From: John Keeping <john@keeping.me.uk>
To: "Sebastian Götte" <jaseg@physik.tu-berlin.de>
Cc: git@vger.kernel.org, gitster@pobox.com, trast@inf.ethz.ch
Subject: Re: [PATCH v7 4/5] merge/pull Check for untrusted good GPG signatures
Date: Sun, 31 Mar 2013 15:44:52 +0100 [thread overview]
Message-ID: <20130331144452.GF2286@serenity.lan> (raw)
In-Reply-To: <51584955.40007@physik.tu-berlin.de>
On Sun, Mar 31, 2013 at 04:33:57PM +0200, Sebastian Götte wrote:
> When --verify-signatures is specified, abort the merge in case a good
> GPG signature from an untrusted key is encountered.
>
> Signed-off-by: Sebastian Götte <jaseg@physik-pool.tu-berlin.de>
> ---
> Documentation/merge-options.txt | 4 ++--
> builtin/merge.c | 2 ++
> commit.c | 13 ++++++++-----
> commit.h | 10 +++++-----
> gpg-interface.h | 1 +
> t/lib-gpg/pubring.gpg | Bin 1164 -> 2359 bytes
> t/lib-gpg/random_seed | Bin 600 -> 600 bytes
> t/lib-gpg/secring.gpg | Bin 1237 -> 3734 bytes
> t/lib-gpg/trustdb.gpg | Bin 1280 -> 1360 bytes
> t/t7612-merge-verify-signatures.sh | 9 +++++++++
> 10 files changed, 27 insertions(+), 12 deletions(-)
>
> diff --git a/Documentation/merge-options.txt b/Documentation/merge-options.txt
> index 31f1067..a0f022b 100644
> --- a/Documentation/merge-options.txt
> +++ b/Documentation/merge-options.txt
> @@ -85,8 +85,8 @@ option can be used to override --squash.
>
> --verify-signatures::
> --no-verify-signatures::
> - Verify that the commits being merged have good GPG signatures and abort the
> - merge in case they do not.
> + Verify that the commits being merged have good and trusted GPG signatures
> + and abort the merge in case they do not.
>
> --summary::
> --no-summary::
> diff --git a/builtin/merge.c b/builtin/merge.c
> index 7a33d03..752e3a9 100644
> --- a/builtin/merge.c
> +++ b/builtin/merge.c
> @@ -1248,6 +1248,8 @@ int cmd_merge(int argc, const char **argv, const char *prefix)
> switch(signature_check.result){
> case 'G':
> break;
> + case 'U':
> + die(_("Commit %s has a good, untrusted GPG signature allegedly by %s."), hex, signature_check.signer);
> case 'B':
> die(_("Commit %s has a bad GPG signature allegedly by %s."), hex, signature_check.signer);
> default: /* 'N' */
> diff --git a/commit.c b/commit.c
> index eda7f90..bb2d9ad 100644
> --- a/commit.c
> +++ b/commit.c
> @@ -1029,6 +1029,8 @@ static struct {
> } sigcheck_gpg_status[] = {
> { 'G', "[GNUPG:] GOODSIG " },
> { 'B', "[GNUPG:] BADSIG " },
> + { 'U', "[GNUPG:] TRUST_NEVER" },
> + { 'U', "[GNUPG:] TRUST_UNDEFINED" },
> };
>
> static void parse_gpg_output(struct signature_check *sigc)
> @@ -1050,11 +1052,12 @@ static void parse_gpg_output(struct signature_check *sigc)
> found += strlen(sigcheck_gpg_status[i].check);
> }
> sigc->result = sigcheck_gpg_status[i].result;
> - sigc->key = xmemdupz(found, 16);
> - found += 17;
> - next = strchrnul(found, '\n');
> - sigc->signer = xmemdupz(found, next - found);
> - break;
> + if (sigc->result != 'U') {
This could use a comment; we know now that only GOODSIG and BADSIG
are followed by a signature, but someone looking at this code in the
future will probably appreciate an explanation.
