admin/git
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'bc/signed-objects-with-both-hashes'

Browse Source 
Signed commits and tags now allow verification of objects, whose
two object names (one in SHA-1, the other in SHA-256) are both
signed.

* bc/signed-objects-with-both-hashes:
  gpg-interface: remove other signature headers before verifying
  ref-filter: hoist signature parsing
  commit: allow parsing arbitrary buffers with headers
  gpg-interface: improve interface for parsing tags
  commit: ignore additional signatures when parsing signed commits
  ref-filter: switch some uses of unsigned long to size_t
This commit is contained in:
Junio C Hamano
2021-02-22 16:12:42 -08:00
parent b9554c03a0 9b27b49240
commit 15af6e6fee
12 changed files with 226 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
fmt-merge-msg.c
View File

@@ -510,22 +510,28 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
for (i = 0; i < origins.nr; i++) {
struct object_id *oid = origins.items[i].util;
enum object_type type;
unsigned long size, len;
unsigned long size;
char *buf = read_object_file(oid, &type, &size);
char *origbuf = buf;
unsigned long len = size;
struct signature_check sigc = { NULL };
struct strbuf sig = STRBUF_INIT;
struct strbuf payload = STRBUF_INIT, sig = STRBUF_INIT;
if (!buf || type != OBJ_TAG)
goto next;
len = parse_signature(buf, size);
if (size == len)
; /* merely annotated */
else if (check_signature(buf, len, buf + len, size - len, &sigc) &&
!sigc.gpg_output)
strbuf_addstr(&sig, "gpg verification failed.\n");
else
strbuf_addstr(&sig, sigc.gpg_output);
if (!parse_signature(buf, size, &payload, &sig))
;/* merely annotated */
else {
buf = payload.buf;
len = payload.len;
if (check_signature(payload.buf, payload.len, sig.buf,
sig.len, &sigc) &&
!sigc.gpg_output)
strbuf_addstr(&sig, "gpg verification failed.\n");
else
strbuf_addstr(&sig, sigc.gpg_output);
}
signature_check_clear(&sigc);
if (!tag_number++) {
@@ -548,9 +554,10 @@ static void fmt_merge_msg_sigs(struct strbuf *out)
strlen(origins.items[i].string));
fmt_tag_signature(&tagbuf, &sig, buf, len);
}
strbuf_release(&payload);
strbuf_release(&sig);
next:
free(buf);
free(origbuf);
}
if (tagbuf.len) {
strbuf_addch(out, '\n');