Merge branch 'st/verify-tag'

Unify internal logic between "git tag -v" and "git verify-tag"
commands by making one directly call into the other.

* st/verify-tag:
  tag -v: verify directly rather than exec-ing verify-tag
  verify-tag: move tag verification code to tag.c
  verify-tag: prepare verify_tag for libification
  verify-tag: update variable name and type
  t7030: test verifying multiple tags
  builtin/verify-tag.c: ignore SIGPIPE in gpg-interface
This commit is contained in:
Junio C Hamano 2016-04-29 12:59:09 -07:00
commit b559121e3c
6 changed files with 78 additions and 61 deletions

View File

@ -105,13 +105,7 @@ static int delete_tag(const char *name, const char *ref,
static int verify_tag(const char *name, const char *ref,
const unsigned char *sha1)
{
const char *argv_verify_tag[] = {"verify-tag",
"-v", "SHA1_HEX", NULL};
argv_verify_tag[2] = sha1_to_hex(sha1);
if (run_command_v_opt(argv_verify_tag, RUN_GIT_CMD))
return error(_("could not verify the tag '%s'"), name);
return 0;
return gpg_verify_tag(sha1, name, GPG_VERIFY_VERBOSE);
}
static int do_sign(struct strbuf *buffer)

View File

@ -18,55 +18,6 @@ static const char * const verify_tag_usage[] = {
NULL
};
static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
{
struct signature_check sigc;
int len;
int ret;
memset(&sigc, 0, sizeof(sigc));
len = parse_signature(buf, size);
if (size == len) {
if (flags & GPG_VERIFY_VERBOSE)
write_in_full(1, buf, len);
return error("no signature found");
}
ret = check_signature(buf, len, buf + len, size - len, &sigc);
print_signature_buffer(&sigc, flags);
signature_check_clear(&sigc);
return ret;
}
static int verify_tag(const char *name, unsigned flags)
{
enum object_type type;
unsigned char sha1[20];
char *buf;
unsigned long size;
int ret;
if (get_sha1(name, sha1))
return error("tag '%s' not found.", name);
type = sha1_object_info(sha1, NULL);
if (type != OBJ_TAG)
return error("%s: cannot verify a non-tag object of type %s.",
name, typename(type));
buf = read_sha1_file(sha1, &type, &size);
if (!buf)
return error("%s: unable to read file.", name);
ret = run_gpg_verify(buf, size, flags);
free(buf);
return ret;
}
static int git_verify_tag_config(const char *var, const char *value, void *cb)
{
int status = git_gpg_config(var, value, cb);
@ -95,11 +46,13 @@ int cmd_verify_tag(int argc, const char **argv, const char *prefix)
if (verbose)
flags |= GPG_VERIFY_VERBOSE;
/* sometimes the program was terminated because this signal
* was received in the process of writing the gpg input: */
signal(SIGPIPE, SIG_IGN);
while (i < argc)
if (verify_tag(argv[i++], flags))
while (i < argc) {
unsigned char sha1[20];
const char *name = argv[i++];
if (get_sha1(name, sha1))
had_error = !!error("tag '%s' not found.", name);
else if (gpg_verify_tag(sha1, name, flags))
had_error = 1;
}
return had_error;
}

View File

@ -237,6 +237,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
return error(_("could not run gpg."));
}
sigchain_push(SIGPIPE, SIG_IGN);
write_in_full(gpg.in, payload, payload_size);
close(gpg.in);
@ -250,6 +251,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
close(gpg.out);
ret = finish_command(&gpg);
sigchain_pop(SIGPIPE);
unlink_or_warn(path);

View File

@ -112,4 +112,17 @@ test_expect_success GPG 'verify signatures with --raw' '
)
'
test_expect_success GPG 'verify multiple tags' '
tags="fourth-signed sixth-signed seventh-signed" &&
for i in $tags
do
git verify-tag -v --raw $i || return 1
done >expect.stdout 2>expect.stderr.1 &&
grep "^.GNUPG:." <expect.stderr.1 >expect.stderr &&
git verify-tag -v --raw $tags >actual.stdout 2>actual.stderr.1 &&
grep "^.GNUPG:." <actual.stderr.1 >actual.stderr &&
test_cmp expect.stdout actual.stdout &&
test_cmp expect.stderr actual.stderr
'
test_done

53
tag.c
View File

@ -6,6 +6,59 @@
const char *tag_type = "tag";
static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
{
struct signature_check sigc;
size_t payload_size;
int ret;
memset(&sigc, 0, sizeof(sigc));
payload_size = parse_signature(buf, size);
if (size == payload_size) {
if (flags & GPG_VERIFY_VERBOSE)
write_in_full(1, buf, payload_size);
return error("no signature found");
}
ret = check_signature(buf, payload_size, buf + payload_size,
size - payload_size, &sigc);
print_signature_buffer(&sigc, flags);
signature_check_clear(&sigc);
return ret;
}
int gpg_verify_tag(const unsigned char *sha1, const char *name_to_report,
unsigned flags)
{
enum object_type type;
char *buf;
unsigned long size;
int ret;
type = sha1_object_info(sha1, NULL);
if (type != OBJ_TAG)
return error("%s: cannot verify a non-tag object of type %s.",
name_to_report ?
name_to_report :
find_unique_abbrev(sha1, DEFAULT_ABBREV),
typename(type));
buf = read_sha1_file(sha1, &type, &size);
if (!buf)
return error("%s: unable to read file.",
name_to_report ?
name_to_report :
find_unique_abbrev(sha1, DEFAULT_ABBREV));
ret = run_gpg_verify(buf, size, flags);
free(buf);
return ret;
}
struct object *deref_tag(struct object *o, const char *warn, int warnlen)
{
while (o && o->type == OBJ_TAG)

2
tag.h
View File

@ -17,5 +17,7 @@ extern int parse_tag_buffer(struct tag *item, const void *data, unsigned long si
extern int parse_tag(struct tag *item);
extern struct object *deref_tag(struct object *, const char *, int);
extern struct object *deref_tag_noverify(struct object *);
extern int gpg_verify_tag(const unsigned char *sha1,
const char *name_to_report, unsigned flags);
#endif /* TAG_H */