From: Ben Toews <mastahyeti@gmail.com>
To: git@vger.kernel.org
Cc: me@ttaylorr.com, peff@peff.net, sbeller@google.com,
gitster@pobox.com, szeder.dev@gmail.com, sunshine@sunshineco.com,
Ben Toews <mastahyeti@gmail.com>
Subject: [PATCH v2 0/9] gpg-interface: Multiple signing tools
Date: Fri, 13 Apr 2018 15:18:28 -0600 [thread overview]
Message-ID: <20180413211837.99415-1-mastahyeti@gmail.com> (raw)
In-Reply-To: <20180409204129.43537-1-mastahyeti@gmail.com>
Updated to incorporate feedback from v1. In addition to changes to the patches
from v1, I added the missing `t7004: fix mistaken tag name` patch, which had
caused some confusion (sorry about that). Thanks for everyone's feedback on v1.
### Interdiff (v1..v2):
diff --git a/Documentation/config.txt b/Documentation/config.txt
index 7906123a59..691b309306 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -1728,7 +1728,7 @@ grep.fallbackToNoIndex::
is executed outside of a git repository. Defaults to false.
signingtool.<name>.program::
- The name of the program on `$PATH` to execute when making or
+ The name or path of the program to execute when making or
verifying a signature. This program will be used for making
signatures if `<name>` is configured as `signingtool.default`.
This program will be used for verifying signatures whose PEM
@@ -1750,7 +1750,9 @@ signingtool.<name>.pemtype::
SIGNATURE`. When verifying a signature with this PEM block type
the program specified in `signingtool.<name>.program` will be
used. By default `signingtool.gpg.pemtype` contains `PGP
- SIGNATURE` and `PGP MESSAGE`.
+ SIGNATURE` and `PGP MESSAGE`. Multiple PEM types may be specified
+ for a single signing tool by including the `pemtype` directive
+ multiple times within the `signingtool` configuration.
signingtool.default::
The `<name>` of the signing tool to use when creating
diff --git a/gpg-interface.c b/gpg-interface.c
index 0e2a82e8e5..5d4ae2a7ed 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -22,7 +22,8 @@ static struct signing_tool *alloc_signing_tool(void)
* Our default tool config is too complicated to specify as a constant
* initializer, so we lazily create it as needed.
*/
-static void init_signing_tool_defaults(void) {
+static void init_signing_tool_defaults(void)
+{
struct signing_tool *tool;
if (signing_tool_config)
@@ -38,7 +39,8 @@ static void init_signing_tool_defaults(void) {
signing_tool_config = tool;
}
-static struct signing_tool *get_signing_tool(const char *name) {
+static struct signing_tool *get_signing_tool(const char *name)
+{
struct signing_tool *tool;
init_signing_tool_defaults();
@@ -216,11 +218,12 @@ int git_gpg_config(const char *var, const char *value, void *cb)
}
if (!strcmp(var, "gpg.program")) {
- struct signing_tool *tool = get_or_create_signing_tool("gpg");
+ struct signing_tool *tool;
if (!value)
return config_error_nonbool(var);
+ tool = get_or_create_signing_tool("gpg");
free(tool->program);
tool->program = xstrdup(value);
return 0;
@@ -331,7 +334,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
/*
* The caller didn't tell us which tool to use, and we
* didn't recognize the format. Historically we've fed
- * these cases to blindly to gpg, so let's continue to
+ * these cases blindly to gpg, so let's continue to
* do so.
*/
tool = get_signing_tool("gpg");
diff --git a/gpg-interface.h b/gpg-interface.h
index cee0dfe401..8e22e67b6f 100644
--- a/gpg-interface.h
+++ b/gpg-interface.h
@@ -42,7 +42,7 @@ void signature_check_clear(struct signature_check *sigc);
* pointed at the signing_tool that corresponds to the found
* signature type.
*/
-size_t parse_signature(const char *buf, unsigned long size,
+size_t parse_signature(const char *buf, size_t size,
const struct signing_tool **out_tool);
void parse_gpg_output(struct signature_check *);
@@ -61,7 +61,7 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature,
* gpg_output, when set, receives the diagnostic output from GPG.
* gpg_status, when set, receives the status output from GPG.
