Updated to incorporate feedback from v1. In addition to changes to the patches
from v1, I added the missing `t7004: fix mistaken tag name` patch, which had
caused some confusion (sorry about that). Thanks for everyone's feedback on v1.
### Interdiff (v1..v2):
diff --git a/Documentation/config.txt b/Documentation/config.txt
index 7906123a59..691b309306 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1728,7 +1728,7 @@ grep.fallbackToNoIndex::
is executed outside of a git repository. Defaults to false.
signingtool.<name>.program::
- The name of the program on `$PATH` to execute when making or
+ The name or path of the program to execute when making or
verifying a signature. This program will be used for making
signatures if `<name>` is configured as `signingtool.default`.
This program will be used for verifying signatures whose PEM
@@ -1750,7 +1750,9 @@ signingtool.<name>.pemtype::
SIGNATURE`. When verifying a signature with this PEM block type
the program specified in `signingtool.<name>.program` will be
used. By default `signingtool.gpg.pemtype` contains `PGP
- SIGNATURE` and `PGP MESSAGE`.
+ SIGNATURE` and `PGP MESSAGE`. Multiple PEM types may be specified
+ for a single signing tool by including the `pemtype` directive
+ multiple times within the `signingtool` configuration.
signingtool.default::
The `<name>` of the signing tool to use when creating
diff --git a/gpg-interface.c b/gpg-interface.c
index 0e2a82e8e5..5d4ae2a7ed 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -22,7 +22,8 @@ static struct signing_tool *alloc_signing_tool(void)
* Our default tool config is too complicated to specify as a constant
* initializer, so we lazily create it as needed.
*/
-static void init_signing_tool_defaults(void) {
+static void init_signing_tool_defaults(void)
+{
struct signing_tool *tool;
if (signing_tool_config)
@@ -38,7 +39,8 @@ static void init_signing_tool_defaults(void) {
signing_tool_config = tool;
}
-static struct signing_tool *get_signing_tool(const char *name) {
+static struct signing_tool *get_signing_tool(const char *name)
+{
struct signing_tool *tool;
init_signing_tool_defaults();
@@ -216,11 +218,12 @@ int git_gpg_config(const char *var, const char *value,
void *cb)
}
if (!strcmp(var, "gpg.program")) {
- struct signing_tool *tool = get_or_create_signing_tool("gpg");
+ struct signing_tool *tool;
if (!value)
return config_error_nonbool(var);
+ tool = get_or_create_signing_tool("gpg");
free(tool->program);
tool->program = xstrdup(value);
return 0;
@@ -331,7 +334,7 @@ int verify_signed_buffer(const char *payload, size_t
payload_size,
/*
* The caller didn't tell us which tool to use, and we
* didn't recognize the format. Historically we've fed
- * these cases to blindly to gpg, so let's continue to
+ * these cases blindly to gpg, so let's continue to
* do so.
*/
tool = get_signing_tool("gpg");
diff --git a/gpg-interface.h b/gpg-interface.h
index cee0dfe401..8e22e67b6f 100644
--- a/gpg-interface.h
+++ b/gpg-interface.h
@@ -42,7 +42,7 @@ void signature_check_clear(struct signature_check *sigc);
* pointed at the signing_tool that corresponds to the found
* signature type.
*/
-size_t parse_signature(const char *buf, unsigned long size,
+size_t parse_signature(const char *buf, size_t size,
const struct signing_tool **out_tool);
void parse_gpg_output(struct signature_check *);
@@ -61,7 +61,7 @@ int sign_buffer(struct strbuf *buffer, struct strbuf
*signature,
* gpg_output, when set, receives the diagnostic output from GPG.
* gpg_status, when set, receives the status output from GPG.
