From a4cc18f2934b8d2f00c7c3e11107acb6bfafe2c6 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Sun, 21 Jun 2015 23:14:38 +0000 Subject: verify-tag: share code with verify-commit verify-tag was executing an entirely different codepath than verify-commit, except for the underlying verify_signed_buffer. Move much of the code from check_commit_signature to a generic check_signature function and adjust both codepaths to call it. Update verify-tag to explicitly output the signature text, as we now call verify_signed_buffer with strbufs to catch the output, which prevents it from being printed automatically. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- gpg-interface.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'gpg-interface.c') diff --git a/gpg-interface.c b/gpg-interface.c index 68b0c814f7..66dbee25b3 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -60,6 +60,29 @@ void parse_gpg_output(struct signature_check *sigc) } } +void check_signature(const char *payload, size_t plen, const char *signature, + size_t slen, struct signature_check *sigc) +{ + struct strbuf gpg_output = STRBUF_INIT; + struct strbuf gpg_status = STRBUF_INIT; + int status; + + sigc->result = 'N'; + + status = verify_signed_buffer(payload, plen, signature, slen, + &gpg_output, &gpg_status); + if (status && !gpg_output.len) + goto out; + sigc->payload = xmemdupz(payload, plen); + sigc->gpg_output = strbuf_detach(&gpg_output, NULL); + sigc->gpg_status = strbuf_detach(&gpg_status, NULL); + parse_gpg_output(sigc); + + out: + strbuf_release(&gpg_status); + strbuf_release(&gpg_output); +} + /* * Look at GPG signed content (e.g. a signed tag object), whose * payload is followed by a detached signature on it. Return the -- cgit v1.2.3 From 434060ec6d9bf50f095db901da3fb9b557e11df1 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Sun, 21 Jun 2015 23:14:40 +0000 Subject: gpg: centralize signature check verify-commit and verify-tag both share a central codepath for verifying commits: check_signature. However, verify-tag exited successfully for untrusted signature, while verify-commit exited unsuccessfully. Centralize this signature check and make verify-commit adopt the older verify-tag behavior. This behavior is more logical anyway, as the signature is in fact valid, whether or not there's a path of trust to the author. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- gpg-interface.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'gpg-interface.c') diff --git a/gpg-interface.c b/gpg-interface.c index 66dbee25b3..77a4da627e 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -60,7 +60,7 @@ void parse_gpg_output(struct signature_check *sigc) } } -void check_signature(const char *payload, size_t plen, const char *signature, +int check_signature(const char *payload, size_t plen, const char *signature, size_t slen, struct signature_check *sigc) { struct strbuf gpg_output = STRBUF_INIT; @@ -81,6 +81,8 @@ void check_signature(const char *payload, size_t plen, const char *signature, out: strbuf_release(&gpg_status); strbuf_release(&gpg_output); + + return sigc->result != 'G' && sigc->result != 'U'; } /* -- cgit v1.2.3 From ca194d50b84b53a0b711fef46d1a47657ec5da41 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Sun, 21 Jun 2015 23:14:41 +0000 Subject: gpg: centralize printing signature buffers The code to handle printing of signature data from a struct signature_check is very similar between verify-commit and verify-tag. Place this in a single function. verify-tag retains its special case behavior of printing the tag even when no valid signature is found. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- gpg-interface.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'gpg-interface.c') diff --git a/gpg-interface.c b/gpg-interface.c index 77a4da627e..e764fb625b 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -85,6 +85,15 @@ int check_signature(const char *payload, size_t plen, const char *signature, return sigc->result != 'G' && sigc->result != 'U'; } +void print_signature_buffer(const struct signature_check *sigc, unsigned flags) +{ + if (flags & GPG_VERIFY_VERBOSE && sigc->payload) + fputs(sigc->payload, stdout); + + if (sigc->gpg_output) + fputs(sigc->gpg_output, stderr); +} + /* * Look at GPG signed content (e.g. a signed tag object), whose * payload is followed by a detached signature on it. Return the -- cgit v1.2.3 From aeff29dd4dab01b497b2a2cf73e982e846a5fe4c Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Sun, 21 Jun 2015 23:14:42 +0000 Subject: verify-commit: add option to print raw gpg status information verify-commit by default displays human-readable output on standard error. However, it can also be useful to get access to the raw gpg status information, which is machine-readable, allowing automated implementation of signing policy. Add a --raw option to make verify-commit produce the gpg status information on standard error instead of the human-readable format. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- gpg-interface.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'gpg-interface.c') diff --git a/gpg-interface.c b/gpg-interface.c index e764fb625b..3dc2fe397e 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -87,11 +87,14 @@ int check_signature(const char *payload, size_t plen, const char *signature, void print_signature_buffer(const struct signature_check *sigc, unsigned flags) { + const char *output = flags & GPG_VERIFY_RAW ? + sigc->gpg_status : sigc->gpg_output; + if (flags & GPG_VERIFY_VERBOSE && sigc->payload) fputs(sigc->payload, stdout); - if (sigc->gpg_output) - fputs(sigc->gpg_output, stderr); + if (output) + fputs(output, stderr); } /* -- cgit v1.2.3