* why is tagger header optional?
@ 2010-01-19 6:09 Shawn O. Pearce
2010-01-19 6:31 ` Junio C Hamano
2010-01-19 6:44 ` Jeff King
0 siblings, 2 replies; 6+ messages in thread
From: Shawn O. Pearce @ 2010-01-19 6:09 UTC (permalink / raw)
To: git
So why is it legal to omit the tagger header from a tag?
E.g. the Linux kernel tag v2.6.12 has no tagger header:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=tag;h=26791a8bcf0e6d33f43aef7682bdb555236d56de
JGit is currently failing on this tag, because its fsck
implementation demands that a tag have a tagger header
that can be parsed as a person identity.
Looking at tag.c's parse_tag_buffer(), the variable sig_line seems
to be expected to point at the "tagger " header (given its name),
but its not actually validated as such.
Is there a version of Git floating around that doesn't create a
tagger header when creating a signed tag? WTF?
--
Shawn.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: why is tagger header optional?
2010-01-19 6:09 why is tagger header optional? Shawn O. Pearce
@ 2010-01-19 6:31 ` Junio C Hamano
2010-01-19 6:32 ` Shawn O. Pearce
2010-01-19 6:44 ` Jeff King
1 sibling, 1 reply; 6+ messages in thread
From: Junio C Hamano @ 2010-01-19 6:31 UTC (permalink / raw)
To: Shawn O. Pearce; +Cc: git
"Shawn O. Pearce" <spearce@spearce.org> writes:
> So why is it legal to omit the tagger header from a tag?
>
> E.g. the Linux kernel tag v2.6.12 has no tagger header:
We didn't.add tagger line until c818566 ([PATCH] Update tags to record who
made them, 2005-07-14), which is v0.99.1~9
Linux 2.6.12 is a lot older than that. v2.6.13-rc4 in late July is the
first one with tagger.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: why is tagger header optional?
2010-01-19 6:31 ` Junio C Hamano
@ 2010-01-19 6:32 ` Shawn O. Pearce
2010-01-19 6:35 ` Junio C Hamano
0 siblings, 1 reply; 6+ messages in thread
From: Shawn O. Pearce @ 2010-01-19 6:32 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
Junio C Hamano <gitster@pobox.com> wrote:
> "Shawn O. Pearce" <spearce@spearce.org> writes:
>
> > So why is it legal to omit the tagger header from a tag?
> >
> > E.g. the Linux kernel tag v2.6.12 has no tagger header:
>
> We didn't.add tagger line until c818566 ([PATCH] Update tags to record who
> made them, 2005-07-14), which is v0.99.1~9
>
> Linux 2.6.12 is a lot older than that. v2.6.13-rc4 in late July is the
> first one with tagger.
Ugh. So its like the 100640 or whatever mode tags in the kernel
trees that are also considered bogus by today's standards, but have
to be allowed because of the kernel history.
Thanks.
--
Shawn.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: why is tagger header optional?
2010-01-19 6:32 ` Shawn O. Pearce
@ 2010-01-19 6:35 ` Junio C Hamano
2010-01-19 6:37 ` Shawn O. Pearce
0 siblings, 1 reply; 6+ messages in thread
From: Junio C Hamano @ 2010-01-19 6:35 UTC (permalink / raw)
To: Shawn O. Pearce; +Cc: Junio C Hamano, git
"Shawn O. Pearce" <spearce@spearce.org> writes:
> Junio C Hamano <gitster@pobox.com> wrote:
>> "Shawn O. Pearce" <spearce@spearce.org> writes:
>>
>> > So why is it legal to omit the tagger header from a tag?
>> >
>> > E.g. the Linux kernel tag v2.6.12 has no tagger header:
>>
>> We didn't.add tagger line until c818566 ([PATCH] Update tags to record who
>> made them, 2005-07-14), which is v0.99.1~9
>>
>> Linux 2.6.12 is a lot older than that. v2.6.13-rc4 in late July is the
>> first one with tagger.
