Merge branch 'st/verify-tag'
Unify internal logic between "git tag -v" and "git verify-tag" commands by making one directly call into the other. * st/verify-tag: tag -v: verify directly rather than exec-ing verify-tag verify-tag: move tag verification code to tag.c verify-tag: prepare verify_tag for libification verify-tag: update variable name and type t7030: test verifying multiple tags builtin/verify-tag.c: ignore SIGPIPE in gpg-interface
This commit is contained in:
commit
b559121e3c
@ -105,13 +105,7 @@ static int delete_tag(const char *name, const char *ref,
|
||||
static int verify_tag(const char *name, const char *ref,
|
||||
const unsigned char *sha1)
|
||||
{
|
||||
const char *argv_verify_tag[] = {"verify-tag",
|
||||
"-v", "SHA1_HEX", NULL};
|
||||
argv_verify_tag[2] = sha1_to_hex(sha1);
|
||||
|
||||
if (run_command_v_opt(argv_verify_tag, RUN_GIT_CMD))
|
||||
return error(_("could not verify the tag '%s'"), name);
|
||||
return 0;
|
||||
return gpg_verify_tag(sha1, name, GPG_VERIFY_VERBOSE);
|
||||
}
|
||||
|
||||
static int do_sign(struct strbuf *buffer)
|
||||
|
@ -18,55 +18,6 @@ static const char * const verify_tag_usage[] = {
|
||||
NULL
|
||||
};
|
||||
|
||||
static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
|
||||
{
|
||||
struct signature_check sigc;
|
||||
int len;
|
||||
int ret;
|
||||
|
||||
memset(&sigc, 0, sizeof(sigc));
|
||||
|
||||
len = parse_signature(buf, size);
|
||||
|
||||
if (size == len) {
|
||||
if (flags & GPG_VERIFY_VERBOSE)
|
||||
write_in_full(1, buf, len);
|
||||
return error("no signature found");
|
||||
}
|
||||
|
||||
ret = check_signature(buf, len, buf + len, size - len, &sigc);
|
||||
print_signature_buffer(&sigc, flags);
|
||||
|
||||
signature_check_clear(&sigc);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int verify_tag(const char *name, unsigned flags)
|
||||
{
|
||||
enum object_type type;
|
||||
unsigned char sha1[20];
|
||||
char *buf;
|
||||
unsigned long size;
|
||||
int ret;
|
||||
|
||||
if (get_sha1(name, sha1))
|
||||
return error("tag '%s' not found.", name);
|
||||
|
||||
type = sha1_object_info(sha1, NULL);
|
||||
if (type != OBJ_TAG)
|
||||
return error("%s: cannot verify a non-tag object of type %s.",
|
||||
name, typename(type));
|
||||
|
||||
buf = read_sha1_file(sha1, &type, &size);
|
||||
if (!buf)
|
||||
return error("%s: unable to read file.", name);
|
||||
|
||||
ret = run_gpg_verify(buf, size, flags);
|
||||
|
||||
free(buf);
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int git_verify_tag_config(const char *var, const char *value, void *cb)
|
||||
{
|
||||
int status = git_gpg_config(var, value, cb);
|
||||
@ -95,11 +46,13 @@ int cmd_verify_tag(int argc, const char **argv, const char *prefix)
|
||||
if (verbose)
|
||||
flags |= GPG_VERIFY_VERBOSE;
|
||||
|
||||
/* sometimes the program was terminated because this signal
|
||||
* was received in the process of writing the gpg input: */
|
||||
signal(SIGPIPE, SIG_IGN);
|
||||
while (i < argc)
|
||||
if (verify_tag(argv[i++], flags))
|
||||
while (i < argc) {
|
||||
unsigned char sha1[20];
|
||||
const char *name = argv[i++];
|
||||
if (get_sha1(name, sha1))
|
||||
had_error = !!error("tag '%s' not found.", name);
|
||||
else if (gpg_verify_tag(sha1, name, flags))
|
||||
had_error = 1;
|
||||
}
|
||||
return had_error;
|
||||
}
|
||||
|
