diff --git a/builtin/tag.c b/builtin/tag.c index d1d7d8701d..aa1f87d47a 100644 --- a/builtin/tag.c +++ b/builtin/tag.c @@ -29,8 +29,6 @@ struct tag_filter { struct commit_list *with_commit; }; -#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----" - static int show_reference(const char *refname, const unsigned char *sha1, int flag, void *cb_data) { @@ -70,9 +68,9 @@ static int show_reference(const char *refname, const unsigned char *sha1, return 0; } /* only take up to "lines" lines, and strip the signature */ + size = parse_signature(buf, size); for (i = 0, sp += 2; - i < filter->lines && sp < buf + size && - prefixcmp(sp, PGP_SIGNATURE "\n"); + i < filter->lines && sp < buf + size; i++) { if (i) printf("\n "); @@ -242,8 +240,7 @@ static void write_tag_body(int fd, const unsigned char *sha1) { unsigned long size; enum object_type type; - char *buf, *sp, *eob; - size_t len; + char *buf, *sp; buf = read_sha1_file(sha1, &type, &size); if (!buf) @@ -256,12 +253,7 @@ static void write_tag_body(int fd, const unsigned char *sha1) return; } sp += 2; /* skip the 2 LFs */ - eob = strstr(sp, "\n" PGP_SIGNATURE "\n"); - if (eob) - len = eob - sp; - else - len = buf + size - sp; - write_or_die(fd, sp, len); + write_or_die(fd, sp, parse_signature(sp, buf + size - sp)); free(buf); } diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c index 8136dba7a1..3134766049 100644 --- a/builtin/verify-tag.c +++ b/builtin/verify-tag.c @@ -17,13 +17,11 @@ static const char * const verify_tag_usage[] = { NULL }; -#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----" - static int run_gpg_verify(const char *buf, unsigned long size, int verbose) { struct child_process gpg; const char *args_gpg[] = {"gpg", "--verify", "FILE", "-", NULL}; - char path[PATH_MAX], *eol; + char path[PATH_MAX]; size_t len; int fd, ret; @@ -37,11 +35,7 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose) close(fd); /* find the length without signature */ - len = 0; - while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) { - eol = memchr(buf + len, '\n', size - len); - len += eol ? eol - (buf + len) + 1 : size - len; - } + len = parse_signature(buf, size); if (verbose) write_in_full(1, buf, len); diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh index f160af3ccc..3e7baaf89f 100755 --- a/t/t7004-tag.sh +++ b/t/t7004-tag.sh @@ -1030,6 +1030,72 @@ test_expect_success GPG \ test_cmp expect actual ' +# usage with rfc1991 signatures +echo "rfc1991" > gpghome/gpg.conf +get_tag_header rfc1991-signed-tag $commit commit $time >expect +echo "RFC1991 signed tag" >>expect +echo '-----BEGIN PGP MESSAGE-----' >>expect +test_expect_success GPG \ + 'creating a signed tag with rfc1991' ' + git tag -s -m "RFC1991 signed tag" rfc1991-signed-tag $commit && + get_tag_msg rfc1991-signed-tag >actual && + test_cmp expect actual +' + +cat >fakeeditor <<'EOF' +#!/bin/sh +cp "$1" actual +EOF +chmod +x fakeeditor + +test_expect_success GPG \ + 'reediting a signed tag body omits signature' ' + echo "RFC1991 signed tag" >expect && + GIT_EDITOR=./fakeeditor git tag -f -s rfc1991-signed-tag $commit && + test_cmp expect actual +' + +test_expect_success GPG \ + 'verifying rfc1991 signature' ' + git tag -v rfc1991-signed-tag +' + +test_expect_success GPG \ + 'list tag with rfc1991 signature' ' + echo "rfc1991-signed-tag RFC1991 signed tag" >expect && + git tag -l -n1 rfc1991-signed-tag >actual && + test_cmp expect actual && + git tag -l -n2 rfc1991-signed-tag >actual && + test_cmp expect actual && + git tag -l -n999 rfc1991-signed-tag >actual && + test_cmp expect actual +' + +rm -f gpghome/gpg.conf + +test_expect_success GPG \ + 'verifying rfc1991 signature without --rfc1991' ' + git tag -v rfc1991-signed-tag +' + +test_expect_success GPG \ + 'list tag with rfc1991 signature without --rfc1991' ' + echo "rfc1991-signed-tag RFC1991 signed tag" >expect && + git tag -l -n1 rfc1991-signed-tag >actual && + test_cmp expect actual && + git tag -l -n2 rfc1991-signed-tag >actual && + test_cmp expect actual && + git tag -l -n999 rfc1991-signed-tag >actual && + test_cmp expect actual +' + +test_expect_success GPG \ + 'reediting a signed tag body omits signature' ' + echo "RFC1991 signed tag" >expect && + GIT_EDITOR=./fakeeditor git tag -f -s rfc1991-signed-tag $commit && + test_cmp expect actual +' + # try to sign with bad user.signingkey git config user.signingkey BobTheMouse test_expect_success GPG \ diff --git a/tag.c b/tag.c index 28641cf85a..f789744cca 100644 --- a/tag.c +++ b/tag.c @@ -4,6 +4,9 @@ #include "tree.h" #include "blob.h" +#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----" +#define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----" + const char *tag_type = "tag"; struct object *deref_tag(struct object *o, const char *warn, int warnlen) @@ -133,3 +136,15 @@ int parse_tag(struct tag *item) free(data); return ret; } + +size_t parse_signature(const char *buf, unsigned long size) +{ + char *eol; + size_t len = 0; + while (len < size && prefixcmp(buf + len, PGP_SIGNATURE) && + prefixcmp(buf + len, PGP_MESSAGE)) { + eol = memchr(buf + len, '\n', size - len); + len += eol ? eol - (buf + len) + 1 : size - len; + } + return len; +} diff --git a/tag.h b/tag.h index 47662724a6..8522370039 100644 --- a/tag.h +++ b/tag.h @@ -16,5 +16,6 @@ extern struct tag *lookup_tag(const unsigned char *sha1); extern int parse_tag_buffer(struct tag *item, void *data, unsigned long size); extern int parse_tag(struct tag *item); extern struct object *deref_tag(struct object *, const char *, int); +extern size_t parse_signature(const char *buf, unsigned long size); #endif /* TAG_H */