From 94240b918f70560393516aa8f98edb877d582c69 Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Tue, 17 Jan 2017 18:37:18 -0500 Subject: [PATCH 1/6] gpg-interface, tag: add GPG_VERIFY_OMIT_STATUS flag Functions that print git object information may require that the gpg-interface functions be silent. Add GPG_VERIFY_OMIT_STATUS flag and prevent print_signature_buffer from being called if flag is set. Signed-off-by: Lukas Puehringer Signed-off-by: Junio C Hamano --- gpg-interface.h | 5 +++-- tag.c | 5 ++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/gpg-interface.h b/gpg-interface.h index ea68885ad5..d2d4fd3a65 100644 --- a/gpg-interface.h +++ b/gpg-interface.h @@ -1,8 +1,9 @@ #ifndef GPG_INTERFACE_H #define GPG_INTERFACE_H -#define GPG_VERIFY_VERBOSE 1 -#define GPG_VERIFY_RAW 2 +#define GPG_VERIFY_VERBOSE 1 +#define GPG_VERIFY_RAW 2 +#define GPG_VERIFY_OMIT_STATUS 4 struct signature_check { char *payload; diff --git a/tag.c b/tag.c index d1dcd18cd7..243d1fdbbc 100644 --- a/tag.c +++ b/tag.c @@ -3,6 +3,7 @@ #include "commit.h" #include "tree.h" #include "blob.h" +#include "gpg-interface.h" const char *tag_type = "tag"; @@ -24,7 +25,9 @@ static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags) ret = check_signature(buf, payload_size, buf + payload_size, size - payload_size, &sigc); - print_signature_buffer(&sigc, flags); + + if (!(flags & GPG_VERIFY_OMIT_STATUS)) + print_signature_buffer(&sigc, flags); signature_check_clear(&sigc); return ret; From 2111aa794bb420f767895682232b494d3461ab31 Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Tue, 17 Jan 2017 18:37:19 -0500 Subject: [PATCH 2/6] ref-filter: add function to print single ref_array_item ref-filter functions are useful for printing git object information using a format specifier. However, some other modules may not want to use this functionality on a ref-array but only print a single item. Expose a pretty_print_ref function to create, pretty print and free individual ref-items. Signed-off-by: Lukas Puehringer Signed-off-by: Junio C Hamano --- ref-filter.c | 27 +++++++++++++++++++++------ ref-filter.h | 7 +++++++ 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/ref-filter.c b/ref-filter.c index 9adbb8af3e..77d4e53342 100644 --- a/ref-filter.c +++ b/ref-filter.c @@ -1329,7 +1329,7 @@ static struct ref_array_item *new_ref_array_item(const char *refname, return ref; } -static int filter_ref_kind(struct ref_filter *filter, const char *refname) +static int ref_kind_from_refname(const char *refname) { unsigned int i; @@ -1342,11 +1342,7 @@ static int filter_ref_kind(struct ref_filter *filter, const char *refname) { "refs/tags/", FILTER_REFS_TAGS} }; - if (filter->kind == FILTER_REFS_BRANCHES || - filter->kind == FILTER_REFS_REMOTES || - filter->kind == FILTER_REFS_TAGS) - return filter->kind; - else if (!strcmp(refname, "HEAD")) + if (!strcmp(refname, "HEAD")) return FILTER_REFS_DETACHED_HEAD; for (i = 0; i < ARRAY_SIZE(ref_kind); i++) { @@ -1357,6 +1353,15 @@ static int filter_ref_kind(struct ref_filter *filter, const char *refname) return FILTER_REFS_OTHERS; } +static int filter_ref_kind(struct ref_filter *filter, const char *refname) +{ + if (filter->kind == FILTER_REFS_BRANCHES || + filter->kind == FILTER_REFS_REMOTES || + filter->kind == FILTER_REFS_TAGS) + return filter->kind; + return ref_kind_from_refname(refname); +} + /* * A call-back given to for_each_ref(). Filter refs and keep them for * later object processing. @@ -1637,6 +1642,16 @@ void show_ref_array_item(struct ref_array_item *info, const char *format, int qu putchar('\n'); } +void pretty_print_ref(const char *name, const unsigned char *sha1, + const char *format) +{ + struct ref_array_item *ref_item; + ref_item = new_ref_array_item(name, sha1, 0); + ref_item->kind = ref_kind_from_refname(name); + show_ref_array_item(ref_item, format, 0); + free_array_item(ref_item); +} + /* If no sorting option is given, use refname to sort as default */ struct ref_sorting *ref_default_sorting(void) { diff --git a/ref-filter.h b/ref-filter.h index 14d435e2cc..3cf3d3f590 100644 --- a/ref-filter.h +++ b/ref-filter.h @@ -107,4 +107,11 @@ struct ref_sorting *ref_default_sorting(void); /* Function to parse --merged and --no-merged options */ int parse_opt_merge_filter(const struct option *opt, const char *arg, int unset); +/* + * Print a single ref, outside of any ref-filter. Note that the + * name must be a fully qualified refname. + */ +void