<feed xmlns='http://www.w3.org/2005/Atom'>
<title>git/tag.c, branch v2.37.2</title>
<subtitle>Mirror of https://git.kernel.org/pub/scm/git/git.git/
</subtitle>
<id>https://git.shady.money/git/atom?h=v2.37.2</id>
<link rel='self' href='https://git.shady.money/git/atom?h=v2.37.2'/>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/'/>
<updated>2021-12-09T21:38:04Z</updated>
<entry>
<title>ssh signing: make verify-tag consider key lifetime</title>
<updated>2021-12-09T21:38:04Z</updated>
<author>
<name>Fabian Stelzer</name>
<email>fs@gigacodes.de</email>
</author>
<published>2021-12-09T08:52:47Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=dd3aa418aa109ff3697290ba89b626c3a4b36883'/>
<id>urn:sha1:dd3aa418aa109ff3697290ba89b626c3a4b36883</id>
<content type='text'>
Set the payload_type for check_signature() when calling verify-tag.
Implements the same tests as for verify-commit.

Signed-off-by: Fabian Stelzer &lt;fs@gigacodes.de&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>ssh signing: use sigc struct to pass payload</title>
<updated>2021-12-09T21:38:04Z</updated>
<author>
<name>Fabian Stelzer</name>
<email>fs@gigacodes.de</email>
</author>
<published>2021-12-09T08:52:43Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=02769437e1421d837f6de27cfb5c14087cfec8dd'/>
<id>urn:sha1:02769437e1421d837f6de27cfb5c14087cfec8dd</id>
<content type='text'>
To be able to extend the payload metadata with things like its creation
timestamp or the creators ident we remove the payload parameters to
check_signature() and use the already existing sigc-&gt;payload field
instead, only adding the length field to the struct. This also allows
us to get rid of the xmemdupz() calls in the verify functions. Since
sigc is now used to input data as well as output the result move it to
the front of the function list.

 - Add payload_length to struct signature_check
 - Populate sigc.payload/payload_len on all call sites
 - Remove payload parameters to check_signature()
 - Remove payload parameters to internal verify_* functions and use sigc
   instead
 - Remove xmemdupz() used for verbose output since payload is now already
   populated.

Signed-off-by: Fabian Stelzer &lt;fs@gigacodes.de&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>gpg-interface: improve interface for parsing tags</title>
<updated>2021-02-11T07:35:42Z</updated>
<author>
<name>brian m. carlson</name>
<email>sandals@crustytoothpaste.net</email>
</author>
<published>2021-02-11T02:08:03Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=482c119186987110bfccf705a5ac75d399b08766'/>
<id>urn:sha1:482c119186987110bfccf705a5ac75d399b08766</id>
<content type='text'>
We have a function which parses a buffer with a signature at the end,
parse_signature, and this function is used for signed tags.  However,
we'll need to store values for multiple algorithms, and we'll do this by
using a header for the non-default algorithm.

Adjust the parse_signature interface to store the parsed data in two
strbufs and turn the existing function into parse_signed_buffer.  The
latter is still used in places where we know we always have a signed
buffer, such as push certs.

Adjust all the callers to deal with this new interface.

Signed-off-by: brian m. carlson &lt;sandals@crustytoothpaste.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>object: drop parsed_object_pool-&gt;commit_count</title>
<updated>2020-06-17T21:37:14Z</updated>
<author>
<name>Abhishek Kumar</name>
<email>abhishekkumar8222@gmail.com</email>
</author>
<published>2020-06-17T09:14:08Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=6da43d937ca96d277556fa92c5a664fb1cbcc8ac'/>
<id>urn:sha1:6da43d937ca96d277556fa92c5a664fb1cbcc8ac</id>
<content type='text'>
14ba97f8 (alloc: allow arbitrary repositories for alloc functions,
2018-05-15) introduced parsed_object_pool-&gt;commit_count to keep count of
commits per repository and was used to assign commit-&gt;index.

However, commit-slab code requires commit-&gt;index values to be unique
and a global count would be correct, rather than a per-repo count.

Let's introduce a static counter variable, `parsed_commits_count` to
keep track of parsed commits so far.

As commit_count has no use anymore, let's also drop it from the struct.

Signed-off-by: Abhishek Kumar &lt;abhishekkumar8222@gmail.com&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>commit, tag: don't set parsed bit for parse failures</title>
<updated>2019-10-28T05:04:49Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2019-10-25T21:20:20Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=228c78fbd42b58ebf43477290432c149358b04b1'/>
<id>urn:sha1:228c78fbd42b58ebf43477290432c149358b04b1</id>
<content type='text'>
If we can't parse a commit, then parse_commit() will return an error
code. But it _also_ sets the "parsed" flag, which tells us not to bother
trying to re-parse the object. That means that subsequent parses have no
idea that the information in the struct may be bogus.  I.e., doing this:

  parse_commit(commit);
  ...
  if (parse_commit(commit) &lt; 0)
          die("commit is broken");

will never trigger the die(). The second parse_commit() will see the
"parsed" flag and quietly return success.

