diff options
author | Sebastian Götte <jaseg@physik.tu-berlin.de> | 2013-03-31 18:02:46 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2013-03-31 22:38:49 -0700 |
commit | eb307ae7bb78ccde4e2ac69f302ccf8834883628 (patch) | |
tree | 40bed8e400a5208b7c81ff94752133818014da6b /commit.c | |
parent | efed0022492b81bf59d29193c4ffe96492dd9e9b (diff) | |
download | git-eb307ae7bb78ccde4e2ac69f302ccf8834883628.tar.gz |
merge/pull Check for untrusted good GPG signatures
When --verify-signatures is specified, abort the merge in case a good
GPG signature from an untrusted key is encountered.
Signed-off-by: Sebastian Götte <jaseg@physik-pool.tu-berlin.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'commit.c')
-rw-r--r-- | commit.c | 14 |
1 files changed, 9 insertions, 5 deletions
@@ -1047,6 +1047,8 @@ static struct { } sigcheck_gpg_status[] = { { 'G', "\n[GNUPG:] GOODSIG " }, { 'B', "\n[GNUPG:] BADSIG " }, + { 'U', "\n[GNUPG:] TRUST_NEVER" }, + { 'U', "\n[GNUPG:] TRUST_UNDEFINED" }, }; static void parse_gpg_output(struct signature_check *sigc) @@ -1068,11 +1070,13 @@ static void parse_gpg_output(struct signature_check *sigc) found += strlen(sigcheck_gpg_status[i].check); } sigc->result = sigcheck_gpg_status[i].result; - sigc->key = xmemdupz(found, 16); - found += 17; - next = strchrnul(found, '\n'); - sigc->signer = xmemdupz(found, next - found); - break; + /* The trust messages are not followed by key/signer information */ + if (sigc->result != 'U') { + sigc->key = xmemdupz(found, 16); + found += 17; + next = strchrnul(found, '\n'); + sigc->signer = xmemdupz(found, next - found); + } } } |