summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSebastian Götte <jaseg@physik.tu-berlin.de>2013-03-31 18:00:14 +0200
committerJunio C Hamano <gitster@pobox.com>2013-03-31 19:15:11 -0700
commitffb6d7d5c99e4097e512def20b0133b7ee900953 (patch)
tree12ec48239c5fb7d5e0ee25b2c5a2f58c0208a9c0
parent8617715cc09b7422fe31189f9476f6ade73ede70 (diff)
downloadgit-ffb6d7d5c99e4097e512def20b0133b7ee900953.tar.gz
Move commit GPG signature verification to commit.c
Signed-off-by: Sebastian Götte <jaseg@physik-pool.tu-berlin.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r--commit.c59
-rw-r--r--commit.h10
-rw-r--r--gpg-interface.h11
-rw-r--r--pretty.c91
4 files changed, 93 insertions, 78 deletions
diff --git a/commit.c b/commit.c
index b4512ab0b2..66a3f4e8f4 100644
--- a/commit.c
+++ b/commit.c
@@ -1041,6 +1041,65 @@ free_return:
free(buf);
}
+static struct {
+ char result;
+ const char *check;
+} sigcheck_gpg_status[] = {
+ { 'G', "\n[GNUPG:] GOODSIG " },
+ { 'B', "\n[GNUPG:] BADSIG " },
+};
+
+static void parse_gpg_output(struct signature_check *sigc)
+{
+ const char *buf = sigc->gpg_status;
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
+ const char *found = strstr(buf, sigcheck_gpg_status[i].check);
+ const char *next;
+ if (!found)
+ continue;
+ sigc->result = sigcheck_gpg_status[i].result;
+ found += strlen(sigcheck_gpg_status[i].check);
+ sigc->key = xmemdupz(found, 16);
+ found += 17;
+ next = strchrnul(found, '\n');
+ sigc->signer = xmemdupz(found, next - found);
+ break;
+ }
+}
+
+void check_commit_signature(const struct commit* commit, struct signature_check *sigc)
+{
+ struct strbuf payload = STRBUF_INIT;
+ struct strbuf signature = STRBUF_INIT;
+ struct strbuf gpg_output = STRBUF_INIT;
+ struct strbuf gpg_status = STRBUF_INIT;
+ int status;
+
+ sigc->result = 'N';
+
+ if (parse_signed_commit(commit->object.sha1,
+ &payload, &signature) <= 0)
+ goto out;
+ status = verify_signed_buffer(payload.buf, payload.len,
+ signature.buf, signature.len,
+ &gpg_output, &gpg_status);
+ if (status && !gpg_output.len)
+ goto out;
+ sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
+ sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
+ parse_gpg_output(sigc);
+
+ out:
+ strbuf_release(&gpg_status);
+ strbuf_release(&gpg_output);
+ strbuf_release(&payload);
+ strbuf_release(&signature);
+}
+
+
+
void append_merge_tag_headers(struct commit_list *parents,
struct commit_extra_header ***tail)
{
diff --git a/commit.h b/commit.h
index 2d90d9c27c..c24b844ad6 100644
--- a/commit.h
+++ b/commit.h
@@ -5,6 +5,7 @@
#include "tree.h"
#include "strbuf.h"
#include "decorate.h"
+#include "gpg-interface.h"
struct commit_list {
struct commit *item;
@@ -232,4 +233,13 @@ extern void print_commit_list(struct commit_list *list,
const char *format_cur,
const char *format_last);
+/*
+ * Check the signature of the given commit. The result of the check is stored in
+ * sig->result, 'G' for a good signature, 'B' for a bad signature and 'N'
+ * for no signature at all.
+ * This may allocate memory for sig->gpg_output, sig->gpg_status, sig->signer
+ * and sig->key.
