Merge branch 'mg/gpg-interface-using-status' into maint

Verification of signed tags were not done correctly when not in C
or en/US locale.

* mg/gpg-interface-using-status:
  pretty: make %GK output the signing key for signed commits
  pretty: parse the gpg status lines rather than the output
  gpg_interface: allow to request status return
  log-tree: rely upon the check in the gpg_interface
  gpg-interface: check good signature in a reliable way
This commit is contained in:
Junio C Hamano 2013-04-03 09:26:27 -07:00
commit b771d8d7cf
7 changed files with 46 additions and 25 deletions

View File

@ -133,6 +133,7 @@ The placeholders are:
- '%GG': raw verification message from GPG for a signed commit - '%GG': raw verification message from GPG for a signed commit
- '%G?': show either "G" for Good or "B" for Bad for a signed commit - '%G?': show either "G" for Good or "B" for Bad for a signed commit
- '%GS': show the name of the signer for a signed commit - '%GS': show the name of the signer for a signed commit
- '%GK': show the key used to sign a signed commit
- '%gD': reflog selector, e.g., `refs/stash@{1}` - '%gD': reflog selector, e.g., `refs/stash@{1}`
- '%gd': shortened reflog selector, e.g., `stash@{1}` - '%gd': shortened reflog selector, e.g., `stash@{1}`
- '%gn': reflog identity name - '%gn': reflog identity name

View File

@ -492,7 +492,7 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
if (size == len) if (size == len)
; /* merely annotated */ ; /* merely annotated */
else if (verify_signed_buffer(buf, len, buf + len, size - len, &sig)) { else if (verify_signed_buffer(buf, len, buf + len, size - len, &sig, NULL)) {
if (!sig.len) if (!sig.len)
strbuf_addstr(&sig, "gpg verification failed.\n"); strbuf_addstr(&sig, "gpg verification failed.\n");
} }

View File

@ -29,7 +29,7 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
if (size == len) if (size == len)
return error("no signature found"); return error("no signature found");
return verify_signed_buffer(buf, len, buf + len, size - len, NULL); return verify_signed_buffer(buf, len, buf + len, size - len, NULL, NULL);
} }
static int verify_tag(const char *name, int verbose) static int verify_tag(const char *name, int verbose)

View File

@ -96,15 +96,18 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig
/* /*
* Run "gpg" to see if the payload matches the detached signature. * Run "gpg" to see if the payload matches the detached signature.
* gpg_output, when set, receives the diagnostic output from GPG. * gpg_output, when set, receives the diagnostic output from GPG.
* gpg_status, when set, receives the status output from GPG.
*/ */
int verify_signed_buffer(const char *payload, size_t payload_size, int verify_signed_buffer(const char *payload, size_t payload_size,
const char *signature, size_t signature_size, const char *signature, size_t signature_size,
struct strbuf *gpg_output) struct strbuf *gpg_output, struct strbuf *gpg_status)
{ {
struct child_process gpg; struct child_process gpg;
const char *args_gpg[] = {NULL, "--verify", "FILE", "-", NULL}; const char *args_gpg[] = {NULL, "--status-fd=1", "--verify", "FILE", "-", NULL};
char path[PATH_MAX]; char path[PATH_MAX];
int fd, ret; int fd, ret;
struct strbuf buf = STRBUF_INIT;
struct strbuf *pbuf = &buf;
args_gpg[0] = gpg_program; args_gpg[0] = gpg_program;
fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX"); fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
@ -119,9 +122,10 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
memset(&gpg, 0, sizeof(gpg)); memset(&gpg, 0, sizeof(gpg));
gpg.argv = args_gpg; gpg.argv = args_gpg;
gpg.in = -1; gpg.in = -1;
gpg.out = -1;
if (gpg_output) if (gpg_output)
gpg.err = -1; gpg.err = -1;
args_gpg[2] = path; args_gpg[3] = path;
if (start_command(&gpg)) { if (start_command(&gpg)) {
unlink(path); unlink(path);
return error(_("could not run gpg.")); return error(_("could not run gpg."));
@ -134,9 +138,17 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
strbuf_read(gpg_output, gpg.err, 0); strbuf_read(gpg_output, gpg.err, 0);
close(gpg.err); close(gpg.err);
} }
if (gpg_status)
pbuf = gpg_status;
strbuf_read(pbuf, gpg.out, 0);
close(gpg.out);
ret = finish_command(&gpg); ret = finish_command(&gpg);
unlink_or_warn(path); unlink_or_warn(path);
ret |= !strstr(pbuf->buf, "\n[GNUPG:] GOODSIG ");
strbuf_release(&buf); /* no matter it was used or not */
return ret; return ret;
} }

View File

@ -2,7 +2,7 @@
#define GPG_INTERFACE_H #define GPG_INTERFACE_H
extern int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key); extern int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key);
extern int verify_signed_buffer(const char *payload, size_t payload_size, const char *signature, size_t signature_size, struct strbuf *gpg_output); extern int verify_signed_buffer(const char *payload, size_t payload_size, const char *signature, size_t signature_size, struct strbuf *gpg_output, struct strbuf *gpg_status);
extern int git_gpg_config(const char *, const char *, void *); extern int git_gpg_config(const char *, const char *, void *);
extern void set_signing_key(const char *); extern void set_signing_key(const char *);
extern const char *get_signing_key(void); extern const char *get_signing_key(void);

