Re: [PATCHv2 3/6] verify-commit: scriptable commit signature verification

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jeff King <peff@peff.net>
To: Michael J Gruber <git@drmicha.warpmail.net>
Cc: git@vger.kernel.org, Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCHv2 3/6] verify-commit: scriptable commit signature verification
Date: Fri, 13 Jun 2014 07:19:45 -0400	[thread overview]
Message-ID: <20140613111945.GC14066@sigill.intra.peff.net> (raw)
In-Reply-To: <48984553eb1d9ac53dd4b9604af568e22c735109.1402655839.git.git@drmicha.warpmail.net>

On Fri, Jun 13, 2014 at 12:42:45PM +0200, Michael J Gruber wrote:

> +
> +	free(signature_check.gpg_output);
> +	free(signature_check.gpg_status);
> +	free(signature_check.signer);
> +	free(signature_check.key);
> +	return signature_check.result != 'G';
> +}

How about .payload here?

> +	type = sha1_object_info(sha1, NULL);
> +	if (type != OBJ_COMMIT)
> +		return error("%s: cannot verify a non-commit object of type %s.",
> +				name, typename(type));
> +
> +	buf = read_sha1_file(sha1, &type, &size);
> +	if (!buf)
> +		return error("%s: unable to read file.", name);

I think you can drop the sha1_object_info call and just check "type"
from read_sha1_file (they _should_ agree, but if they do not, I'd rather
pay attention to the one that came along with the buffer). And this is
the uncommon error path, so expanding the object into memory before we
die is not a big deal.

Should this peel to a commit if given a tag? I'd say probably. I know
you raised the issue elsewhere of keeping things simple, but I think if
you are calling verify-commit, you know you want a commit, and we should
treat the argument as a commit-ish. Anyway, if you go that route, then
lookup_commit_or_die is probably what you want.

Also, minor nit, but we typically do not end the error messages with a
full stop (we've been rather inconsistent in the past, but these days
seem to mostly settle on no punctuation).

-Peff

next prev parent reply	other threads:[~2014-06-13 11:19 UTC|newest]

Thread overview: 75+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-06 14:15 [PATCH 0/3] verify-commit: verify commit signatures Michael J Gruber
2014-06-06 14:15 ` [PATCH 1/3] pretty: free the gpg status buf Michael J Gruber
2014-06-06 14:15 ` [PATCH 2/3] gpg-interface: provide access to the payload Michael J Gruber
2014-06-13  7:55   ` Jeff King
2014-06-13  9:44     ` Michael J Gruber
2014-06-13 10:34       ` Jeff King
2014-06-06 14:15 ` [PATCH 3/3] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-11 19:48   ` Michael J Gruber
2014-06-13  8:02   ` Jeff King
2014-06-13  9:55     ` Michael J Gruber
2014-06-13 11:09       ` Jeff King
2014-06-13 17:06         ` Junio C Hamano
2014-06-16  9:21           ` Michael J Gruber
2014-06-16 19:54           ` Jeff King
2014-06-16 20:34             ` Junio C Hamano
2014-06-16 20:39               ` Jeff King
2014-06-27 12:31                 ` Michael J Gruber
2014-06-27 12:49                   ` Michael J Gruber
2014-06-27 13:06                     ` Michael J Gruber
2014-06-27 13:18                       ` [PATCH] log: correctly identify mergetag signature verification status Michael J Gruber
2014-06-28  0:44                         ` Jeff King
2014-07-10 22:27                           ` Junio C Hamano
2014-06-27 13:50                     ` [PATCH 3/3] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-27 18:55                       ` Junio C Hamano
2014-06-27 18:36                     ` Junio C Hamano
2014-06-28  0:32                       ` Jeff King
2014-06-30  6:14                         ` Junio C Hamano
2014-06-13 10:42 ` [PATCHv2 0/6] verify-commit: verify commit signatures Michael J Gruber
2014-06-13 10:42   ` [PATCHv2 1/6] pretty: free the gpg status buf Michael J Gruber
2014-06-13 11:39     ` Jeff King
2014-06-13 10:42   ` [PATCHv2 2/6] gpg-interface: provide access to the payload Michael J Gruber
2014-06-13 10:42   ` [PATCHv2 3/6] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-13 11:19     ` Jeff King [this message]
2014-06-13 11:45       ` Michael J Gruber
2014-06-13 11:50         ` Jeff King
2014-06-13 12:12           ` Michael J Gruber
2014-06-13 10:42   ` [PATCHv2 4/6] t7510: exit for loop with test result Michael J Gruber
2014-06-13 11:46     ` Jeff King
2014-06-13 12:04       ` Michael J Gruber
2014-06-13 12:22         ` Michael J Gruber
2014-06-13 12:33           ` Michael J Gruber
2014-06-13 12:45             ` Jeff King
2014-06-13 12:54             ` Johannes Sixt
2014-06-13 13:06               ` Michael J Gruber
2014-06-13 13:21                 ` Johannes Sixt
2014-06-13 13:30                   ` Jeff King
2014-06-13 13:31                   ` Michael J Gruber
2014-06-13 13:42                     ` Johannes Sixt
2014-06-13 18:23       ` Junio C Hamano
2014-06-13 10:42   ` [PATCHv2 5/6] t7510: test verify-commit Michael J Gruber
2014-06-13 11:51     ` Jeff King
2014-06-13 12:14       ` Michael J Gruber
2014-06-13 18:16         ` Junio C Hamano
2014-06-13 10:42   ` [PATCHv2 6/6] gpg-interface: provide clear helper for struct signature_check Michael J Gruber
2014-06-23  7:05   ` [PATCHv3 0/5] verify-commit: verify commit signatures Michael J Gruber
2014-06-23  7:05     ` [PATCHv3 1/5] gpg-interface: provide clear helper for struct signature_check Michael J Gruber
2014-06-23  7:05     ` [PATCHv3 2/5] gpg-interface: provide access to the payload Michael J Gruber
2014-06-23  7:05     ` [PATCHv3 3/5] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-23  7:05     ` [PATCHv3 4/5] t7510: exit for loop with test result Michael J Gruber
2014-06-23  7:05     ` [PATCHv3 5/5] t7510: test verify-commit Michael J Gruber
2014-06-23 23:02       ` Junio C Hamano
2014-06-23 17:28     ` [PATCHv3 0/5] verify-commit: verify commit signatures Jeff King
2014-06-23 17:52       ` Junio C Hamano
2014-06-23 21:09         ` Jeff King
2014-06-23 21:23           ` Junio C Hamano
2014-06-27 14:13             ` [PATCHv4 0/4] " Michael J Gruber
2014-06-27 14:13               ` [PATCHv4 1/4] gpg-interface: provide clear helper for struct signature_check Michael J Gruber
2014-06-27 14:13               ` [PATCHv4 2/4] gpg-interface: provide access to the payload Michael J Gruber
2014-06-27 14:13               ` [PATCHv4 3/4] verify-commit: scriptable commit signature verification Michael J Gruber
2014-06-27 14:13               ` [PATCHv4 4/4] t7510: test verify-commit Michael J Gruber
2014-06-27 19:32                 ` Junio C Hamano
2014-06-27 20:26                   ` Michael J Gruber
2014-06-27 19:07               ` [PATCHv4 0/4] verify-commit: verify commit signatures Junio C Hamano
2014-06-28  0:48                 ` Jeff King
2014-06-28  0:49               ` Jeff King

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140613111945.GC14066@sigill.intra.peff.net \
    --to=peff@peff.net \
    --cc=git@drmicha.warpmail.net \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).