+ */
+extern void check_commit_signature(const struct commit* commit, struct signature_check *sigc);
+
#endif /* COMMIT_H */
diff --git a/gpg-interface.h b/gpg-interface.h
index cf99021842..5884aa4052 100644
--- a/gpg-interface.h
+++ b/gpg-interface.h
@@ -1,6 +1,17 @@
#ifndef GPG_INTERFACE_H
#define GPG_INTERFACE_H
+struct signature_check {
+ char *gpg_output;
+ char *gpg_status;
+ char result; /* 0 (not checked),
+ * N (checked but no further result),
+ * G (good)
+ * B (bad) */
+ char *signer;
+ char *key;
+};
+
extern int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key);
extern int verify_signed_buffer(const char *payload, size_t payload_size, const char *signature, size_t signature_size, struct strbuf *gpg_output, struct strbuf *gpg_status);
extern int git_gpg_config(const char *, const char *, void *);
diff --git a/pretty.c b/pretty.c
index 41f04e669d..35b592ad83 100644
--- a/pretty.c
+++ b/pretty.c
@@ -766,14 +766,7 @@ struct format_commit_context {
const struct pretty_print_context *pretty_ctx;
unsigned commit_header_parsed:1;
unsigned commit_message_parsed:1;
- unsigned commit_signature_parsed:1;
- struct {
- char *gpg_output;
- char *gpg_status;
- char good_bad;
- char *signer;
- char *key;
- } signature;
+ struct signature_check signature_check;
char *message;
size_t width, indent1, indent2;
@@ -956,64 +949,6 @@ static void rewrap_message_tail(struct strbuf *sb,
c->indent2 = new_indent2;
}
-static struct {
- char result;
- const char *check;
-} signature_check[] = {
- { 'G', "\n[GNUPG:] GOODSIG " },
- { 'B', "\n[GNUPG:] BADSIG " },
-};
-
-static void parse_signature_lines(struct format_commit_context *ctx)
-{
- const char *buf = ctx->signature.gpg_status;
- int i;
-
- for (i = 0; i < ARRAY_SIZE(signature_check); i++) {
- const char *found = strstr(buf, signature_check[i].check);
- const char *next;
- if (!found)
- continue;
- ctx->signature.good_bad = signature_check[i].result;
- found += strlen(signature_check[i].check);
- ctx->signature.key = xmemdupz(found, 16);
- found += 17;
- next = strchrnul(found, '\n');
- ctx->signature.signer = xmemdupz(found, next - found);
- break;
- }
-}
-
-static void parse_commit_signature(struct format_commit_context *ctx)
-{
- struct strbuf payload = STRBUF_INIT;
- struct strbuf signature = STRBUF_INIT;
- struct strbuf gpg_output = STRBUF_INIT;
- struct strbuf gpg_status = STRBUF_INIT;
- int status;
-
- ctx->commit_signature_parsed = 1;
-
- if (parse_signed_commit(ctx->commit->object.sha1,
- &payload, &signature) <= 0)
- goto out;
- status = verify_signed_buffer(payload.buf, payload.len,
- signature.buf, signature.len,
- &gpg_output, &gpg_status);
- if (status && !gpg_output.len)
- goto out;
- ctx->signature.gpg_output = strbuf_detach(&gpg_output, NULL);
- ctx->signature.gpg_status = strbuf_detach(&gpg_status, NULL);
- parse_signature_lines(ctx);
-
- out:
- strbuf_release(&gpg_status);
- strbuf_release(&gpg_output);
- strbuf_release(&payload);
- strbuf_release(&signature);
-}
-
-
static int format_reflog_person(struct strbuf *sb,
char part,
struct reflog_walk_info *log,
@@ -1199,27 +1134,27 @@ static size_t format_commit_one(struct strbuf *sb, const char *placeholder,
}
if (placeholder[0] == 'G') {
- if (!c->commit_signature_parsed)
- parse_commit_signature(c);
+ if (!c->signature_check.result)
+ check_commit_signature(c->commit, &(c->signature_check));
switch (placeholder[1]) {
case 'G':
- if (c->signature.gpg_output)
- strbuf_addstr(sb, c->signature.gpg_output);
+ if (c->signature_check.gpg_output)
+ strbuf_addstr(sb, c->signature_check.gpg_output);
break;
case '?':
- switch (c->signature.good_bad) {
+ switch (c->signature_check.result) {
case 'G':
case 'B':
- strbuf_addch(sb, c->signature.good_bad);
+ strbuf_addch(sb, c->signature_check.result);
}
break;
case 'S':
- if (c->signature.signer)
- strbuf_addstr(sb, c->signature.signer);
+ if (c->signature_check.signer)
+ strbuf_addstr(sb, c->signature_check.signer);
break;
case 'K':
- if (c->signature.key)
- strbuf_addstr(sb, c->signature.key);
+ if (c->signature_check.key)
+ strbuf_addstr(sb, c->signature_check.key);
break;
}
return 2;
@@ -1357,8 +1292,8 @@ void format_commit_message(const struct commit *commit,
rewrap_message_tail(sb, &context, 0, 0, 0);
logmsg_free(context.message, commit);
- free(context.signature.gpg_output);
- free(context.signature.signer);
+ free(context.signature_check.gpg_output);
+ free(context.signature_check.signer);
}
static void pp_header(const struct pretty_print_context *pp,