures.
|
||||
*/
|
||||
void verify_merge_signature(struct commit *commit, int verbose);
|
||||
|
||||
int compare_commits_by_commit_date(const void *a_, const void *b_, void *unused);
|
||||
int compare_commits_by_gen_then_commit_date(const void *a_, const void *b_, void *unused);
|
||||
|
||||
|
||||
@ -78,4 +78,11 @@ test_expect_success GPG 'pull commit with bad signature with --no-verify-signatu
|
||||
git pull --ff-only --no-verify-signatures bad 2>pullerror
|
||||
'
|
||||
|
||||
test_expect_success GPG 'pull unsigned commit into unborn branch' '
|
||||
git init empty-repo &&
|
||||
test_must_fail \
|
||||
git -C empty-repo pull --verify-signatures .. 2>pullerror &&
|
||||
test_i18ngrep "does not have a GPG signature" pullerror
|
||||
'
|
||||
|
||||
test_done
|
||||
|
||||
@ -103,4 +103,11 @@ test_expect_success GPG 'merge commit with bad signature with merge.verifySignat
|
||||
git merge --no-verify-signatures $(cat forged.commit)
|
||||
'
|
||||
|
||||
test_expect_success GPG 'merge unsigned commit into unborn branch' '
|
||||
test_when_finished "git checkout initial" &&
|
||||
git checkout --orphan unborn &&
|
||||
test_must_fail git merge --verify-signatures side-unsigned 2>mergeerror &&
|
||||
test_i18ngrep "does not have a GPG signature" mergeerror
|
||||
'
|
||||
|
||||
test_done
|
||||
|
||||
Loading…
Reference in New Issue
Block a user