From 434060ec6d9bf50f095db901da3fb9b557e11df1 Mon Sep 17 00:00:00 2001 From: "brian m. carlson" Date: Sun, 21 Jun 2015 23:14:40 +0000 Subject: gpg: centralize signature check verify-commit and verify-tag both share a central codepath for verifying commits: check_signature. However, verify-tag exited successfully for untrusted signature, while verify-commit exited unsuccessfully. Centralize this signature check and make verify-commit adopt the older verify-tag behavior. This behavior is more logical anyway, as the signature is in fact valid, whether or not there's a path of trust to the author. Signed-off-by: brian m. carlson Signed-off-by: Junio C Hamano --- builtin/verify-commit.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'builtin/verify-commit.c') diff --git a/builtin/verify-commit.c b/builtin/verify-commit.c index ec0c4e3d83..e30f7cfbc1 100644 --- a/builtin/verify-commit.c +++ b/builtin/verify-commit.c @@ -21,10 +21,11 @@ static const char * const verify_commit_usage[] = { static int run_gpg_verify(const unsigned char *sha1, const char *buf, unsigned long size, int verbose) { struct signature_check signature_check; + int ret; memset(&signature_check, 0, sizeof(signature_check)); - check_commit_signature(lookup_commit(sha1), &signature_check); + ret = check_commit_signature(lookup_commit(sha1), &signature_check); if (verbose && signature_check.payload) fputs(signature_check.payload, stdout); @@ -33,7 +34,7 @@ static int run_gpg_verify(const unsigned char *sha1, const char *buf, unsigned l fputs(signature_check.gpg_output, stderr); signature_check_clear(&signature_check); - return signature_check.result != 'G'; + return ret; } static int verify_commit(const char *name, int verbose) -- cgit v1.2.1