Johannes Schindelin venit, vidit, dixit 06.09.2016 10:01:
> With the recent update in efee955 (gpg-interface: check gpg signature
> creation status, 2016-06-17), we ask GPG to send all status updates to
> stderr, and then catch the stderr in an strbuf.
> 
> But GPG might fail, and send error messages to stderr. And we simply
> do not show them to the user.
> 
> Even worse: this swallows any interactive prompt for a passphrase. And
> detaches stderr from the tty so that the passphrase cannot be read.
> 
> So while the first problem could be fixed (by printing the captured
> stderr upon error), the second problem cannot be easily fixed, and
> presents a major regression.

My Git has that commit and does ask me for the passphrase on the tty.
Also, I do get error messages:

git tag -u pebcak -s testt -m m
error: gpg failed to sign the data
error: unable to sign the tag

which we could (maybe should) amend by gpg's stderr.

> So let's just revert commit efee9553a4f97b2ecd8f49be19606dd4cf7d9c28.

That "just" reintroduces the problem that the orignal patch solves.

The passphrase/tty issue must be Windows specific - or the non-issue
Linux-specific, if you prefer.

> This fixes https://github.com/git-for-windows/git/issues/871
> 
> Cc: Michael J Gruber <g...@drmicha.warpmail.net>
> Signed-off-by: Johannes Schindelin <johannes.schinde...@gmx.de>
> ---
> Published-As: https://github.com/dscho/git/releases/tag/fix-gpg-v1
> Fetch-It-Via: git fetch https://github.com/dscho/git fix-gpg-v1
> 
>  gpg-interface.c | 8 ++------
>  t/t7004-tag.sh  | 9 +--------
>  2 files changed, 3 insertions(+), 14 deletions(-)
> 
> diff --git a/gpg-interface.c b/gpg-interface.c
> index 8672eda..3f3a3f7 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -153,11 +153,9 @@ int sign_buffer(struct strbuf *buffer, struct strbuf 
> *signature, const char *sig
>       struct child_process gpg = CHILD_PROCESS_INIT;
>       int ret;
>       size_t i, j, bottom;
> -     struct strbuf gpg_status = STRBUF_INIT;
>  
>       argv_array_pushl(&gpg.args,
>                        gpg_program,
> -                      "--status-fd=2",
>                        "-bsau", signing_key,
>                        NULL);
>  
> @@ -169,12 +167,10 @@ int sign_buffer(struct strbuf *buffer, struct strbuf 
> *signature, const char *sig
>        */
>       sigchain_push(SIGPIPE, SIG_IGN);
>       ret = pipe_command(&gpg, buffer->buf, buffer->len,
> -                        signature, 1024, &gpg_status, 0);
> +                        signature, 1024, NULL, 0);
>       sigchain_pop(SIGPIPE);
>  
> -     ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
> -     strbuf_release(&gpg_status);
> -     if (ret)
> +     if (ret || signature->len == bottom)
>               return error(_("gpg failed to sign the data"));
>  
>       /* Strip CR from the line endings, in case we are on Windows. */
> diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
> index 8b0f71a..f9b7d79 100755
> --- a/t/t7004-tag.sh
> +++ b/t/t7004-tag.sh
> @@ -1202,17 +1202,10 @@ test_expect_success GPG,RFC1991 \
>  # try to sign with bad user.signingkey
>  git config user.signingkey BobTheMouse
>  test_expect_success GPG \
> -     'git tag -s fails if gpg is misconfigured (bad key)' \
> +     'git tag -s fails if gpg is misconfigured' \
>       'test_must_fail git tag -s -m tail tag-gpg-failure'
>  git config --unset user.signingkey
>  
> -# try to produce invalid signature
> -test_expect_success GPG \
> -     'git tag -s fails if gpg is misconfigured (bad signature format)' \
> -     'test_config gpg.program echo &&
> -      test_must_fail git tag -s -m tail tag-gpg-failure'
> -
> -
>  # try to verify without gpg:
>  
>  rm -rf gpghome
> 

Reply via email to