pretty_print_ref(const char *name, const unsigned char *sha1, + const char *format); + #endif /* REF_FILTER_H */ From ff3c8c8f124b26559232857fd37b67a0dd99600d Mon Sep 17 00:00:00 2001 From: Santiago Torres Date: Tue, 17 Jan 2017 18:37:20 -0500 Subject: [PATCH 3/6] builtin/verify-tag: add --format to verify-tag Callers of verify-tag may want to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG verification. This is to avoid tag refs that point to an incorrect object. Add a --format parameter to git verify-tag to print the formatted tag object header in addition to or instead of the --verbose or --raw GPG verification output. Signed-off-by: Santiago Torres Signed-off-by: Junio C Hamano --- Documentation/git-verify-tag.txt | 2 +- builtin/verify-tag.c | 22 +++++++++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/Documentation/git-verify-tag.txt b/Documentation/git-verify-tag.txt index d590edcebd..0b8075dad9 100644 --- a/Documentation/git-verify-tag.txt +++ b/Documentation/git-verify-tag.txt @@ -8,7 +8,7 @@ git-verify-tag - Check the GPG signature of tags SYNOPSIS -------- [verse] -'git verify-tag' ... +'git verify-tag' [--format=] ... DESCRIPTION ----------- diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c index 99f8148cf7..5199553d91 100644 --- a/builtin/verify-tag.c +++ b/builtin/verify-tag.c @@ -12,9 +12,10 @@ #include #include "parse-options.h" #include "gpg-interface.h" +#include "ref-filter.h" static const char * const verify_tag_usage[] = { - N_("git verify-tag [-v | --verbose] ..."), + N_("git verify-tag [-v | --verbose] [--format=] ..."), NULL }; @@ -30,9 +31,11 @@ int cmd_verify_tag(int argc, const char **argv, const char *prefix) { int i = 1, verbose = 0, had_error = 0; unsigned flags = 0; + char *fmt_pretty = NULL; const struct option verify_tag_options[] = { OPT__VERBOSE(&verbose, N_("print tag contents")), OPT_BIT(0, "raw", &flags, N_("print raw gpg status output"), GPG_VERIFY_RAW), + OPT_STRING( 0 , "format", &fmt_pretty, N_("format"), N_("format to use for the output")), OPT_END() }; @@ -46,13 +49,26 @@ int cmd_verify_tag(int argc, const char **argv, const char *prefix) if (verbose) flags |= GPG_VERIFY_VERBOSE; + if (fmt_pretty) { + verify_ref_format(fmt_pretty); + flags |= GPG_VERIFY_OMIT_STATUS; + } + while (i < argc) { unsigned char sha1[20]; const char *name = argv[i++]; - if (get_sha1(name, sha1)) + if (get_sha1(name, sha1)) { had_error = !!error("tag '%s' not found.", name); - else if (gpg_verify_tag(sha1, name, flags)) + continue; + } + + if (gpg_verify_tag(sha1, name, flags)) { had_error = 1; + continue; + } + + if (fmt_pretty) + pretty_print_ref(name, sha1, fmt_pretty); } return had_error; } From 07d347cf9ac13c3d1746ae368f6e72afbe82dc15 Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Tue, 17 Jan 2017 18:37:21 -0500 Subject: [PATCH 4/6] builtin/tag: add --format argument for tag -v Adding --format to git tag -v mutes the default output of the GPG verification and instead prints the formatted tag object. This allows callers to cross-check the tagname from refs/tags with the tagname from the tag object header upon GPG verification. The callback function for for_each_tag_name() didn't allow callers to pass custom data to their callback functions. Add a new opaque pointer to each_tag_name_fn's parameter to allow this. Signed-off-by: Lukas Puehringer Signed-off-by: Junio C Hamano --- Documentation/git-tag.txt | 2 +- builtin/tag.c | 37 +++++++++++++++++++++++++++---------- 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/Documentation/git-tag.txt b/Documentation/git-tag.txt index 7ecca8e247..3bb5e3c23f 100644 --- a/Documentation/git-tag.txt +++ b/Documentation/git-tag.txt @@ -15,7 +15,7 @@ SYNOPSIS 'git tag' [-n[]] -l [--contains ] [--points-at ] [--column[=] | --no-column] [--create-reflog] [--sort=] [--format=] [--[no-]merged []] [...] -'git tag' -v ... +'git tag' -v [--format=] ... DESCRIPTION ----------- diff --git a/builtin/tag.c b/builtin/tag.c index 50e4ae5678..fbb85ba3dc 100644 --- a/builtin/tag.c +++ b/builtin/tag.c @@ -24,7 +24,7 @@ static const char * const git_tag_usage[] = { N_("git tag -d ..."), N_("git tag -l [-n[]] [--contains ] [--points-at ]" "\n\t\t[--format=] [--[no-]merged []] [...]"), - N_("git tag -v ..."), + N_("git tag -v [--format=] ..."), NULL }; @@ -66,9 +66,10 @@ static int list_tags(struct ref_filter *filter, struct ref_sorting *sorting, con } typedef int (*each_tag_name_fn)(const char *name, const char *ref, - const unsigned char *sha1); + const unsigned char *sha1, const void *cb_data); -static int for_each_tag_name(const char **argv, each_tag_name_fn fn) +static int for_each_tag_name(const char **argv, each_tag_name_fn fn, + const void *cb_data) { const char **p; char ref[PATH_MAX]; @@ -87,14 +88,14 @@ static int for_each_tag_name(const char **argv, each_tag_name_fn fn) had_error = 1; continue; } - if (fn(*p, ref, sha1)) + if (fn(*p, ref, sha1, cb_data)) had_error = 1; } return had_error; } static int delete_tag(const char *name, const char *ref, - const unsigned char *sha1) + const unsigned char *sha1, const void *cb_data) { if (delete_ref(ref, sha1, 0)) return 1; @@ -103,9 +104,22 @@ static int delete_tag(const char *name, const char *ref, } static int verify_tag(const char *name, const char *ref, - const unsigned char *sha1) + const unsigned char *sha1, const void *cb_data) { - return gpg_verify_tag(sha1, name, GPG_VERIFY_VERBOSE); + int flags; + const char *fmt_pretty = cb_data; + flags = GPG_VERIFY_VERBOSE; + + if (fmt_pretty) + flags = GPG_VERIFY_OMIT_STATUS; + + if (gpg_verify_tag(sha1, name, flags)) + return -1; + + if (fmt_pretty) + pretty_print_ref(name, sha1, fmt_pretty); + + return 0; } static int do_sign(struct strbuf *buffer) @@ -424,9 +438,12 @@ int cmd_tag(int argc, const char **argv, const char *prefix) if (filter.merge_commit) die(_("--merged and --no-merged option are only allowed with -l")); if (cmdmode == 'd') - return for_each_tag_name(argv, delete_tag); - if (cmdmode == 'v') - return for_each_tag_name(argv, verify_tag); + return for_each_tag_name(argv, delete_tag, NULL); + if (cmdmode == 'v') { + if (format) + verify_ref_format(format); + return for_each_tag_name(argv, verify_tag, format); + } if (msg.given || msgfile) { if (msg.given && msgfile) From 02c5433e1620e49daa48c7ca0b30b80a39ec08ad Mon Sep 17 00:00:00 2001 From: Santiago Torres Date: Tue, 17 Jan 2017 18:37:22 -0500 Subject: [PATCH 5/6] t/t7030-verify-tag: Add --format specifier tests Verify-tag now provides --format specifiers to inspect and ensure the contents of the tag are proper. We add two tests to ensure this functionality works as expected: the return value should indicate if verification passed, and the format specifiers must be respected. Signed-off-by: Santiago Torres Signed-off-by: Junio C Hamano --- t/t7030-verify-tag.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/t/t7030-verify-tag.sh b/t/t7030-verify-tag.sh index 07079a41c4..d62ccbb98e 100755 --- a/t/t7030-verify-tag.sh +++ b/t/t7030-verify-tag.sh @@ -125,4 +125,20 @@ test_expect_success GPG 'verify multiple tags' ' test_cmp expect.stderr actual.stderr ' +test_expect_success 'verifying tag with --format' ' + cat >expect <<-\EOF + tagname : fourth-signed + EOF && + git verify-tag --format="tagname : %(tag)" "fourth-signed" >actual && + test_cmp expect actual +' + +test_expect_success 'verifying a forged tag with --format fail and format accordingly' ' + cat >expect <<-\EOF + tagname : 7th forged-signed + EOF && + test_must_fail git verify-tag --format="tagname : %(tag)" $(cat forged1.tag) >actual-forged && + test_cmp expect actual-forged +' + test_done From 4fea72f4f76addb6b49ca4f5b97f66a6bda46985 Mon Sep 17 00:00:00 2001 From: Santiago Torres Date: Tue, 17 Jan 2017 18:37:23 -0500 Subject: [PATCH 6/6] t/t7004-tag: Add --format specifier tests tag -v now supports --format specifiers to inspect the contents of a tag upon verification. Add two tests to ensure this behavior is respected in future changes. Signed-off-by: Santiago Torres Signed-off-by: Junio C Hamano --- t/t7004-tag.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh index 8b0f71a2ac..b53a2e5e41 100755 --- a/t/t7004-tag.sh +++ b/t/t7004-tag.sh @@ -847,6 +847,22 @@ test_expect_success GPG 'verifying a forged tag should fail' ' test_must_fail git tag -v forged-tag ' +test_expect_success 'verifying a proper tag with --format pass and format accordingly' ' + cat >expect <<-\EOF + tagname : signed-tag + EOF && + git tag -v --format="tagname : %(tag)" "signed-tag" >actual && + test_cmp expect actual +' + +test_expect_success 'verifying a forged tag with --format fail and format accordingly' ' + cat >expect <<-\EOF + tagname : forged-tag + EOF && + test_must_fail git tag -v --format="tagname : %(tag)" "forged-tag" >actual && + test_cmp expect actual +' + # blank and empty messages for signed tags: get_tag_header empty-signed-tag $commit commit $time >expect