summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael J Gruber <git@drmicha.warpmail.net>2013-02-14 17:04:42 +0100
committerJunio C Hamano <gitster@pobox.com>2013-02-14 09:27:40 -0800
commitb60b7566c04e5f54c0e40229c1716d99d834ab68 (patch)
tree4716daef7db8be4d742a6f98a31cbe37c78e7f55
parentd32805dce7bdc45a3e4045e999fc5d56e3b46a82 (diff)
downloadgit-b60b7566c04e5f54c0e40229c1716d99d834ab68.tar.gz
gpg-interface: check good signature in a reliable way
Currently, verify_signed_buffer() only checks the return code of gpg, and some callers implement additional unreliable checks for "Good signature" in the gpg output meant for the user. Use the status output instead and parse for a line beinning with "[GNUPG:] GOODSIG ". This is the only reliable way of checking for a good gpg signature. If needed we can change this easily to "[GNUPG:] VALIDSIG " if we want to take into account the trust model. Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--gpg-interface.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/gpg-interface.c b/gpg-interface.c
index 5f142f6198..f700b4c30d 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -96,15 +96,17 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig
/*
* Run "gpg" to see if the payload matches the detached signature.
* gpg_output, when set, receives the diagnostic output from GPG.
+ * gpg_status, when set, receives the status output from GPG.
*/
int verify_signed_buffer(const char *payload, size_t payload_size,
const char *signature, size_t signature_size,
struct strbuf *gpg_output)
{
struct child_process gpg;
- const char *args_gpg[] = {NULL, "--verify", "FILE", "-", NULL};
+ const char *args_gpg[] = {NULL, "--status-fd=1", "--verify", "FILE", "-", NULL};
char path[PATH_MAX];
int fd, ret;
+ struct strbuf buf = STRBUF_INIT;
args_gpg[0] = gpg_program;
fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
@@ -119,9 +121,10 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
memset(&gpg, 0, sizeof(gpg));
gpg.argv = args_gpg;
gpg.in = -1;
+ gpg.out = -1;
if (gpg_output)
gpg.err = -1;
- args_gpg[2] = path;
+ args_gpg[3] = path;
if (start_command(&gpg)) {
unlink(path);
return error("could not run gpg.");
@@ -134,9 +137,15 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
strbuf_read(gpg_output, gpg.err, 0);
close(gpg.err);
}
+ strbuf_read(&buf, gpg.out, 0);
+ close(gpg.out);
+
ret = finish_command(&gpg);
unlink_or_warn(path);
+ ret |= !strstr(buf.buf, "\n[GNUPG:] GOODSIG ");
+ strbuf_release(&buf);
+
return ret;
}