>
> Ugh. So its like the 100640 or whatever mode tags in the kernel
> trees that are also considered bogus by today's standards, but have
> to be allowed because of the kernel history.
Yeah; don't we have "fsck --strict" or something to take the distinction
into account, though? I don't recall if lack of tagger triggers the check
offhand and I am too lazy to check.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: why is tagger header optional?
2010-01-19 6:35 ` Junio C Hamano
@ 2010-01-19 6:37 ` Shawn O. Pearce
0 siblings, 0 replies; 6+ messages in thread
From: Shawn O. Pearce @ 2010-01-19 6:37 UTC (permalink / raw)
To: Junio C Hamano; +Cc: git
Junio C Hamano <gitster@pobox.com> wrote:
> "Shawn O. Pearce" <spearce@spearce.org> writes:
> > Junio C Hamano <gitster@pobox.com> wrote:
> >> "Shawn O. Pearce" <spearce@spearce.org> writes:
> >>
> >> > So why is it legal to omit the tagger header from a tag?
> >> >
> >> > E.g. the Linux kernel tag v2.6.12 has no tagger header:
> >>
> >> We didn't.add tagger line until c818566 ([PATCH] Update tags to record who
> >> made them, 2005-07-14), which is v0.99.1~9
> >>
> >> Linux 2.6.12 is a lot older than that. v2.6.13-rc4 in late July is the
> >> first one with tagger.
> >
> > Ugh. So its like the 100640 or whatever mode tags in the kernel
> > trees that are also considered bogus by today's standards, but have
> > to be allowed because of the kernel history.
>
> Yeah; don't we have "fsck --strict" or something to take the distinction
> into account, though? I don't recall if lack of tagger triggers the check
> offhand and I am too lazy to check.
I don't think it does under --strict. But yea, we do have --strict
for the non-kernel repositories.
This came up because Gerrit Code Review asks JGit to do fsck during
receive of objects from a client, JGit's tag fsck is too strict
and demands a "tagger " header, but someone was trying to push this
old tag from the Linux kernel into an empty repository.
I'll have to relax our tag fsck code in JGit and make the header
optional.
--
Shawn.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: why is tagger header optional?
2010-01-19 6:09 why is tagger header optional? Shawn O. Pearce
2010-01-19 6:31 ` Junio C Hamano
@ 2010-01-19 6:44 ` Jeff King
1 sibling, 0 replies; 6+ messages in thread
From: Jeff King @ 2010-01-19 6:44 UTC (permalink / raw)
To: Shawn O. Pearce; +Cc: git
On Mon, Jan 18, 2010 at 10:09:46PM -0800, Shawn O. Pearce wrote:
> So why is it legal to omit the tagger header from a tag?
>
> E.g. the Linux kernel tag v2.6.12 has no tagger header:
I think you just answered your own question. We must support tagger-less
tags because they exist in important projects like the kernel. :)
> [...]
> Is there a version of Git floating around that doesn't create a
> tagger header when creating a signed tag? WTF?
Everything prior to c818566 ([PATCH] Update tags to record who made
them, 2005-07-14). So probably nothing that anybody is using now, but
v2.6.12 was one of the first tags made.
> Looking at tag.c's parse_tag_buffer(), the variable sig_line seems
> to be expected to point at the "tagger " header (given its name),
> but its not actually validated as such.
Actually, that variable name predates the patch above, so I suspect
"sig" meant "GPG signature". At any rate, as you can see, git doesn't
verify it, and the code for "git show v2.6.12" in
builtin-log.c:show_object handles the taggerless case as well. I don't
think anything else actually looks at the tagger. verify-tag treats the
signed data as opaque, and just shows the identity of the actual signer.
-Peff
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-01-19 6:48 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-19 6:09 why is tagger header optional? Shawn O. Pearce
2010-01-19 6:31 ` Junio C Hamano
2010-01-19 6:32 ` Shawn O. Pearce
2010-01-19 6:35 ` Junio C Hamano
2010-01-19 6:37 ` Shawn O. Pearce
2010-01-19 6:44 ` Jeff King
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).