From: Michael J Gruber <git@drmicha.warpmail.net>
To: Jeff King <peff@peff.net>
Cc: git@vger.kernel.org, Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCHv2 3/6] verify-commit: scriptable commit signature verification
Date: Fri, 13 Jun 2014 13:45:58 +0200 [thread overview]
Message-ID: <539AE476.4030205@drmicha.warpmail.net> (raw)
In-Reply-To: <20140613111945.GC14066@sigill.intra.peff.net>
Jeff King venit, vidit, dixit 13.06.2014 13:19:
> On Fri, Jun 13, 2014 at 12:42:45PM +0200, Michael J Gruber wrote:
>
>> +
>> + free(signature_check.gpg_output);
>> + free(signature_check.gpg_status);
>> + free(signature_check.signer);
>> + free(signature_check.key);
>> + return signature_check.result != 'G';
>> +}
>
> How about .payload here?
I sneekily fix this in 6/6... I thought 3/6 is on next already, too late
for a real v2. Otherwise I would put 6/6 before everything else.
>> + type = sha1_object_info(sha1, NULL);
>> + if (type != OBJ_COMMIT)
>> + return error("%s: cannot verify a non-commit object of type %s.",
>> + name, typename(type));
>> +
>> + buf = read_sha1_file(sha1, &type, &size);
>> + if (!buf)
>> + return error("%s: unable to read file.", name);
>
> I think you can drop the sha1_object_info call and just check "type"
> from read_sha1_file (they _should_ agree, but if they do not, I'd rather
> pay attention to the one that came along with the buffer). And this is
> the uncommon error path, so expanding the object into memory before we
> die is not a big deal.
>
> Should this peel to a commit if given a tag? I'd say probably. I know
> you raised the issue elsewhere of keeping things simple, but I think if
> you are calling verify-commit, you know you want a commit, and we should
> treat the argument as a commit-ish. Anyway, if you go that route, then
> lookup_commit_or_die is probably what you want.
>
> Also, minor nit, but we typically do not end the error messages with a
> full stop (we've been rather inconsistent in the past, but these days
> seem to mostly settle on no punctuation).
>
> -Peff
Both of these issues actually come for following verify-tag as closely
as possible. If 3 is not applied already, I should do away with
sha1_object_info.
About the peeling I'm not so sure, since there's a difference between a
signed tag pointing to a commit and a signed commit. Since
verify-{tag,commit} are bare metal plumbing, I would expect callers to
use <rev>^{commit} explicitly if they don't care how <rev> peels to a
commit.
Michael
next prev parent reply other threads:[~2014-06-13 11:46 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-06 14:15 [PATCH 0/3] verify-commit: verify commit signatures Michael J Gruber
2014-06-06 14:15 ` [PATCH 1/3] pretty: free the gpg status buf Michael J Gruber
2014-06-06 14:15 ` [PATCH 2/3] gpg-interface: provide access to the payload Michael J Gruber
2014-06-13 7:55 ` Jeff King
2014-06-13 9:44 ` Michael J Gruber
2014-06-13 10:34 ` Jeff King
2014-06-06 14:15 ` [PATCH 3/3] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-11 19:48 ` Michael J Gruber
2014-06-13 8:02 ` Jeff King
2014-06-13 9:55 ` Michael J Gruber
2014-06-13 11:09 ` Jeff King
2014-06-13 17:06 ` Junio C Hamano
2014-06-16 9:21 ` Michael J Gruber
2014-06-16 19:54 ` Jeff King
2014-06-16 20:34 ` Junio C Hamano
2014-06-16 20:39 ` Jeff King
