From: Santiago Torres <santiago@nyu.edu>
To: Jeff King <peff@peff.net>
Cc: git@vger.kernel.org, Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCH/RFC] builtin/tag.c: move PGP verification inside builtin.
Date: Thu, 24 Mar 2016 18:32:58 -0400 [thread overview]
Message-ID: <20160324223257.GE8830@LykOS> (raw)
In-Reply-To: <20160324221457.GB17805@sigill.intra.peff.net>
> > This is my first stab at this, in the dumbest/simplest way imaginable. I
> > don't like that there is no code reuse (the run_gpg_verify function is
> > repeated here and in the plumbing command). I would appreciate pointers
> > on what would be the best way to avoid this.
>
> It looks to me like you could factor the repeated code into a common
> verify_tag(), but maybe I am missing something.
I see, yes. This looks like the way forward.
>
> > I also spent quite some time figuring out what you meant with
> >
> > > Do note the trickery with SIGPIPE in verify-tag, though. We probably
> > > need to do the same here (in fact, I wonder if that should be pushed
> > > down into the code that calls gpg).
> > I don't see any explicit SIGPIPE trickery here. Any pointers?
>
> There is a call to ignore SIGPIPE in builtin/verify-tag.c, line 100.
> Do we need to do be doing the same thing here?
>
> There's some discussion in the thread starting at:
>
> http://thread.gmane.org/gmane.comp.version-control.git/53878/focus=53904
>
> The claim there is that we get SIGPIPE and die early if we feed gpg a
> tag which isn't signed. We _should_ be catching that case already via
> parse_signature(), though I wonder if it can be fooled (e.g., something
> that looks like a signature, but when gpg parses it, it turns out to be
> bogus). So we should probably continue ignoring SIGPIPE to be on the
> safe side.
>
> But I notice that we already handle SIGPIPE explicitly in sign_buffer()
> for similar reasons. What I was wondering earlier was whether we should
> teach other functions that call gpg (like verify_signed_buffer()) to
> ignore SIGPIPE, too, so that we can return a reasonable error value
> rather than just killing the whole program.
>
Now I get it I think this should be easy to achieve by moving
verify_tag() to tag.c, along with the static run_gpg_verify functions. I
could move the SIGPIPE call inside the verify-tag command and patch up
everything accordingly. Does this sound ok?
Thanks,
-Santiago.
next prev parent reply other threads:[~2016-03-24 22:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-24 21:39 [PATCH/RFC] builtin/tag.c: move PGP verification inside builtin santiago
2016-03-24 21:51 ` Santiago Torres
2016-03-24 22:14 ` Jeff King
2016-03-24 22:32 ` Santiago Torres [this message]
2016-03-24 23:27 ` Jeff King
2016-03-24 22:10 ` Jeff King
2016-03-24 22:24 ` Santiago Torres
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160324223257.GE8830@LykOS \
--to=santiago@nyu.edu \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.