From: Michael J Gruber <git@drmicha.warpmail.net>
To: git@vger.kernel.org
Cc: Jeff King <peff@peff.net>, ZhenTian <loooseleaves@gmail.com>
Subject: [PATCHv3] gpg-interface: check gpg signature creation status
Date: Tue, 14 Jun 2016 16:44:18 +0200 [thread overview]
Message-ID: <8e08b63b58302b6e7fe91f0dfb5b476781bfd37d.1465915311.git.git@drmicha.warpmail.net> (raw)
In-Reply-To: <26353a3d-e495-075f-4f84-b34a2420a6cf@drmicha.warpmail.net>
When we create a signature, it may happen that gpg returns with
"success" but not with an actual detached signature on stdout.
Check for the correct signature creation status to catch these cases
better. Really, --status-fd parsing is the only way to check gpg status
reliably. We do the same for verify already.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
That must be the real real thing now...
gpg-interface.c | 22 +++++++++++++++-------
t/t7004-tag.sh | 10 +++++++++-
2 files changed, 24 insertions(+), 8 deletions(-)
diff --git a/gpg-interface.c b/gpg-interface.c
index c4b1e8c..850dc81 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -150,17 +150,19 @@ const char *get_signing_key(void)
int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key)
{
struct child_process gpg = CHILD_PROCESS_INIT;
- const char *args[4];
- ssize_t len;
+ const char *args[5];
size_t i, j, bottom;
+ struct strbuf err = STRBUF_INIT;
gpg.argv = args;
gpg.in = -1;
gpg.out = -1;
+ gpg.err = -1;
args[0] = gpg_program;
- args[1] = "-bsau";
- args[2] = signing_key;
- args[3] = NULL;
+ args[1] = "--status-fd=2";
+ args[2] = "-bsau";
+ args[3] = signing_key;
+ args[4] = NULL;
if (start_command(&gpg))
return error(_("could not run gpg."));
@@ -174,19 +176,25 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig
if (write_in_full(gpg.in, buffer->buf, buffer->len) != buffer->len) {
close(gpg.in);
close(gpg.out);
+ close(gpg.err);
finish_command(&gpg);
return error(_("gpg did not accept the data"));
}
close(gpg.in);
bottom = signature->len;
- len = strbuf_read(signature, gpg.out, 1024);
+ strbuf_read(signature, gpg.out, 1024);
+ strbuf_read(&err, gpg.err, 0);
close(gpg.out);
+ close(gpg.err);
sigchain_pop(SIGPIPE);
- if (finish_command(&gpg) || !len || len < 0)
+ if (finish_command(&gpg) || !strstr(err.buf, "\n[GNUPG:] SIG_CREATED ")) {
+ strbuf_release(&err);
return error(_("gpg failed to sign the data"));
+ }
+ strbuf_release(&err);
/* Strip CR from the line endings, in case we are on Windows. */
for (i = j = bottom; i < signature->len; i++)
diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index f9b7d79..467e968 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -1202,10 +1202,18 @@ test_expect_success GPG,RFC1991 \
# try to sign with bad user.signingkey
git config user.signingkey BobTheMouse
test_expect_success GPG \
- 'git tag -s fails if gpg is misconfigured' \
+ 'git tag -s fails if gpg is misconfigured (bad key)' \
'test_must_fail git tag -s -m tail tag-gpg-failure'
git config --unset user.signingkey
+# try to produce invalid signature
+git config gpg.program echo
+test_expect_success GPG \
+ 'git tag -s fails if gpg is misconfigured (bad signature format)' \
+ 'test_must_fail git tag -s -m tail tag-gpg-failure'
+git config --unset gpg.program
+
+
# try to verify without gpg:
rm -rf gpghome
--
2.9.0.382.g87fd384
next prev parent reply other threads:[~2016-06-14 14:44 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-14 7:50 I lost my commit signature ZhenTian
2016-06-14 7:58 ` Jeff King
2016-06-14 8:09 ` ZhenTian
2016-06-14 8:18 ` Jeff King
2016-06-14 8:39 ` ZhenTian
2016-06-14 9:41 ` Jeff King
2016-06-14 9:56 ` ZhenTian
2016-06-14 10:57 ` Michael J Gruber
2016-06-14 11:11 ` [PATCH] gpg-interface: check gpg signature for correct header Michael J Gruber
2016-06-14 11:20 ` Jeff King
2016-06-14 11:34 ` Michael J Gruber
2016-06-14 11:58 ` Michael J Gruber
2016-06-14 12:05 ` [PATCHv2] " Michael J Gruber
2016-06-14 14:44 ` Michael J Gruber [this message]
2016-06-14 18:13 ` [PATCHv3] gpg-interface: check gpg signature creation status Junio C Hamano
2016-06-14 21:50 ` Jeff King
2016-06-14 22:26 ` Jeff King
2016-06-14 23:47 ` Junio C Hamano
2016-06-15 0:56 ` Jeff King
2016-06-15 7:17 ` Michael J Gruber
2016-06-16 9:25 ` Jeff King
2016-06-16 11:30 ` Michael J Gruber
2016-06-15 3:28 ` Jeff King
2016-06-15 4:27 ` I lost my commit signature ZhenTian
2016-06-15 4:34 ` Jeff King
2016-06-15 7:07 ` Michael J Gruber
2016-06-15 10:36 ` ZhenTian
2016-06-16 7:34 ` Jeff King
2016-06-16 17:06 ` Junio C Hamano
2016-06-17 8:18 ` Michael J Gruber
2016-06-17 16:39 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8e08b63b58302b6e7fe91f0dfb5b476781bfd37d.1465915311.git.git@drmicha.warpmail.net \
--to=git@drmicha.warpmail.net \
--cc=git@vger.kernel.org \
--cc=loooseleaves@gmail.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).