*
- * Typically the "tool" argument should come from a previous call to
+ * Typically, the "tool" argument should come from a previous call to
* parse_signature(). If it's NULL, then verify_signed_buffer() will
* try to choose the appropriate tool based on the contents of the
* "signature" buffer.
diff --git a/t/lib-gpg.sh b/t/lib-gpg.sh
index 08d23b0cf5..b9ba47057f 100755
--- a/t/lib-gpg.sh
+++ b/t/lib-gpg.sh
@@ -59,20 +59,24 @@ sanitize_pgp() {
create_fake_signer () {
write_script fake-signer <<-\EOF
- if [ "$1 $2" = "--status-fd=2 -bsau" ]; then
+ if test "$1 $2" = "--status-fd=2 -bsau"
+ then
echo >&2 "[GNUPG:] BEGIN_SIGNING"
echo >&2 "[GNUPG:] SIG_CREATED D 1 SHA256 0 1513792449 4A7FF9E2330D22B19213A4E9E9C423BE17EFEE70"
- # avoid "-" in echo arguments
- printf "%s\n" \
- "-----BEGIN FAKE SIGNER SIGNATURE-----" \
- "fake-signature" \
- "-----END FAKE SIGNER SIGNATURE-----"
+ cat <<-\END
+ -----BEGIN FAKE SIGNER SIGNATURE-----
+ fake-signature
+ -----END FAKE SIGNER SIGNATURE-----
+ END
exit 0
- elif [ "$1 $2 $3" = "--status-fd=1 --keyid-format=long --verify" ]; then
- echo "[GNUPG:] NEWSIG"
- echo "[GNUPG:] GOODSIG 4A7FF9E2330D22B19213A4E9E9C423BE17EFEE70 /CN=Some User/EMail=some@user.email"
- echo "[GNUPG:] TRUST_FULLY 0 shell"
+ elif test "$1 $2 $3" = "--status-fd=1 --keyid-format=long --verify"
+ then
+ cat <<-\END
+ [GNUPG:] NEWSIG
+ [GNUPG:] GOODSIG 4A7FF9E2330D22B19213A4E9E9C423BE17EFEE70 /CN=Some User/EMail=some@user.email
+ [GNUPG:] TRUST_FULLY 0 shell
+ END
echo >&2 "Good signature from /CN=Some User/EMail=some@user.email"
exit 0
diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh
index 848a823302..fb41f98ca6 100755
--- a/t/t7510-signed-commit.sh
+++ b/t/t7510-signed-commit.sh
@@ -65,13 +65,15 @@ test_expect_success GPG 'create signed commits' '
grep "PGP SIGNATURE" actual &&
git config gpg.program "$TRASH_DIRECTORY/fake-signer" &&
- echo 12 >file && test_tick && git commit -a -m twelfth && test_unconfig gpg.program &&
+ echo 12 >file && test_tick && git commit -a -m twelfth &&
+ test_unconfig gpg.program &&
git tag twelfth-fake-signed &&
git cat-file -p twelfth-fake-signed >actual &&
grep "FAKE SIGNER SIGNATURE" actual &&
git config signingtool.default fake &&
- echo 13 >file && test_tick && git commit -a -m thirteenth && test_unconfig signingtool.default &&
+ echo 13 >file && test_tick && git commit -a -m thirteenth &&
+ test_unconfig signingtool.default &&
git tag thirteenth-fake-signed &&
git cat-file -p thirteenth-fake-signed >actual &&
grep "FAKE SIGNER SIGNATURE" actual
### Patches
Ben Toews (1):
gpg-interface: handle alternative signature types
Jeff King (8):
t7004: fix mistaken tag name
gpg-interface: handle bool user.signingkey
gpg-interface: modernize function declarations
gpg-interface: use size_t for signature buffer size
gpg-interface: fix const-correctness of "eol" pointer
gpg-interface: extract gpg line matching helper
gpg-interface: find the last gpg signature line
gpg-interface: prepare for parsing arbitrary PEM blocks
Documentation/config.txt | 42 +++++++---
builtin/fmt-merge-msg.c | 6 +-
builtin/receive-pack.c | 7 +-
builtin/tag.c | 2 +-
commit.c | 2 +-
gpg-interface.c | 201 +++++++++++++++++++++++++++++++++++++++--------