@ -237,6 +237,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
|
||||
return error(_("could not run gpg."));
|
||||
}
|
||||
|
||||
sigchain_push(SIGPIPE, SIG_IGN);
|
||||
write_in_full(gpg.in, payload, payload_size);
|
||||
close(gpg.in);
|
||||
|
||||
@ -250,6 +251,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
|
||||
close(gpg.out);
|
||||
|
||||
ret = finish_command(&gpg);
|
||||
sigchain_pop(SIGPIPE);
|
||||
|
||||
unlink_or_warn(path);
|
||||
|
||||
|
@ -112,4 +112,17 @@ test_expect_success GPG 'verify signatures with --raw' '
|
||||
)
|
||||
'
|
||||
|
||||
test_expect_success GPG 'verify multiple tags' '
|
||||
tags="fourth-signed sixth-signed seventh-signed" &&
|
||||
for i in $tags
|
||||
do
|
||||
git verify-tag -v --raw $i || return 1
|
||||
done >expect.stdout 2>expect.stderr.1 &&
|
||||
grep "^.GNUPG:." <expect.stderr.1 >expect.stderr &&
|
||||
git verify-tag -v --raw $tags >actual.stdout 2>actual.stderr.1 &&
|
||||
grep "^.GNUPG:." <actual.stderr.1 >actual.stderr &&
|
||||
test_cmp expect.stdout actual.stdout &&
|
||||
test_cmp expect.stderr actual.stderr
|
||||
'
|
||||
|
||||
test_done
|
||||
|
53
tag.c
53
tag.c
@ -6,6 +6,59 @@
|
||||
|
||||
const char *tag_type = "tag";
|
||||
|
||||
static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
|
||||
{
|
||||
struct signature_check sigc;
|
||||
size_t payload_size;
|
||||
int ret;
|
||||
|
||||
memset(&sigc, 0, sizeof(sigc));
|
||||
|
||||
payload_size = parse_signature(buf, size);
|
||||
|
||||
if (size == payload_size) {
|
||||
if (flags & GPG_VERIFY_VERBOSE)
|
||||
write_in_full(1, buf, payload_size);
|
||||
return error("no signature found");
|
||||
}
|
||||
|
||||
ret = check_signature(buf, payload_size, buf + payload_size,
|
||||
size - payload_size, &sigc);
|
||||
print_signature_buffer(&sigc, flags);
|
||||
|
||||
signature_check_clear(&sigc);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int gpg_verify_tag(const unsigned char *sha1, const char *name_to_report,
|
||||
unsigned flags)
|
||||
{
|
||||
enum object_type type;
|
||||
char *buf;
|
||||
unsigned long size;
|
||||
int ret;
|
||||
|
||||
type = sha1_object_info(sha1, NULL);
|
||||
if (type != OBJ_TAG)
|
||||
return error("%s: cannot verify a non-tag object of type %s.",
|
||||
name_to_report ?
|
||||
name_to_report :
|
||||
find_unique_abbrev(sha1, DEFAULT_ABBREV),
|
||||
typename(type));
|
||||
|
||||
buf = read_sha1_file(sha1, &type, &size);
|
||||
if (!buf)
|
||||
return error("%s: unable to read file.",
|
||||
name_to_report ?
|
||||
name_to_report :
|
||||
find_unique_abbrev(sha1, DEFAULT_ABBREV));
|
||||
|
||||
ret = run_gpg_verify(buf, size, flags);
|
||||
|
||||
free(buf);
|
||||
return ret;
|
||||
}
|
||||
|
||||
struct object *deref_tag(struct object *o, const char *warn, int warnlen)
|
||||
{
|
||||
while (o && o->type == OBJ_TAG)
|
||||
|
2
tag.h
2
tag.h
@ -17,5 +17,7 @@ extern int parse_tag_buffer(struct tag *item, const void *data, unsigned long si
|
||||
extern int parse_tag(struct tag *item);
|
||||
extern struct object *deref_tag(struct object *, const char *, int);
|
||||
extern struct object *deref_tag_noverify(struct object *);
|
||||
extern int gpg_verify_tag(const unsigned char *sha1,
|
||||
const char *name_to_report, unsigned flags);
|
||||
|
||||
#endif /* TAG_H */
|
||||
|
Loading…
Reference in New Issue
Block a user