[PATCH v2 2/7] verify-tag: share code with verify-commit

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "brian m. carlson" <sandals@crustytoothpaste.net>
To: git@vger.kernel.org
Cc: "René Scharfe" <l.s.r@web.de>,
	"Nguyễn Thái Ngọc Duy" <pclouds@gmail.com>,
	"Alex Zepeda" <alex@inferiorhumanorgans.com>,
	"Michael J Gruber" <git@drmicha.warpmail.net>
Subject: [PATCH v2 2/7] verify-tag: share code with verify-commit
Date: Sun, 21 Jun 2015 23:14:38 +0000	[thread overview]
Message-ID: <1434928483-105916-3-git-send-email-sandals@crustytoothpaste.net> (raw)
In-Reply-To: <1434928483-105916-1-git-send-email-sandals@crustytoothpaste.net>

verify-tag was executing an entirely different codepath than
verify-commit, except for the underlying verify_signed_buffer.  Move
much of the code from check_commit_signature to a generic
check_signature function and adjust both codepaths to call it.

Update verify-tag to explicitly output the signature text, as we now
call verify_signed_buffer with strbufs to catch the output, which
prevents it from being printed automatically.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
---
 builtin/verify-tag.c |  9 ++++++++-
 commit.c             | 15 +--------------
 gpg-interface.c      | 23 +++++++++++++++++++++++
 gpg-interface.h      |  2 ++
 4 files changed, 34 insertions(+), 15 deletions(-)

diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c
index 53c68fc..e1eb341 100644
--- a/builtin/verify-tag.c
+++ b/builtin/verify-tag.c
@@ -20,8 +20,11 @@ static const char * const verify_tag_usage[] = {
 
 static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
 {
+	struct signature_check sigc;
 	int len;
 
+	memset(&sigc, 0, sizeof(sigc));
+
 	len = parse_signature(buf, size);
 	if (verbose)
 		write_in_full(1, buf, len);
@@ -29,7 +32,11 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
 	if (size == len)
 		return error("no signature found");
 
-	return verify_signed_buffer(buf, len, buf + len, size - len, NULL, NULL);
+	check_signature(buf, len, buf + len, size - len, &sigc);
+	fputs(sigc.gpg_output, stderr);
+
+	signature_check_clear(&sigc);
+	return sigc.result != 'G' && sigc.result != 'U';
 }
 
 static int verify_tag(const char *name, int verbose)
diff --git a/commit.c b/commit.c
index 6e2103c..1e2e144 100644
--- a/commit.c
+++ b/commit.c
@@ -1236,27 +1236,14 @@ void check_commit_signature(const struct commit *commit, struct signature_check
 {
 	struct strbuf payload = STRBUF_INIT;
 	struct strbuf signature = STRBUF_INIT;
-	struct strbuf gpg_output = STRBUF_INIT;
-	struct strbuf gpg_status = STRBUF_INIT;
-	int status;
 
 	sigc->result = 'N';
 
 	if (parse_signed_commit(commit, &payload, &signature) <= 0)
 		goto out;
-	status = verify_signed_buffer(payload.buf, payload.len,
-				      signature.buf, signature.len,
-				      &gpg_output, &gpg_status);
-	if (status && !gpg_output.len)
-		goto out;
-	sigc->payload = strbuf_detach(&payload, NULL);
-	sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
-	sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
-	parse_gpg_output(sigc);
+	check_signature(payload.buf, payload.len, signature.buf, signature.len, sigc);
 
  out:
-	strbuf_release(&gpg_status);
-	strbuf_release(&gpg_output);
 	strbuf_release(&payload);
 	strbuf_release(&signature);
 }
diff --git a/gpg-interface.c b/gpg-interface.c
index 68b0c81..66dbee2 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -60,6 +60,29 @@ void parse_gpg_output(struct signature_check *sigc)
 	}
 }
 
+void check_signature(const char *payload, size_t plen, const char *signature,
+	size_t slen, struct signature_check *sigc)
+{
+	struct strbuf gpg_output = STRBUF_INIT;
+	struct strbuf gpg_status = STRBUF_INIT;
+	int status;
+
+	sigc->result = 'N';
+
+	status = verify_signed_buffer(payload, plen, signature, slen,
+				      &gpg_output, &gpg_status);
+	if (status && !gpg_output.len)
+		goto out;
+	sigc->payload = xmemdupz(payload, plen);
+	sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
+	sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
+	parse_gpg_output(sigc);
+
+ out:
+	strbuf_release(&gpg_status);
+	strbuf_release(&gpg_output);
+}
+
 /*
  * Look at GPG signed content (e.g. a signed tag object), whose
  * payload is followed by a detached signature on it.  Return the
diff --git a/gpg-interface.h b/gpg-interface.h
index 87a4f2e..043bcaa 100644
--- a/gpg-interface.h
+++ b/gpg-interface.h
@@ -27,5 +27,7 @@ extern int verify_signed_buffer(const char *payload, size_t payload_size, const
 extern int git_gpg_config(const char *, const char *, void *);
 extern void set_signing_key(const char *);
 extern const char *get_signing_key(void);
+extern void check_signature(const char *payload, size_t plen,
+	const char *signature, size_t slen, struct signature_check *sigc);
 
 #endif
-- 
2.4.0

next prev parent reply	other threads:[~2015-06-21 23:15 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-21 23:14 [PATCH v2 0/7] Raw gpg output support for verify-commit and verify-tag brian m. carlson
2015-06-21 23:14 ` [PATCH v2 1/7] verify-tag: add tests brian m. carlson
2015-06-21 23:14 ` brian m. carlson [this message]
2015-06-21 23:14 ` [PATCH v2 3/7] verify-commit: add test for exit status on untrusted signature brian m. carlson
2015-06-21 23:14 ` [PATCH v2 4/7] gpg: centralize signature check brian m. carlson
2015-06-21 23:14 ` [PATCH v2 5/7] gpg: centralize printing signature buffers brian m. carlson
2015-06-21 23:14 ` [PATCH v2 6/7] verify-commit: add option to print raw gpg status information brian m. carlson
2015-06-21 23:14 ` [PATCH v2 7/7] verify-tag: " brian m. carlson
2015-06-22  0:38 ` [PATCH v2 0/7] Raw gpg output support for verify-commit and verify-tag Junio C Hamano

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:53c68fc dfblob:e1eb341 dfblob:6e2103c dfblob:1e2e144
dfblob:68b0c81 dfblob:66dbee2 dfblob:87a4f2e dfblob:043bcaa )
 OR (
bs:"[PATCH v2 2/7] verify-tag: share code with verify-commit" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1434928483-105916-3-git-send-email-sandals@crustytoothpaste.net \
    --to=sandals@crustytoothpaste.net \
    --cc=alex@inferiorhumanorgans.com \
    --cc=git@drmicha.warpmail.net \
    --cc=git@vger.kernel.org \
    --cc=l.s.r@web.de \
    --cc=pclouds@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).