gpg-interface.h | 67 +++++++++++++---
log-tree.c | 7 +-
ref-filter.c | 2 +-
t/lib-gpg.sh | 30 +++++++
t/t7004-tag.sh | 13 ++-
t/t7510-signed-commit.sh | 34 +++++++-
tag.c | 2 +-
13 files changed, 348 insertions(+), 67 deletions(-)
--
2.15.1 (Apple Git-101)
next prev parent reply other threads:[~2018-04-13 21:19 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-09 20:41 [PATCH 0/8] gpg-interface: Multiple signing tools Ben Toews
2018-04-09 20:41 ` [PATCH 1/8] gpg-interface: handle bool user.signingkey Ben Toews
2018-04-09 20:55 ` Eric Sunshine
2018-04-10 14:32 ` Jeff King
2018-04-09 20:41 ` [PATCH 2/8] gpg-interface: modernize function declarations Ben Toews
2018-04-09 20:41 ` [PATCH 3/8] gpg-interface: use size_t for signature buffer size Ben Toews
2018-04-09 20:41 ` [PATCH 4/8] gpg-interface: fix const-correctness of "eol" pointer Ben Toews
2018-04-09 20:41 ` [PATCH 5/8] gpg-interface: extract gpg line matching helper Ben Toews
2018-04-09 20:41 ` [PATCH 6/8] gpg-interface: find the last gpg signature line Ben Toews
2018-04-09 21:13 ` Eric Sunshine
2018-04-10 9:44 ` Junio C Hamano
2018-04-10 14:47 ` Ben Toews
2018-04-10 21:04 ` Junio C Hamano
2018-04-10 22:17 ` Junio C Hamano
2018-04-11 15:19 ` Ben Toews
2018-04-09 20:41 ` [PATCH 7/8] gpg-interface: prepare for parsing arbitrary PEM blocks Ben Toews
2018-04-09 20:41 ` [PATCH 8/8] gpg-interface: handle alternative signature types Ben Toews
2018-04-09 21:01 ` Stefan Beller
2018-04-10 8:24 ` Eric Sunshine
2018-04-10 15:00 ` Ben Toews
2018-04-14 19:59 ` brian m. carlson
2018-04-16 5:05 ` Junio C Hamano
2018-04-17 0:12 ` brian m. carlson
2018-04-17 1:54 ` Junio C Hamano
2018-04-17 18:08 ` Ben Toews
2018-04-17 18:33 ` Taylor Blau
2018-05-03 16:03 ` Ben Toews
2018-05-07 9:45 ` Jeff King
2018-05-07 15:18 ` Junio C Hamano
2018-05-07 23:06 ` brian m. carlson
2018-05-08 13:28 ` Jeff King
2018-05-08 23:09 ` brian m. carlson
2018-05-09 8:03 ` Jeff King
2018-04-10 9:35 ` Junio C Hamano
2018-04-10 16:01 ` Ben Toews
2018-04-11 10:11 ` SZEDER Gábor
2018-04-13 21:18 ` Ben Toews [this message]
2018-04-13 21:18 ` [PATCH v2 1/9] t7004: fix mistaken tag name Ben Toews
2018-04-13 21:18 ` [PATCH v2 2/9] gpg-interface: handle bool user.signingkey Ben Toews
2018-04-13 21:18 ` [PATCH v2 3/9] gpg-interface: modernize function declarations Ben Toews
2018-04-13 21:18 ` [PATCH v2 4/9] gpg-interface: use size_t for signature buffer size Ben Toews
2018-04-13 21:18 ` [PATCH v2 5/9] gpg-interface: fix const-correctness of "eol" pointer Ben Toews
2018-04-13 21:18 ` [PATCH v2 6/9] gpg-interface: extract gpg line matching helper Ben Toews
2018-04-13 21:18 ` [PATCH v2 7/9] gpg-interface: find the last gpg signature line Ben Toews
2018-04-13 21:18 ` [PATCH v2 8/9] gpg-interface: prepare for parsing arbitrary PEM blocks Ben Toews
2018-04-13 21:18 ` [PATCH v2 9/9] gpg-interface: handle alternative signature types Ben Toews
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180413211837.99415-1-mastahyeti@gmail.com \
--to=mastahyeti@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=me@ttaylorr.com \
--cc=peff@peff.net \
--cc=sbeller@google.com \
--cc=sunshine@sunshineco.com \
--cc=szeder.dev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).