diff options
author | brian m. carlson <sandals@crustytoothpaste.net> | 2020-02-22 20:17:42 +0000 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2020-02-24 09:33:30 -0800 |
commit | 42d4e1d1128fa1cb56032ac58f65ea3dd1296a9a (patch) | |
tree | fe7a1954c437e62ebe0a5bb7f0f82ff8fb70c114 /commit.c | |
parent | worktree: allow repository version 1 (diff) | |
download | tgif-42d4e1d1128fa1cb56032ac58f65ea3dd1296a9a.tar.xz |
commit: use expected signature header for SHA-256
The transition plan anticipates that we will allow signatures using
multiple algorithms in a single commit. In order to do so, we need to
use a different header per algorithm so that it will be obvious over
which data to compute the signature.
The transition plan specifies that we should use "gpgsig-sha256", so
wire up the commit code such that it can write and parse the current
algorithm, and it can remove the headers for any algorithm when creating
a new commit. Add tests to ensure that we write using the right header
and that git fsck doesn't reject these commits.
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'commit.c')
-rw-r--r-- | commit.c | 30 |
1 files changed, 23 insertions, 7 deletions
@@ -961,14 +961,22 @@ cleanup_return: return ret; } -static const char gpg_sig_header[] = "gpgsig"; -static const int gpg_sig_header_len = sizeof(gpg_sig_header) - 1; +/* + * Indexed by hash algorithm identifier. + */ +static const char *gpg_sig_headers[] = { + NULL, + "gpgsig", + "gpgsig-sha256", +}; static int do_sign_commit(struct strbuf *buf, const char *keyid) { struct strbuf sig = STRBUF_INIT; int inspos, copypos; const char *eoh; + const char *gpg_sig_header = gpg_sig_headers[hash_algo_by_ptr(the_hash_algo)]; + int gpg_sig_header_len = strlen(gpg_sig_header); /* find the end of the header */ eoh = strstr(buf->buf, "\n\n"); @@ -1010,6 +1018,8 @@ int parse_signed_commit(const struct commit *commit, const char *buffer = get_commit_buffer(commit, &size); int in_signature, saw_signature = -1; const char *line, *tail; + const char *gpg_sig_header = gpg_sig_headers[hash_algo_by_ptr(the_hash_algo)]; + int gpg_sig_header_len = strlen(gpg_sig_header); line = buffer; tail = buffer + size; @@ -1056,11 +1066,17 @@ int remove_signature(struct strbuf *buf) if (in_signature && line[0] == ' ') sig_end = next; - else if (starts_with(line, gpg_sig_header) && - line[gpg_sig_header_len] == ' ') { - sig_start = line; - sig_end = next; - in_signature = 1; + else if (starts_with(line, "gpgsig")) { + int i; + for (i = 1; i < GIT_HASH_NALGOS; i++) { + const char *p; + if (skip_prefix(line, gpg_sig_headers[i], &p) && + *p == ' ') { + sig_start = line; + sig_end = next; + in_signature = 1; + } + } } else { if (*line == '\n') /* dump the whole remainder of the buffer */ |