git/gpg-interface.c, branch v2.1.2

gpg-interface: provide access to the payload

2014-06-23T22:50:30Z

In contrast to tag signatures, commit signatures are put into the header, that is between the other header parts and commit messages. Provide access to the commit content sans the signature, which is the payload that is actually signed. Commit signature verification does the parsing anyways, and callers may wish to act on or display the commit object sans the signature. Signed-off-by: Michael J Gruber Signed-off-by: Junio C Hamano

gpg-interface: provide clear helper for struct signature_check

2014-06-23T22:50:29Z

The struct has been growing members whose malloced memory needs to be freed. Do this with one helper function so that no malloced memory shall be left unfreed. Signed-off-by: Michael J Gruber Signed-off-by: Junio C Hamano

Merge branch 'mg/gpg-interface-using-status'

2013-03-21T21:02:55Z

Call "gpg" using the right API when validating the signature on tags. * mg/gpg-interface-using-status: pretty: make %GK output the signing key for signed commits pretty: parse the gpg status lines rather than the output gpg_interface: allow to request status return log-tree: rely upon the check in the gpg_interface gpg-interface: check good signature in a reliable way

gpg_interface: allow to request status return

2013-02-14T17:30:04Z

Currently, verify_signed_buffer() returns the user facing output only. Allow callers to request the status output also. Signed-off-by: Michael J Gruber Signed-off-by: Junio C Hamano

gpg-interface: check good signature in a reliable way

2013-02-14T17:27:40Z

Currently, verify_signed_buffer() only checks the return code of gpg, and some callers implement additional unreliable checks for "Good signature" in the gpg output meant for the user. Use the status output instead and parse for a line beinning with "[GNUPG:] GOODSIG ". This is the only reliable way of checking for a good gpg signature. If needed we can change this easily to "[GNUPG:] VALIDSIG " if we want to take into account the trust model. Signed-off-by: Michael J Gruber Signed-off-by: Junio C Hamano

Merge branch 'sb/gpg-plug-fd-leak' into maint

2013-02-07T23:14:54Z

We forgot to close the file descriptor reading from "gpg" output, killing "git log --show-signature" on a long history. * sb/gpg-plug-fd-leak: gpg: close stderr once finished with it in verify_signed_buffer()

Merge branch 'sb/gpg-i18n'

2013-02-07T22:41:34Z

* sb/gpg-i18n: gpg: allow translation of more error messages

Merge branch 'sb/gpg-plug-fd-leak'

2013-02-06T00:12:43Z

gpg: close stderr once finished with it in verify_signed_buffer()

2013-01-31T19:10:44Z

Failing to close the stderr pipe in verify_signed_buffer() causes git to run out of file descriptors if there are many calls to verify_signed_buffer(). An easy way to trigger this is to run git log --show-signature --merges | grep "key" on the linux kernel git repo. Eventually it will fail with error: cannot create pipe for gpg: Too many open files error: could not run gpg. Close the stderr pipe so that this can't happen. Suggested-by: Jeff King Signed-off-by: Stephen Boyd Signed-off-by: Junio C Hamano

gpg: allow translation of more error messages

2013-01-31T19:10:26Z

Mark these strings for translation so that error messages are printed in the user's language of choice. Signed-off-by: Stephen Boyd Reviewed-by: Jonathan Nieder Signed-off-by: Junio C Hamano