* GnuPG commit signature verification ignores GPG's status-fd and status-file options
@ 2013-04-09 11:58 Not Sure
2013-04-09 15:22 ` Thomas Rast
0 siblings, 1 reply; 2+ messages in thread
From: Not Sure @ 2013-04-09 11:58 UTC (permalink / raw)
To: git
Starting with the newest git version 1.8.2.1, the signature checking
code somehow ignores GPG's status-fd and status-file options, which are
THE way to machine parse GPG's output (seee [1])
How to reproduce:
1. Put the following line in your ~/.gnupg/gpg.conf file:
status-fd 1
2. Produce a singed commit:
git commit -aS -m "signed test commit"
3. Let git check the signature:
git log -n 1 --show-signature | cat
Output:
Commit 104cffdaaaaed653aasdddddddddd
gpg: Signature made Tue 09 Apr 2013 01:09:09 PM CEST using RSA key ID
12345678
gpg: Good signature from "User"
Author: user <usermail>
Missing from output is the machine parsable GPG information:
[GNUPG:] SIG_ID sorvifhoerui/asidunb 2013-04-09 23947273
[GNUPG:] GOODSIG 433811111111111324 User <usermail>
[GNUPG:] VALIDSIG ddddddddddddddddddfsjidjfv 2013-04-09 aoidfjidh0 0 4 0
1 2 00 oshidvoo444444ddddddddd
[GNUPG:] TRUST_ULTIMATE
Note: The git-log format specifiers %GG, %G?, %GK, ... do not provide
enough information, as they, for example, do not provide the
information, that the signature is valid, if the key is untrusted (which
will simply leed to a "bad" signature).
[1]
http://www.gnupg.org/documentation/manuals/gnupg-devel/Unattended-Usage.html#Unattended-Usage
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: GnuPG commit signature verification ignores GPG's status-fd and status-file options
2013-04-09 11:58 GnuPG commit signature verification ignores GPG's status-fd and status-file options Not Sure
@ 2013-04-09 15:22 ` Thomas Rast
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Rast @ 2013-04-09 15:22 UTC (permalink / raw)
To: Not Sure; +Cc: git
Not Sure <kuerzn@googlemail.com> writes:
> Starting with the newest git version 1.8.2.1, the signature checking
[...]
> Missing from output is the machine parsable GPG information:
>
> [GNUPG:] SIG_ID sorvifhoerui/asidunb 2013-04-09 23947273
> [GNUPG:] GOODSIG 433811111111111324 User <usermail>
> [GNUPG:] VALIDSIG ddddddddddddddddddfsjidjfv 2013-04-09 aoidfjidh0 0 4 0
> 1 2 00 oshidvoo444444ddddddddd
> [GNUPG:] TRUST_ULTIMATE
I suspect that's because since b60b756 (gpg-interface: check good
signature in a reliable way, 2013-02-14), Git parses the above output.
Also, in e290c4b (pretty printing: extend %G? to include 'N' and 'U',
2013-03-31) which is currently in master, this was fixed:
> Note: The git-log format specifiers %GG, %G?, %GK, ... do not provide
> enough information
Is anything else missing?
--
Thomas Rast
trast@{inf,student}.ethz.ch
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-04-09 15:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-04-09 11:58 GnuPG commit signature verification ignores GPG's status-fd and status-file options Not Sure
2013-04-09 15:22 ` Thomas Rast
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).