From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: git@vger.kernel.org
Cc: "René Scharfe" <l.s.r@web.de>,
"Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>,
"Alex Zepeda" <alex@inferiorhumanorgans.com>,
"Michael J Gruber" <git@drmicha.warpmail.net>
Subject: [PATCH 0/3] Raw gpg output support for verify-commit and verify-tag
Date: Sun, 14 Jun 2015 18:51:47 +0000 [thread overview]
Message-ID: <1434307910-705555-1-git-send-email-sandals@crustytoothpaste.net> (raw)
Currently, verify-commit and verify-tag produce human-readable output.
This is great for humans, and awful for machines. It also lacks a lot
of the information that GnuPG's --status-fd output provides.
For example, if you wanted to know
* the hash algorithm;
* whether the signature was made with a subkey; or
* the OpenPGP signature version
none of that information is available in the human-readable output.
We've had people in the past come to the list who require signed commits
in their corporate environment. It's not unreasonable to expect that
they might want to programmatically verify signatures, including aspects
of the signatures we don't currently expose. It's also much nicer to
parse the machine-readable output we already collect than hoping GnuPG
doesn't change its output.
This series introduces a --raw option for verify-commit and verify-tag.
If it's used, they provide the gpg --status-fd output on standard error
instead of the human-readable output. The series also adds tests for
verify-tag, since there were none; these are based off the ones for
verify-commit.
In writing this series, I noticed an incompatibility between
verify-commit and verify-tag. If a valid signature is made with an
untrusted key, verify-commit will exit 1, but verify-tag will exit 0.
I'm unclear on what we can do about this now, short of adding another
option. This is because the two commands share little common code.
brian m. carlson (3):
verify-commit: add option to print raw gpg status information
verify-tag: add tests
verify-tag: add option to print raw gpg status information
Documentation/git-verify-commit.txt | 4 ++
Documentation/git-verify-tag.txt | 4 ++
builtin/verify-commit.c | 13 ++--
builtin/verify-tag.c | 21 +++++--
t/t7030-verify-tag.sh | 116 ++++++++++++++++++++++++++++++++++++
t/t7510-signed-commit.sh | 32 ++++++++++
6 files changed, 178 insertions(+), 12 deletions(-)
create mode 100755 t/t7030-verify-tag.sh
--
2.4.0
next reply other threads:[~2015-06-14 18:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-14 18:51 brian m. carlson [this message]
2015-06-14 18:51 ` [PATCH 1/3] verify-commit: add option to print raw gpg status information brian m. carlson
2015-06-14 18:51 ` [PATCH 2/3] verify-tag: add tests brian m. carlson
2015-06-14 18:51 ` [PATCH 3/3] verify-tag: add option to print raw gpg status information brian m. carlson
2015-06-14 21:23 ` [PATCH 0/3] Raw gpg output support for verify-commit and verify-tag Junio C Hamano
2015-06-14 22:14 ` brian m. carlson
2015-06-15 8:22 ` Michael J Gruber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1434307910-705555-1-git-send-email-sandals@crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=alex@inferiorhumanorgans.com \
--cc=git@drmicha.warpmail.net \
--cc=git@vger.kernel.org \
--cc=l.s.r@web.de \
--cc=pclouds@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).