*
- * Typically the "tool" argument should come from a previous call to
+ * Typically, the "tool" argument should come from a previous call to
* parse_signature(). If it's NULL, then verify_signed_buffer() will
* try to choose the appropriate tool based on the contents of the
* "signature" buffer.
diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh
index 08d23b0cf5..b9ba47057f 100755
--- a/t/lib-gpg.sh
+++ b/t/lib-gpg.sh
@@ -59,20 +59,24 @@ sanitize_pgp() {
create_fake_signer () {
write_script fake-signer <<-\EOF
- if [ "$1 $2" = "--status-fd=2 -bsau" ]; then
+ if test "$1 $2" = "--status-fd=2 -bsau"
+ then
echo >&2 "[GNUPG:] BEGIN_SIGNING"
echo >&2 "[GNUPG:] SIG_CREATED D 1 SHA256 0 1513792449
4A7FF9E2330D22B19213A4E9E9C423BE17EFEE70"
- # avoid "-" in echo arguments
- printf "%s\n" \
- "-----BEGIN FAKE SIGNER SIGNATURE-----" \
- "fake-signature" \
- "-----END FAKE SIGNER SIGNATURE-----"
+ cat <<-\END
+ -----BEGIN FAKE SIGNER SIGNATURE-----
+ fake-signature
+ -----END FAKE SIGNER SIGNATURE-----
+ END
exit 0
- elif [ "$1 $2 $3" = "--status-fd=1 --keyid-format=long --verify" ]; then
- echo "[GNUPG:] NEWSIG"
- echo "[GNUPG:] GOODSIG 4A7FF9E2330D22B19213A4E9E9C423BE17EFEE70
/CN=Some User/EMail=some@user.email"
- echo "[GNUPG:] TRUST_FULLY 0 shell"
+ elif test "$1 $2 $3" = "--status-fd=1 --keyid-format=long --verify"
+ then
+ cat <<-\END
+ [GNUPG:] NEWSIG
+ [GNUPG:] GOODSIG 4A7FF9E2330D22B19213A4E9E9C423BE17EFEE70
/CN=Some User/EMail=some@user.email
+ [GNUPG:] TRUST_FULLY 0 shell
+ END
echo >&2 "Good signature from /CN=Some
User/EMail=some@user.email"
exit 0
diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
index 848a823302..fb41f98ca6 100755
--- a/t/t7510-signed-commit.sh
+++ b/t/t7510-signed-commit.sh
@@ -65,13 +65,15 @@ test_expect_success GPG 'create signed commits' '
grep "PGP SIGNATURE" actual &&
git config gpg.program "$TRASH_DIRECTORY/fake-signer" &&
- echo 12 >file && test_tick && git commit -a -m twelfth && test_unconfig
gpg.program &&
+ echo 12 >file && test_tick && git commit -a -m twelfth &&
+ test_unconfig gpg.program &&
git tag twelfth-fake-signed &&
git cat-file -p twelfth-fake-signed >actual &&
grep "FAKE SIGNER SIGNATURE" actual &&
git config signingtool.default fake &&
- echo 13 >file && test_tick && git commit -a -m thirteenth &&
test_unconfig signingtool.default &&
+ echo 13 >file && test_tick && git commit -a -m thirteenth &&
+ test_unconfig signingtool.default &&
git tag thirteenth-fake-signed &&
git cat-file -p thirteenth-fake-signed >actual &&
grep "FAKE SIGNER SIGNATURE" actual
### Patches
Ben Toews (1):
gpg-interface: handle alternative signature types
Jeff King (8):
t7004: fix mistaken tag name
gpg-interface: handle bool user.signingkey
gpg-interface: modernize function declarations
gpg-interface: use size_t for signature buffer size
gpg-interface: fix const-correctness of "eol" pointer
gpg-interface: extract gpg line matching helper
gpg-interface: find the last gpg signature line
gpg-interface: prepare for parsing arbitrary PEM blocks
Documentation/config.txt | 42 +++++++---
builtin/fmt-merge-msg.c | 6 +-
builtin/receive-pack.c | 7 +-
builtin/tag.c | 2 +-
commit.c | 2 +-
gpg-interface.c | 201 +++++++++++++++++++++++++++++++++++++++--------
gpg-interface.h | 67 +++++++++++++---
log-tree.c | 7 +-
ref-filter.c | 2 +-
t/lib-gpg.sh | 30 +++++++
t/t7004-tag.sh | 13 ++-
t/t7510-signed-commit.sh | 34 +++++++-
tag.c | 2 +-
13 files changed, 348 insertions(+), 67 deletions(-)
--
2.15.1 (Apple Git-101)
