From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: git@vger.kernel.org
Cc: "René Scharfe" <l.s.r@web.de>,
"Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>,
"Alex Zepeda" <alex@inferiorhumanorgans.com>,
"Michael J Gruber" <git@drmicha.warpmail.net>
Subject: [PATCH v2 0/7] Raw gpg output support for verify-commit and verify-tag
Date: Sun, 21 Jun 2015 23:14:36 +0000 [thread overview]
Message-ID: <1434928483-105916-1-git-send-email-sandals@crustytoothpaste.net> (raw)
Currently, verify-commit and verify-tag produce human-readable output.
This is great for humans, and awful for machines. It also lacks a lot
of the information that GnuPG's --status-fd output provides.
For example, if you wanted to know
* the hash algorithm;
* whether the signature was made with a subkey; or
* the OpenPGP signature version
none of that information is available in the human-readable output.
This series introduces a --raw option for verify-commit and verify-tag.
If it's used, they provide the gpg --status-fd output on standard error
instead of the human-readable output. The series also adds tests for
verify-tag, since there were none; these are based off the ones for
verify-commit.
v2 of the series corrects one of two incompatibilities between
verify-commit and verify-tag. If a valid signature was made with an
untrusted key, verify-commit would exit 1, but verify-tag would exit 0.
This has been corrected (as Michael J Gruber suggested); both now return
0, as the signature is in fact good.
The other incompatibility is that verify-tag --verbose always prints the
tag contents even if no signature is found, while verify-commit
--verbose does not print the commit. I left this alone, as it seemed
easy enough to accommodate at the expense of making the code slightly
uglier.
Changes since v1:
* Unify some of the code between verify-commit and verify-tag.
* Pass the --verbose and --raw options as flags instead of individual
boolean arguments.
* Reorder the patches to ensure that verify-tag tests came before
refactors, to avoid regressing functionality.
* Changed verify-commit to succeed if a signature is good, regardless of
whether it is trusted, at Michael J Gruber's suggestion.
brian m. carlson (7):
verify-tag: add tests
verify-tag: share code with verify-commit
verify-commit: add test for exit status on untrusted signature
gpg: centralize signature check
gpg: centralize printing signature buffers
verify-commit: add option to print raw gpg status information
verify-tag: add option to print raw gpg status information
Documentation/git-verify-commit.txt | 4 ++
Documentation/git-verify-tag.txt | 4 ++
builtin/verify-commit.c | 25 ++++----
builtin/verify-tag.c | 30 +++++++---
commit.c | 21 ++-----
commit.h | 2 +-
gpg-interface.c | 37 ++++++++++++
gpg-interface.h | 6 ++
t/t7030-verify-tag.sh | 115 ++++++++++++++++++++++++++++++++++++
t/t7510-signed-commit.sh | 38 ++++++++++++
10 files changed, 246 insertions(+), 36 deletions(-)
create mode 100755 t/t7030-verify-tag.sh
--
2.4.0
next reply other threads:[~2015-06-21 23:15 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-21 23:14 brian m. carlson [this message]
2015-06-21 23:14 ` [PATCH v2 1/7] verify-tag: add tests brian m. carlson
2015-06-21 23:14 ` [PATCH v2 2/7] verify-tag: share code with verify-commit brian m. carlson
2015-06-21 23:14 ` [PATCH v2 3/7] verify-commit: add test for exit status on untrusted signature brian m. carlson
2015-06-21 23:14 ` [PATCH v2 4/7] gpg: centralize signature check brian m. carlson
2015-06-21 23:14 ` [PATCH v2 5/7] gpg: centralize printing signature buffers brian m. carlson
2015-06-21 23:14 ` [PATCH v2 6/7] verify-commit: add option to print raw gpg status information brian m. carlson
2015-06-21 23:14 ` [PATCH v2 7/7] verify-tag: " brian m. carlson
2015-06-22 0:38 ` [PATCH v2 0/7] Raw gpg output support for verify-commit and verify-tag Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1434928483-105916-1-git-send-email-sandals@crustytoothpaste.net \
--to=sandals@crustytoothpaste.net \
--cc=alex@inferiorhumanorgans.com \
--cc=git@drmicha.warpmail.net \
--cc=git@vger.kernel.org \
--cc=l.s.r@web.de \
--cc=pclouds@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).