> + sigc->key = xmemdupz(found, 16);
> + found += 17;
> + next = strchrnul(found, '\n');
> + sigc->signer = xmemdupz(found, next - found);
> + }
> }
> }
>
next prev parent reply other threads:[~2013-03-31 14:45 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-23 1:57 [PATCH v2 1/4] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-25 15:54 ` Junio C Hamano
2013-03-25 23:46 ` [PATCH 0/5] Verify GPG signatures when merging and extend %G? pretty string Sebastian Götte
2013-03-26 1:46 ` Junio C Hamano
2013-03-26 11:05 ` [PATCH v4 " Sebastian Götte
2013-03-26 16:26 ` Junio C Hamano
2013-03-26 16:43 ` Sebastian Götte
[not found] ` <cover.1364295502.git.jaseg@physik-pool.tu-berlin.de>
2013-03-26 11:05 ` [PATCH v4 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-26 11:05 ` [PATCH v4 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-28 22:33 ` Junio C Hamano
2013-03-26 11:05 ` [PATCH v4 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-28 22:33 ` Junio C Hamano
2013-03-30 0:13 ` [PATCH v5 0/5] Verify GPG signatures when merging and extend %G? pretty string Sebastian Götte
[not found] ` <cover.1364601337.git.jaseg@physik-pool.tu-berlin.de>
2013-03-30 0:14 ` [PATCH v5 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-30 3:37 ` Junio C Hamano
2013-03-30 0:14 ` [PATCH v5 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-30 3:37 ` Junio C Hamano
2013-03-30 0:14 ` [PATCH v5 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-30 3:38 ` Junio C Hamano
2013-03-30 14:14 ` [PATCH v6 0/5] Verify GPG signatures when merging and extend %G? pretty string Sebastian Götte
[not found] ` <cover.1364652339.git.jaseg@physik-pool.tu-berlin.de>
2013-03-30 14:15 ` [PATCH v6 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-30 14:15 ` [PATCH v6 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-30 14:15 ` [PATCH v6 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-30 14:16 ` [PATCH v6 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-30 14:16 ` [PATCH v6 5/5] pretty printing: extend %G? to include 'N' and 'U' Sebastian Götte
2013-03-30 0:14 ` [PATCH v5 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-31 8:32 ` Thomas Rast
2013-03-31 10:55 ` Sebastian Götte
2013-03-31 11:38 ` Thomas Rast
2013-03-31 11:57 ` Sebastian Götte
2013-03-31 12:16 ` Thomas Rast
2013-03-31 12:27 ` Sebastian Götte
2013-03-31 13:33 ` John Keeping
2013-03-31 14:32 ` [PATCH v7 0/5] Verify GPG signatures when merging and extend %G? pretty string Sebastian Götte
[not found] ` <cover.1364738348.git.jaseg@physik-pool.tu-berlin.de>
2013-03-31 14:32 ` [PATCH v7 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-31 14:32 ` [PATCH v7 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-31 14:41 ` John Keeping
2013-03-31 14:33 ` [PATCH v7 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-31 14:33 ` [PATCH v7 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-31 14:44 ` John Keeping [this message]
2013-03-31 15:03 ` Thomas Rast
2013-03-31 15:21 ` Sebastian Götte
2013-03-31 15:27 ` Thomas Rast
2013-03-31 15:26 ` John Keeping
2013-03-31 15:58 ` [PATCH v8 0/5] Verify GPG signatures when merging and extend %G? pretty string Sebastian Götte
[not found] ` <cover.1364742659.git.jaseg@physik-pool.tu-berlin.de>
2013-03-31 16:00 ` [PATCH v8 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-31 16:01 ` [PATCH v8 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-31 16:02 ` [PATCH v8 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-04-01 2:47 ` Junio C Hamano
2013-04-01 12:53 ` Sebastian Götte
2013-04-01 14:55 ` Junio C Hamano
2013-03-31 16:02 ` [PATCH v8 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-31 16:03 ` [PATCH v8 5/5] pretty printing: extend %G? to include 'N' and 'U' Sebastian Götte
2013-03-31 14:34 ` [PATCH v7 " Sebastian Götte
2013-03-30 0:15 ` [PATCH v5 " Sebastian Götte
2013-03-26 11:05 ` [PATCH v4 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-26 11:05 ` [PATCH v4 5/5] pretty printing: extend %G? to include 'N' and 'U' Sebastian Götte
[not found] ` <cover.1364254748.git.jaseg@physik-pool.tu-berlin.de>
2013-03-25 23:46 ` [PATCH 1/5] Move commit GPG signature verification to commit.c Sebastian Götte
2013-03-25 23:46 ` [PATCH 2/5] commit.c/GPG signature verification: Also look at the first GPG status line Sebastian Götte
2013-03-25 23:46 ` [PATCH 3/5] merge/pull: verify GPG signatures of commits being merged Sebastian Götte
2013-03-25 23:46 ` [PATCH 4/5] merge/pull Check for untrusted good GPG signatures Sebastian Götte
2013-03-25 23:46 ` [PATCH 5/5] pretty printing: extend %G? to include 'N' and 'U' Sebastian Götte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130331144452.GF2286@serenity.lan \
--to=john@keeping.me.uk \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jaseg@physik.tu-berlin.de \
--cc=trast@inf.ethz.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.