2014-06-27 12:31 ` Michael J Gruber
2014-06-27 12:49 ` Michael J Gruber
2014-06-27 13:06 ` Michael J Gruber
2014-06-27 13:18 ` [PATCH] log: correctly identify mergetag signature verification status Michael J Gruber
2014-06-28 0:44 ` Jeff King
2014-07-10 22:27 ` Junio C Hamano
2014-06-27 13:50 ` [PATCH 3/3] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-27 18:55 ` Junio C Hamano
2014-06-27 18:36 ` Junio C Hamano
2014-06-28 0:32 ` Jeff King
2014-06-30 6:14 ` Junio C Hamano
2014-06-13 10:42 ` [PATCHv2 0/6] verify-commit: verify commit signatures Michael J Gruber
2014-06-13 10:42 ` [PATCHv2 1/6] pretty: free the gpg status buf Michael J Gruber
2014-06-13 11:39 ` Jeff King
2014-06-13 10:42 ` [PATCHv2 2/6] gpg-interface: provide access to the payload Michael J Gruber
2014-06-13 10:42 ` [PATCHv2 3/6] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-13 11:19 ` Jeff King
2014-06-13 11:45 ` Michael J Gruber [this message]
2014-06-13 11:50 ` Jeff King
2014-06-13 12:12 ` Michael J Gruber
2014-06-13 10:42 ` [PATCHv2 4/6] t7510: exit for loop with test result Michael J Gruber
2014-06-13 11:46 ` Jeff King
2014-06-13 12:04 ` Michael J Gruber
2014-06-13 12:22 ` Michael J Gruber
2014-06-13 12:33 ` Michael J Gruber
2014-06-13 12:45 ` Jeff King
2014-06-13 12:54 ` Johannes Sixt
2014-06-13 13:06 ` Michael J Gruber
2014-06-13 13:21 ` Johannes Sixt
2014-06-13 13:30 ` Jeff King
2014-06-13 13:31 ` Michael J Gruber
2014-06-13 13:42 ` Johannes Sixt
2014-06-13 18:23 ` Junio C Hamano
2014-06-13 10:42 ` [PATCHv2 5/6] t7510: test verify-commit Michael J Gruber
2014-06-13 11:51 ` Jeff King
2014-06-13 12:14 ` Michael J Gruber
2014-06-13 18:16 ` Junio C Hamano
2014-06-13 10:42 ` [PATCHv2 6/6] gpg-interface: provide clear helper for struct signature_check Michael J Gruber
2014-06-23 7:05 ` [PATCHv3 0/5] verify-commit: verify commit signatures Michael J Gruber
2014-06-23 7:05 ` [PATCHv3 1/5] gpg-interface: provide clear helper for struct signature_check Michael J Gruber
2014-06-23 7:05 ` [PATCHv3 2/5] gpg-interface: provide access to the payload Michael J Gruber
2014-06-23 7:05 ` [PATCHv3 3/5] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-23 7:05 ` [PATCHv3 4/5] t7510: exit for loop with test result Michael J Gruber
2014-06-23 7:05 ` [PATCHv3 5/5] t7510: test verify-commit Michael J Gruber
2014-06-23 23:02 ` Junio C Hamano
2014-06-23 17:28 ` [PATCHv3 0/5] verify-commit: verify commit signatures Jeff King
2014-06-23 17:52 ` Junio C Hamano
2014-06-23 21:09 ` Jeff King
2014-06-23 21:23 ` Junio C Hamano
2014-06-27 14:13 ` [PATCHv4 0/4] " Michael J Gruber
2014-06-27 14:13 ` [PATCHv4 1/4] gpg-interface: provide clear helper for struct signature_check Michael J Gruber
2014-06-27 14:13 ` [PATCHv4 2/4] gpg-interface: provide access to the payload Michael J Gruber
2014-06-27 14:13 ` [PATCHv4 3/4] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-27 14:13 ` [PATCHv4 4/4] t7510: test verify-commit Michael J Gruber
2014-06-27 19:32 ` Junio C Hamano
2014-06-27 20:26 ` Michael J Gruber
2014-06-27 19:07 ` [PATCHv4 0/4] verify-commit: verify commit signatures Junio C Hamano
2014-06-28 0:48 ` Jeff King
2014-06-28 0:49 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=539AE476.4030205@drmicha.warpmail.net \
--to=git@drmicha.warpmail.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.