From 434060ec6d9bf50f095db901da3fb9b557e11df1 Mon Sep 17 00:00:00 2001
From: "brian m. carlson" <sandals@crustytoothpaste.net>
Date: Sun, 21 Jun 2015 23:14:40 +0000
Subject: gpg: centralize signature check

verify-commit and verify-tag both share a central codepath for verifying
commits: check_signature.  However, verify-tag exited successfully for
untrusted signature, while verify-commit exited unsuccessfully.
Centralize this signature check and make verify-commit adopt the older
verify-tag behavior.  This behavior is more logical anyway, as the
signature is in fact valid, whether or not there's a path of trust to
the author.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 gpg-interface.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'gpg-interface.c')

diff --git a/gpg-interface.c b/gpg-interface.c
index 66dbee25b3..77a4da627e 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -60,7 +60,7 @@ void parse_gpg_output(struct signature_check *sigc)
 	}
 }
 
-void check_signature(const char *payload, size_t plen, const char *signature,
+int check_signature(const char *payload, size_t plen, const char *signature,
 	size_t slen, struct signature_check *sigc)
 {
 	struct strbuf gpg_output = STRBUF_INIT;
@@ -81,6 +81,8 @@ void check_signature(const char *payload, size_t plen, const char *signature,
  out:
 	strbuf_release(&gpg_status);
 	strbuf_release(&gpg_output);
+
+	return sigc->result != 'G' && sigc->result != 'U';
 }
 
 /*
-- 
cgit v1.2.3