Mirror of https://git.kernel.org/pub/scm/git/git.git/ https://git.shady.money/git/atom?h=v2.6.2 2015-06-22T21:20:47Z 2015-06-22T21:20:47Z brian m. carlson sandals@crustytoothpaste.net 2015-06-21T23:14:42Z urn:sha1:aeff29dd4dab01b497b2a2cf73e982e846a5fe4c verify-commit by default displays human-readable output on standard error. However, it can also be useful to get access to the raw gpg status information, which is machine-readable, allowing automated implementation of signing policy. Add a --raw option to make verify-commit produce the gpg status information on standard error instead of the human-readable format. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-06-22T21:20:47Z brian m. carlson sandals@crustytoothpaste.net 2015-06-21T23:14:41Z urn:sha1:ca194d50b84b53a0b711fef46d1a47657ec5da41 The code to handle printing of signature data from a struct signature_check is very similar between verify-commit and verify-tag. Place this in a single function. verify-tag retains its special case behavior of printing the tag even when no valid signature is found. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-06-22T21:20:46Z brian m. carlson sandals@crustytoothpaste.net 2015-06-21T23:14:40Z urn:sha1:434060ec6d9bf50f095db901da3fb9b557e11df1 verify-commit and verify-tag both share a central codepath for verifying commits: check_signature. However, verify-tag exited successfully for untrusted signature, while verify-commit exited unsuccessfully. Centralize this signature check and make verify-commit adopt the older verify-tag behavior. This behavior is more logical anyway, as the signature is in fact valid, whether or not there's a path of trust to the author. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2015-06-22T21:20:45Z brian m. carlson sandals@crustytoothpaste.net 2015-06-21T23:14:38Z urn:sha1:a4cc18f2934b8d2f00c7c3e11107acb6bfafe2c6 verify-tag was executing an entirely different codepath than verify-commit, except for the underlying verify_signed_buffer. Move much of the code from check_commit_signature to a generic check_signature function and adjust both codepaths to call it. Update verify-tag to explicitly output the signature text, as we now call verify_signed_buffer with strbufs to catch the output, which prevents it from being printed automatically. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2014-09-15T20:23:20Z Junio C Hamano gitster@pobox.com 2014-08-19T20:18:07Z urn:sha1:d7c67668fe10184736bdfe953ed8dcbfdb57e0c2 Our signed-tag objects set the standard format used by Git to store GPG-signed payload (i.e. the payload followed by its detached signature) [*1*], and it made sense to have a helper to find the boundary between the payload and its signature in tag.c back then. Newer code added later to parse other kinds of objects that learned to use the same format to store GPG-signed payload (e.g. signed commits), however, kept using the helper from the same location. Move it to gpg-interface; the helper is no longer about signed tag, but it is how our code and data interact with GPG. [Reference] *1* http://thread.gmane.org/gmane.linux.kernel/297998/focus=1383 Signed-off-by: Junio C Hamano <gitster@pobox.com> 2014-09-15T20:23:20Z Junio C Hamano gitster@pobox.com 2014-08-14T22:31:13Z urn:sha1:a50e7ca3215492b16d96221cf762dbe71ed99722 Earlier, ffb6d7d5 (Move commit GPG signature verification to commit.c, 2013-03-31) moved this helper that used to be in pretty.c (i.e. the output code path) to commit.c for better reusability. It was a good first step in the right direction, but still suffers from a myopic view that commits will be the only thing we would ever want to sign---we would actually want to be able to reuse it even wider. The function interprets what GPG said; gpg-interface is obviously a better place. Move it there. Signed-off-by: Junio C Hamano <gitster@pobox.com> 2014-06-23T22:50:30Z Michael J Gruber git@drmicha.warpmail.net 2014-06-23T07:05:48Z urn:sha1:71c214c840782a67801fc8dbf5fe8a4f4fc62d01 In contrast to tag signatures, commit signatures are put into the header, that is between the other header parts and commit messages. Provide access to the commit content sans the signature, which is the payload that is actually signed. Commit signature verification does the parsing anyways, and callers may wish to act on or display the commit object sans the signature. Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2014-06-23T22:50:29Z Michael J Gruber git@drmicha.warpmail.net 2014-06-23T07:05:47Z urn:sha1:01e57b5d91b0c9f2ac93708c5c2cbcd4731ddd34 The struct has been growing members whose malloced memory needs to be freed. Do this with one helper function so that no malloced memory shall be left unfreed. Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2013-04-01T05:38:49Z Sebastian Götte jaseg@physik.tu-berlin.de 2013-03-31T16:02:46Z urn:sha1:eb307ae7bb78ccde4e2ac69f302ccf8834883628 When --verify-signatures is specified, abort the merge in case a good GPG signature from an untrusted key is encountered. Signed-off-by: Sebastian Götte <jaseg@physik-pool.tu-berlin.de> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2013-04-01T02:15:11Z Sebastian Götte jaseg@physik.tu-berlin.de 2013-03-31T16:00:14Z urn:sha1:ffb6d7d5c99e4097e512def20b0133b7ee900953 Signed-off-by: Sebastian Götte <jaseg@physik-pool.tu-berlin.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>