git-commit-vandalism/builtin/verify-commit.c
Jeff King 837303700a verify-commit: simplify parameters to run_gpg_verify()
The buf/len parameters of run_gpg_verify() have never been used since
the function was added in d07b00b7f3 (verify-commit: scriptable commit
signature verification, 2014-06-23). Instead, check_commit_signature()
accesses the commit struct directly.

Worse, we read the whole object just to check its type and do not attach
it to the "struct commit". Meaning we end up loading the object from
disk twice for no good reason.

And to further confuse matters, our type check is comes from what we
read from disk, but we later assume that lookup_commit() will return
non-NULL. This might not be true if some other object previously
referenced the same oid as a non-commit (though this may be impossible
to trigger in practice since we don't generally parse any other objects
in this command).

Instead, let's do our type check by loading the object via
parse_object(). That will attach the buffer to the struct so it can be
used later by check_commit_signature(). And it ensures that
lookup_commit() will return something sane.

And then we can just drop the unused "buf" and "len" parameters
entirely.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2019-05-13 14:22:54 +09:00

92 lines
2.3 KiB
C

/*
* Builtin "git commit-commit"
*
* Copyright (c) 2014 Michael J Gruber <git@drmicha.warpmail.net>
*
* Based on git-verify-tag
*/
#include "cache.h"
#include "config.h"
#include "builtin.h"
#include "object-store.h"
#include "repository.h"
#include "commit.h"
#include "run-command.h"
#include <signal.h>
#include "parse-options.h"
#include "gpg-interface.h"
static const char * const verify_commit_usage[] = {
N_("git verify-commit [-v | --verbose] <commit>..."),
NULL
};
static int run_gpg_verify(struct commit *commit, unsigned flags)
{
struct signature_check signature_check;
int ret;
memset(&signature_check, 0, sizeof(signature_check));
ret = check_commit_signature(commit, &signature_check);
print_signature_buffer(&signature_check, flags);
signature_check_clear(&signature_check);
return ret;
}
static int verify_commit(const char *name, unsigned flags)
{
struct object_id oid;
struct object *obj;
if (get_oid(name, &oid))
return error("commit '%s' not found.", name);
obj = parse_object(the_repository, &oid);
if (!obj)
return error("%s: unable to read file.", name);
if (obj->type != OBJ_COMMIT)
return error("%s: cannot verify a non-commit object of type %s.",
name, type_name(obj->type));
return run_gpg_verify((struct commit *)obj, flags);
}
static int git_verify_commit_config(const char *var, const char *value, void *cb)
{
int status = git_gpg_config(var, value, cb);
if (status)
return status;
return git_default_config(var, value, cb);
}
int cmd_verify_commit(int argc, const char **argv, const char *prefix)
{
int i = 1, verbose = 0, had_error = 0;
unsigned flags = 0;
const struct option verify_commit_options[] = {
OPT__VERBOSE(&verbose, N_("print commit contents")),
OPT_BIT(0, "raw", &flags, N_("print raw gpg status output"), GPG_VERIFY_RAW),
OPT_END()
};
git_config(git_verify_commit_config, NULL);
argc = parse_options(argc, argv, prefix, verify_commit_options,
verify_commit_usage, PARSE_OPT_KEEP_ARGV0);
if (argc <= i)
usage_with_options(verify_commit_usage, verify_commit_options);
if (verbose)
flags |= GPG_VERIFY_VERBOSE;
/* sometimes the program was terminated because this signal
* was received in the process of writing the gpg input: */
signal(SIGPIPE, SIG_IGN);
while (i < argc)
if (verify_commit(argv[i++], flags))
had_error = 1;
return had_error;
}