View File

@ -444,7 +444,7 @@ static void show_signature(struct rev_info *opt, struct commit *commit)
status = verify_signed_buffer(payload.buf, payload.len, status = verify_signed_buffer(payload.buf, payload.len,
signature.buf, signature.len, signature.buf, signature.len,
&gpg_output); &gpg_output, NULL);
if (status && !gpg_output.len) if (status && !gpg_output.len)
strbuf_addstr(&gpg_output, "No signature\n"); strbuf_addstr(&gpg_output, "No signature\n");
@ -508,20 +508,17 @@ static void show_one_mergetag(struct rev_info *opt,
gpg_message_offset = verify_message.len; gpg_message_offset = verify_message.len;
payload_size = parse_signature(extra->value, extra->len); payload_size = parse_signature(extra->value, extra->len);
if ((extra->len <= payload_size) || status = -1;
(verify_signed_buffer(extra->value, payload_size, if (extra->len > payload_size)
extra->value + payload_size, if (verify_signed_buffer(extra->value, payload_size,
extra->len - payload_size, extra->value + payload_size,
&verify_message) && extra->len - payload_size,
verify_message.len <= gpg_message_offset)) { &verify_message, NULL)) {
strbuf_addstr(&verify_message, "No signature\n"); if (verify_message.len <= gpg_message_offset)
status = -1; strbuf_addstr(&verify_message, "No signature\n");
} else
else if (strstr(verify_message.buf + gpg_message_offset, status = 0;
": Good signature from ")) }
status = 0;
else
status = -1;
show_sig_lines(opt, status, verify_message.buf); show_sig_lines(opt, status, verify_message.buf);
strbuf_release(&verify_message); strbuf_release(&verify_message);

View File

@ -769,8 +769,10 @@ struct format_commit_context {
unsigned commit_signature_parsed:1; unsigned commit_signature_parsed:1;
struct { struct {
char *gpg_output; char *gpg_output;
char *gpg_status;
char good_bad; char good_bad;
char *signer; char *signer;
char *key;
} signature; } signature;
char *message; char *message;
size_t width, indent1, indent2; size_t width, indent1, indent2;
@ -958,13 +960,13 @@ static struct {
char result; char result;
const char *check; const char *check;
} signature_check[] = { } signature_check[] = {
{ 'G', ": Good signature from " }, { 'G', "\n[GNUPG:] GOODSIG " },
{ 'B', ": BAD signature from " }, { 'B', "\n[GNUPG:] BADSIG " },
}; };
static void parse_signature_lines(struct format_commit_context *ctx) static void parse_signature_lines(struct format_commit_context *ctx)
{ {
const char *buf = ctx->signature.gpg_output; const char *buf = ctx->signature.gpg_status;
int i; int i;
for (i = 0; i < ARRAY_SIZE(signature_check); i++) { for (i = 0; i < ARRAY_SIZE(signature_check); i++) {
@ -974,6 +976,8 @@ static void parse_signature_lines(struct format_commit_context *ctx)
continue; continue;
ctx->signature.good_bad = signature_check[i].result; ctx->signature.good_bad = signature_check[i].result;
found += strlen(signature_check[i].check); found += strlen(signature_check[i].check);
ctx->signature.key = xmemdupz(found, 16);
found += 17;
next = strchrnul(found, '\n'); next = strchrnul(found, '\n');
ctx->signature.signer = xmemdupz(found, next - found); ctx->signature.signer = xmemdupz(found, next - found);
break; break;
@ -985,6 +989,7 @@ static void parse_commit_signature(struct format_commit_context *ctx)
struct strbuf payload = STRBUF_INIT; struct strbuf payload = STRBUF_INIT;
struct strbuf signature = STRBUF_INIT; struct strbuf signature = STRBUF_INIT;
struct strbuf gpg_output = STRBUF_INIT; struct strbuf gpg_output = STRBUF_INIT;
struct strbuf gpg_status = STRBUF_INIT;
int status; int status;
ctx->commit_signature_parsed = 1; ctx->commit_signature_parsed = 1;
@ -994,13 +999,15 @@ static void parse_commit_signature(struct format_commit_context *ctx)
goto out; goto out;
status = verify_signed_buffer(payload.buf, payload.len, status = verify_signed_buffer(payload.buf, payload.len,
signature.buf, signature.len, signature.buf, signature.len,
&gpg_output); &gpg_output, &gpg_status);
if (status && !gpg_output.len) if (status && !gpg_output.len)
goto out; goto out;
ctx->signature.gpg_output = strbuf_detach(&gpg_output, NULL); ctx->signature.gpg_output = strbuf_detach(&gpg_output, NULL);
ctx->signature.gpg_status = strbuf_detach(&gpg_status, NULL);
parse_signature_lines(ctx); parse_signature_lines(ctx);
out: out:
strbuf_release(&gpg_status);
strbuf_release(&gpg_output); strbuf_release(&gpg_output);
strbuf_release(&payload); strbuf_release(&payload);
strbuf_release(&signature); strbuf_release(&signature);
@ -1210,6 +1217,10 @@ static size_t format_commit_one(struct strbuf *sb, const char *placeholder,
if (c->signature.signer) if (c->signature.signer)
strbuf_addstr(sb, c->signature.signer); strbuf_addstr(sb, c->signature.signer);
break; break;
case 'K':
if (c->signature.key)
strbuf_addstr(sb, c->signature.key);
break;
} }
return 2; return 2;
} }