[PATCH v7 0/5] Verify GPG signatures when merging and extend %G? pretty string

[Sebastian Götte]

On 03/31/2013 03:33 PM, John Keeping wrote:
> It looks like the "found" pointer has wandered off the end of the
> string.  In the test case here, the gpg_status is:
> 
> -- >8 --
> [GNUPG:] SIG_ID rzX3GbdzQyxB4Jdm1uD0CzL4B4Y 2013-03-31 1364735152
> [GNUPG:] GOODSIG 61092E85B7227189 Eris Discordia <disc...@example.net>
> [GNUPG:] VALIDSIG D4BE22311AD3131E5EDA29A461092E85B7227189 2013-03-31
> 1364735152 0 4 0 1 2 00 D4BE22311AD3131E5EDA29A461092E85B7227189
> [GNUPG:] TRUST_UNDEFINED
> -- 8< --
> 
> But the parse_signature_lines code assumes that after reading a
> signature it can fill in the key from the next 16 bytes and then look
> for a newline after that.  In this case it clearly needs to only read
> the signature if it's a GOODSIG or BADSIG line.
> 
> Wrapping a "signature_check[i].result != 'U'" condition around the lines
> that extract the key and advance the "found" pointer after doing so
> fixes this for me.
This was in fact the case and your fix works. I modified the code a bit so it
does not break at the end of the loop and it checks for untrusted signatures
*last*, this way even in case 'signature_check.result' is 'U' (untrusted),
'key' and 'signer' are available.

I also removed two stray spaces.

Sebastian Götte (5):
  Move commit GPG signature verification to commit.c
  commit.c/GPG signature verification: Also look at the first GPG status
    line
  merge/pull: verify GPG signatures of commits being merged
  merge/pull Check for untrusted good GPG signatures
  pretty printing: extend %G? to include 'N' and 'U'

 Documentation/merge-options.txt    |   5 ++
 Documentation/pretty-formats.txt   |   3 +-
 builtin/merge.c                    |  34 +++++++++++++-
 commit.c                           |  69 +++++++++++++++++++++++++++
 commit.h                           |  10 ++++
 git-pull.sh                        |  10 +++-
 gpg-interface.h                    |  12 +++++
 pretty.c                           |  93 ++++++-------------------------------
 t/lib-gpg/pubring.gpg              | Bin 1164 -> 2359 bytes
 t/lib-gpg/random_seed              | Bin 600 -> 600 bytes
 t/lib-gpg/secring.gpg              | Bin 1237 -> 3734 bytes
 t/lib-gpg/trustdb.gpg              | Bin 1280 -> 1360 bytes
 t/t7612-merge-verify-signatures.sh |  61 ++++++++++++++++++++++++
 13 files changed, 215 insertions(+), 82 deletions(-)
 create mode 100755 t/t7612-merge-verify-signatures.sh

-- 
1.8.1.5

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html