There are two obvious ways to fix this:

  1. Stop setting "parsed" until we've successfully parsed.

  2. Keep a second "corrupt" flag to indicate that we saw an error (and
     when the parsed flag is set, return 0/-1 depending on the corrupt
     flag).

This patch does option 1. The obvious downside versus option 2 is that
we might continually re-parse a broken object. But in practice,
corruption like this is rare, and we typically die() or return an error
in the caller. So it's OK not to worry about optimizing for corruption.
And it's much simpler: we don't need to use an extra bit in the object
struct, and callers which check the "parsed" flag don't need to learn
about the corrupt bit, too.

There's no new test here, because this case is already covered in t5318.
Note that we do need to update the expected message there, because we
now detect the problem in the return from "parse_commit()", and not with
a separate check for a NULL tree. In fact, we can now ditch that
explicit tree check entirely, as we're covered robustly by this change
(and the previous recent change to treat a NULL tree as a parse error).

We'll also give tags the same treatment. I don't know offhand of any
cases where the problem can be triggered (it implies somebody ignoring a
parse error earlier in the process), but consistently returning an error
should cause the least surprise.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>parse_tag_buffer(): treat NULL tag pointer as parse error</title>
<updated>2019-10-21T02:15:23Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2019-10-18T04:45:35Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=78d50148b955283e027ff46f310a4d3930ad42c0'/>
<id>urn:sha1:78d50148b955283e027ff46f310a4d3930ad42c0</id>
<content type='text'>
When parsing a tag, we may end up with a NULL "tagged" field when
there's a type mismatch (e.g., the tag claims to point to object X as a
commit, but we previously saw X as a blob in the same process), but we
do not otherwise indicate a parse failure to the caller.

This is similar to the case discussed in the previous commit, where a
commit could end up with a NULL tree field: while slightly convenient
for callers who want to overlook a corrupt object, it means that normal
callers have to explicitly deal with this case (rather than just relying
on the return code from parsing). And most don't, leading to segfault
fixes like the one in c77722b3ea (use get_tagged_oid(), 2019-09-05).

Let's address this more centrally, by returning an error code from the
parse itself, which most callers would already notice (adventurous
callers are free to ignore the error and continue looking at the
struct).

This also covers the case where the tag contains a nonsensical "type"
field (there we produced a user-visible error but still returned success
to the caller; now we'll produce a slightly better message and return an
error).

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>tag: factor out get_tagged_oid()</title>
<updated>2019-09-05T21:10:18Z</updated>
<author>
<name>René Scharfe</name>
<email>l.s.r@web.de</email>
</author>
<published>2019-09-05T19:55:55Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=dad3f0607bf1c864f80723ab20b39527260f2c4f'/>
<id>urn:sha1:dad3f0607bf1c864f80723ab20b39527260f2c4f</id>
<content type='text'>
Add a function for accessing the ID of the object referenced by a tag
safely, i.e. without causing a segfault when encountering a broken tag
where -&gt;tagged is NULL.

Signed-off-by: René Scharfe &lt;l.s.r@web.de&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>object: convert create_object() to use object_id</title>
<updated>2019-06-20T17:20:51Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2019-06-20T07:41:21Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=a378509e1c8d817b3abe42bd8b3c8aa2a6f9af8a'/>
<id>urn:sha1:a378509e1c8d817b3abe42bd8b3c8aa2a6f9af8a</id>
<content type='text'>
There are no callers left of create_object() that aren't just passing us
the "hash" member of a "struct object_id". Let's take the whole struct,
which gets us closer to removing all raw sha1 variables.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>object: convert lookup_object() to use object_id</title>
<updated>2019-06-20T17:18:09Z</updated>
<author>
<name>Jeff King</name>
<email>peff@peff.net</email>
</author>
<published>2019-06-20T07:41:14Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=d0229abd93e1115d935b0e55067e29bcc9815ce8'/>
<id>urn:sha1:d0229abd93e1115d935b0e55067e29bcc9815ce8</id>
<content type='text'>
There are no callers left of lookup_object() that aren't just passing us
the "hash" member of a "struct object_id". Let's take the whole struct,
which gets us closer to removing all raw sha1 variables.  It also
matches the existing conversions of lookup_blob(), etc.

The conversions of callers were done by hand, but they're all mechanical
one-liners.

Signed-off-by: Jeff King &lt;peff@peff.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
<entry>
<title>tag: express constant in terms of the_hash_algo</title>
<updated>2018-10-15T03:53:16Z</updated>
<author>
<name>brian m. carlson</name>
<email>sandals@crustytoothpaste.net</email>
</author>
<published>2018-10-15T00:01:58Z</published>
<link rel='alternate' type='text/html' href='https://git.shady.money/git/commit/?id=d8a3a690204ec8583b536e562d46632cae5cfe03'/>
<id>urn:sha1:d8a3a690204ec8583b536e562d46632cae5cfe03</id>
<content type='text'>
Signed-off-by: brian m. carlson &lt;sandals@crustytoothpaste.net&gt;
Signed-off-by: Junio C Hamano &lt;gitster@pobox.com&gt;
</content>
</entry>
</feed>
