From f59b61dc4d0bb4e5e3bc8c48894ad346ece8cdbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Wed, 23 Dec 2020 02:35:46 +0100 Subject: [PATCH 01/23] mktag doc: say not MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change the "mktag" documentation to refer to the input hash as just "hash", not "sha1". This command has supported SHA-256 for a while now. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- Documentation/git-mktag.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/git-mktag.txt b/Documentation/git-mktag.txt index fa6a756123..a158428eb9 100644 --- a/Documentation/git-mktag.txt +++ b/Documentation/git-mktag.txt @@ -23,7 +23,7 @@ Tag Format A tag signature file, to be fed to this command's standard input, has a very simple fixed format: four lines of - object + object type tag tagger From 9ce0fc33118892a22841f474ed239b512346c83a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Wed, 23 Dec 2020 02:35:47 +0100 Subject: [PATCH 02/23] mktag doc: grammar fix, when exists -> when it exists MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Amend the wording of documentation added in 6cfec03680 (mktag: minimally update the description., 2007-06-10). It makes more sense to say "when it exists" here, as we're referring to "the message". Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- Documentation/git-mktag.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Documentation/git-mktag.txt b/Documentation/git-mktag.txt index a158428eb9..1b0667e372 100644 --- a/Documentation/git-mktag.txt +++ b/Documentation/git-mktag.txt @@ -29,7 +29,7 @@ has a very simple fixed format: four lines of tagger followed by some 'optional' free-form message (some tags created -by older Git may not have `tagger` line). The message, when +by older Git may not have `tagger` line). The message, when it exists, is separated by a blank line from the header. The message part may contain a signature that Git itself doesn't care about, but that can be verified with gpg. From 18430ed363f469d5fe6e143857b7fe72aca807ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:32 +0100 Subject: [PATCH 03/23] mktag doc: update to explain why to use this MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change the mktag documentation to compare itself to the similar "hash-object -t tag" command. Before this someone reading the documentation wouldn't have much of an idea what the difference was. Let's allude to our own validation logic, and cross-link the "mktag" and "hash-object" documentation to aid discover-ability. A follow-up change to migrate "mktag" to use "fsck" validation will make the part about validation logic clearer. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- Documentation/git-mktag.txt | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/Documentation/git-mktag.txt b/Documentation/git-mktag.txt index 1b0667e372..20af1915e9 100644 --- a/Documentation/git-mktag.txt +++ b/Documentation/git-mktag.txt @@ -3,7 +3,7 @@ git-mktag(1) NAME ---- -git-mktag - Creates a tag object +git-mktag - Creates a tag object with extra validation SYNOPSIS @@ -13,10 +13,19 @@ SYNOPSIS DESCRIPTION ----------- -Reads a tag contents on standard input and creates a tag object -that can also be used to sign other objects. -The output is the new tag's identifier. +Reads a tag contents on standard input and creates a tag object. The +output is the new tag's identifier. + +This command is mostly equivalent to linkgit:git-hash-object[1] +invoked with `-t tag -w --stdin`. I.e. both of these will create and +write a tag found in `my-tag`: + + git mktag Date: Tue, 5 Jan 2021 20:42:33 +0100 Subject: [PATCH 04/23] mktag tests: don't needlessly use a subshell MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The use of a subshell dates back to e9b20943b77 (t/t3800: do not use a temporary file to hold expected result., 2008-01-04). It's not needed anymore, if it ever was. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- t/t3800-mktag.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index d696aa4e52..0e411e3c45 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -14,7 +14,7 @@ test_description='git mktag: tag object verify test' check_verify_failure () { expect="$2" test_expect_success "$1" ' - ( test_must_fail git mktag message ) && + test_must_fail git mktag message && grep "$expect" message ' } From b5ca549c932a2818869dba7cc7c60a8ec5946a8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:34 +0100 Subject: [PATCH 05/23] mktag tests: use "test_commit" helper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace ad-hoc setup of a single commit in the "mktag" tests with our standard helper pattern. The old setup dated back to 446c6faec69 (New tests and en-passant modifications to mktag., 2006-07-29) before the helper existed. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- t/t3800-mktag.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index 0e411e3c45..dd21a1247a 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -23,9 +23,7 @@ check_verify_failure () { # first create a commit, so we have a valid object/type # for the tag. test_expect_success 'setup' ' - echo Hello >A && - git update-index --add A && - git commit -m "Initial commit" && + test_commit A && head=$(git rev-parse --verify HEAD) ' From 0d35ccb5e07662ed95775ed2e59eec4026f67931 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:35 +0100 Subject: [PATCH 06/23] mktag tests: remove needless SHA-1 hardcoding MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change the tests amended in acb49d1cc8b (t3800: make hash-size independent, 2019-08-18) even more to make them independent of either SHA-1 or SHA-256. Some of these tests were failing for the wrong reasons. The first one being modified here would fail because the line starts with "xxxxxx" instead of "object", the rest of the line doesn't matter. Let's just put a valid hash on the rest of the line anyway to narrow the test down for just the s/object/xxxxxx/ case. The second one being modified here would fail under GIT_TEST_DEFAULT_HASH=sha256 because is an invalid SHA-256, but we should really be testing when under SHA-256. This doesn't really matter since we should be able to trust other parts of the code to validate things in the 0-9a-f range, but let's keep it for good measure. There's a later test which tests an invalid SHA which looks like a valid one, to stress the "We refuse to tag something we can't verify[...]" logic in mktag.c. But here we're testing for a SHA-length string which contains characters outside of the /[0-9a-f]/i set. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- t/t3800-mktag.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index dd21a1247a..e1a2892f58 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -41,7 +41,7 @@ check_verify_failure 'Tag object length check' \ # 2. object line label check cat >tag.sig < 0 +0000 @@ -51,10 +51,10 @@ EOF check_verify_failure '"object" line label check' '^error: char0: .*"object "$' ############################################################ -# 3. object line SHA1 check +# 3. object line hash check cat >tag.sig < 0 +0000 From 317c1762798f9e1ee0cb8096a2071561a8bb1fdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:36 +0100 Subject: [PATCH 07/23] mktag tests: don't redirect stderr to a file needlessly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove the redirection of stderr to "message" in the valid tag test. This pattern seems to have been copy/pasted from the failure case in 446c6faec6 (New tests and en-passant modifications to mktag., 2006-07-29). While I'm at it do the same for the "replace" tests. The tag creation I'm changing here seems to have been copy/pasted from the "mktag" tests to those tests in cc400f50112 (mktag: call "check_sha1_signature" with the replacement sha1, 2009-01-23). Nobody examines the contents of the resulting "message" file, so the net result is that error messages cannot be seen in "sh t3800-mktag.sh -v" output. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- t/t3800-mktag.sh | 4 ++-- t/t6050-replace.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index e1a2892f58..c542c3e1a8 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -222,7 +222,7 @@ EOF test_expect_success \ 'allow empty tag email' \ - 'git mktag .git/refs/tags/mytag 2>message' + 'git mktag .git/refs/tags/mytag' ############################################################ # 16. disallow spaces in tag email @@ -350,7 +350,7 @@ EOF test_expect_success \ 'create valid tag' \ - 'git mktag .git/refs/tags/mytag 2>message' + 'git mktag .git/refs/tags/mytag' ############################################################ # 25. check mytag diff --git a/t/t6050-replace.sh b/t/t6050-replace.sh index c80dc10b8f..0dbe086118 100755 --- a/t/t6050-replace.sh +++ b/t/t6050-replace.sh @@ -129,7 +129,7 @@ tagger T A Gger <> 0 +0000 EOF test_expect_success 'tag replaced commit' ' - git mktag .git/refs/tags/mytag 2>message + git mktag .git/refs/tags/mytag ' test_expect_success '"git fsck" works' ' From 5c2303e0c7a981528dae68d4979d3bfdc2526276 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:37 +0100 Subject: [PATCH 08/23] mktag tests: don't create "mytag" twice MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change a test added in e0aaf781f6 (mktag.c: improve verification of tagger field and tests, 2008-03-27) to not create "mytag", which should only be created and verified at the end in an earlier test added in 446c6faec6 (New tests and en-passant modifications to mktag., 2006-07-29). While we're at it let's prevent a similar logic error from creeping into the test by asserting that "mytag" doesn't exist before we create it. Let's do this by moving the test to use "update-ref", instead of our own homebrew ad-hoc refstore update. We're not really testing for anything yet by creating the tag at the end here. A subsequent commit will change that. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- t/t3800-mktag.sh | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index c542c3e1a8..bb300d567d 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -222,7 +222,7 @@ EOF test_expect_success \ 'allow empty tag email' \ - 'git mktag .git/refs/tags/mytag' + 'git mktag 1206478233 -0500 EOF -test_expect_success \ - 'create valid tag' \ - 'git mktag .git/refs/tags/mytag' - -############################################################ -# 25. check mytag - -test_expect_success \ - 'check mytag' \ - 'git tag -l | grep mytag' - +test_expect_success 'create valid tag' ' + git mktag hash && + git update-ref refs/tags/mytag $(cat hash) $(test_oid zero) +' test_done From 3b9e4dd3a3be6d39bece6a9272640be3b5a817d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:38 +0100 Subject: [PATCH 09/23] mktag tests: run "fsck" after creating "mytag" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change the last test in the file to run an "fsck --strict" after creating the tag at the end. We're just doing this for good measure to check that fsck behaves as expected now that there's finally a reference for our valid tag. Other tests going to be checking this elsewhere, but it's nice to cover all the edge cases in this test to make it as self-contained as possible. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- t/t3800-mktag.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index bb300d567d..048000cda9 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -350,7 +350,8 @@ EOF test_expect_success 'create valid tag' ' git mktag hash && - git update-ref refs/tags/mytag $(cat hash) $(test_oid zero) + git update-ref refs/tags/mytag $(cat hash) $(test_oid zero) && + git fsck --strict ' test_done From 47c95e77d158e4660dab25b9fdd6f4d70013b430 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:39 +0100 Subject: [PATCH 10/23] mktag tests: stress test whitespace handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add tests for a couple of whitespace edge cases around the header/body boundary. I consider the requirement for a blank line before the empty body a bug, it's a long-standing regression which goes against the command's documented behavior. This bug will be addressed in a follow-up change. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- t/t3800-mktag.sh | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index 048000cda9..661b62f091 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -337,6 +337,42 @@ EOF check_verify_failure 'detect invalid header entry' \ '^error: char.*: trailing garbage in tag header$' +cat >tag.sig < 1206478233 -0500 + + +this line comes after an extra newline +EOF + +test_expect_success 'allow extra newlines at start of body' ' + git mktag tag.sig < 1206478233 -0500 + +EOF + +test_expect_success 'require a blank line before an empty body (1)' ' + git mktag tag.sig < 1206478233 -0500 +EOF + +check_verify_failure 'require a blank line before an empty body (2)' \ + '^error: char.*: trailing garbage in tag header$' + ############################################################ # 24. create valid tag From ca9a1ed969f09c8b6efc3e1d925ac1bda7370886 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:40 +0100 Subject: [PATCH 11/23] mktag tests: test "hash-object" compatibility MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change all the successful "mktag" tests to test that "hash-object" produces the same hash for the input, and that fsck passes for both. This tests e.g. that "mktag" doesn't trim its input or otherwise munge it in a way that "hash-object" doesn't. Since we're doing an "fsck --strict" here at the end let's incorporate the creation of the "mytag" name into this test, removing the special-case at the end of the file. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- t/t3800-mktag.sh | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index 661b62f091..c1008361a5 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -19,6 +19,19 @@ check_verify_failure () { ' } +test_expect_mktag_success() { + test_expect_success "$1" ' + git hash-object -t tag -w --stdin expected && + git fsck --strict && + + git mktag hash && + test_cmp expected hash && + test_when_finished "git update-ref -d refs/tags/mytag $(cat hash)" && + git update-ref refs/tags/mytag $(cat hash) $(test_oid zero) && + git fsck --strict + ' +} + ########################################################### # first create a commit, so we have a valid object/type # for the tag. @@ -220,9 +233,7 @@ tagger T A Gger <> 0 +0000 EOF -test_expect_success \ - 'allow empty tag email' \ - 'git mktag 1206478233 -0500 this line comes after an extra newline EOF -test_expect_success 'allow extra newlines at start of body' ' - git mktag tag.sig < 1206478233 -0500 EOF -test_expect_success 'require a blank line before an empty body (1)' ' - git mktag tag.sig < 1206478233 -0500 EOF -test_expect_success 'create valid tag' ' - git mktag hash && - git update-ref refs/tags/mytag $(cat hash) $(test_oid zero) && - git fsck --strict -' +test_expect_mktag_success 'create valid tag object' test_done From 30f882c16d64e9859d823db16ae7c5157f09397b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:41 +0100 Subject: [PATCH 12/23] mktag tests: improve verify_object() test coverage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The verify_object() function in "mktag.c" is tasked with ensuring that our tag refers to a valid object. The existing test for this might fail because it was also testing that "type taggg" didn't refer to a valid object type (it should be "type tag"), or because we referred to a valid object but got the type wrong. Let's split these tests up, so we're testing all combinations of a non-existing object and in invalid/wrong "type" lines. We need to provide GIT_TEST_GETTEXT_POISON=false here because the "invalid object type" error is emitted by parse_loose_header_extended(), which has that message already marked for translation. Another option would be to use test_i18ngrep, but I prefer always running the test, not skipping it under gettext poison testing. I'm not testing this in combination with "git replace". That'll be done in a subsequent commit. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- t/t3800-mktag.sh | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index c1008361a5..1cc382dc8b 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -14,7 +14,8 @@ test_description='git mktag: tag object verify test' check_verify_failure () { expect="$2" test_expect_success "$1" ' - test_must_fail git mktag message && + test_must_fail env GIT_TEST_GETTEXT_POISON=false \ + git mktag message && grep "$expect" message ' } @@ -136,7 +137,29 @@ check_verify_failure '"type" line type-name length check' \ '^error: char.*: type too long$' ############################################################ -# 9. verify object (SHA1/type) check +# 9. verify object (hash/type) check + +cat >tag.sig < 0 +0000 + +EOF + +check_verify_failure 'verify object (hash/type) check -- correct type, nonexisting object' \ + '^error: char7: could not verify object.*$' + +cat >tag.sig < 0 +0000 + +EOF + +check_verify_failure 'verify object (hash/type) check -- made-up type, valid object' \ + '^fatal: invalid object type' cat >tag.sig < 0 +0000 EOF -check_verify_failure 'verify object (SHA1/type) check' \ +check_verify_failure 'verify object (hash/type) check -- made-up type, nonexisting object' \ '^error: char7: could not verify object.*$' +cat >tag.sig < 0 +0000 + +EOF + +check_verify_failure 'verify object (hash/type) check -- mismatched type, valid object' \ + '^error: char7: could not verify object' + ############################################################ # 10. verify tag-name check From 692654dca01dda9951a81de4ecfa958b61b8bc5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:42 +0100 Subject: [PATCH 13/23] mktag tests: test verify_object() with replaced objects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add tests to demonstrate what "mktag" does in the face of replaced objects. There was an existing test for replaced objects fed to "mktag" added in cc400f50112 (mktag: call "check_sha1_signature" with the replacement sha1, 2009-01-23), but that one only tests a commit->commit mapping. Not a mapping to a different type as like we're also testing for here. We could remove the "mktag" test in t6050-replace.sh now if the created tag wasn't being used by a subsequent "fsck" test. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- t/t3800-mktag.sh | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index 1cc382dc8b..8bf0e88115 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -38,7 +38,11 @@ test_expect_mktag_success() { # for the tag. test_expect_success 'setup' ' test_commit A && - head=$(git rev-parse --verify HEAD) + test_commit B && + head=$(git rev-parse --verify HEAD) && + head_parent=$(git rev-parse --verify HEAD~) && + tree=$(git rev-parse HEAD^{tree}) && + blob=$(git rev-parse --verify HEAD:B.t) ' ############################################################ @@ -180,6 +184,35 @@ tagger . <> 0 +0000 EOF +check_verify_failure 'verify object (hash/type) check -- mismatched type, valid object' \ + '^error: char7: could not verify object' + +############################################################ +# 9.5. verify object (hash/type) check -- replacement + +test_expect_success 'setup replacement of commit -> commit and tree -> blob' ' + git replace $head_parent $head && + git replace -f $tree $blob +' + +cat >tag.sig < 0 +0000 + +EOF + +test_expect_mktag_success 'tag to a commit replaced by another commit' + +cat >tag.sig < 0 +0000 + +EOF + check_verify_failure 'verify object (hash/type) check -- mismatched type, valid object' \ '^error: char7: could not verify object' From 0c439117bbc8f51b9c13b323ea7a9f76892a433d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:43 +0100 Subject: [PATCH 14/23] mktag: use default strbuf_read() hint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change the hardcoded hint of 2^12 to 0. The default strbuf hint is perfectly fine here, and the only reason we were hardcoding it is because it survived migration from a pre-strbuf fixed-sized buffer. See fd17f5b5f77 (Replace all read_fd use with strbuf_read, and get rid of it., 2007-09-10) for that migration. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- builtin/mktag.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/mktag.c b/builtin/mktag.c index 4982d3a93e..ff7ac8e0e5 100644 --- a/builtin/mktag.c +++ b/builtin/mktag.c @@ -161,7 +161,7 @@ int cmd_mktag(int argc, const char **argv, const char *prefix) if (argc != 1) usage("git mktag"); - if (strbuf_read(&buf, 0, 4096) < 0) { + if (strbuf_read(&buf, 0, 0) < 0) { die_errno("could not read from stdin"); } From dfe39487284af223737c58dd830261c2995f4fba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:44 +0100 Subject: [PATCH 15/23] mktag: remove redundant braces in one-line body "if" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This minor stylistic churn is usually something we'd avoid, but if we don't do this then the file after changes in subsequent commits will only have this minor style inconsistency, so let's change this while we're at it. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- builtin/mktag.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/builtin/mktag.c b/builtin/mktag.c index ff7ac8e0e5..97ca5f28b1 100644 --- a/builtin/mktag.c +++ b/builtin/mktag.c @@ -161,9 +161,8 @@ int cmd_mktag(int argc, const char **argv, const char *prefix) if (argc != 1) usage("git mktag"); - if (strbuf_read(&buf, 0, 0) < 0) { + if (strbuf_read(&buf, 0, 0) < 0) die_errno("could not read from stdin"); - } /* Verify it for some basic sanity: it needs to start with "object \ntype\ntagger " */ From 40ef015a2711ef603ab712e0a6882e24e980ef6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:45 +0100 Subject: [PATCH 16/23] mktag: use puts(str) instead of printf("%s\n", str) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This introduces no functional change, but refactors the print-out of the hash at the end to do the same thing with less code. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- builtin/mktag.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builtin/mktag.c b/builtin/mktag.c index 97ca5f28b1..d89a3c201d 100644 --- a/builtin/mktag.c +++ b/builtin/mktag.c @@ -173,6 +173,6 @@ int cmd_mktag(int argc, const char **argv, const char *prefix) die("unable to write tag file"); strbuf_release(&buf); - printf("%s\n", oid_to_hex(&result)); + puts(oid_to_hex(&result)); return 0; } From acf9de4c94e0de260f962dc04cc4f9007cedbf1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:46 +0100 Subject: [PATCH 17/23] mktag: use fsck instead of custom verify_tag() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change the validation logic in "mktag" to use fsck's fsck_tag() instead of its own custom parser. Curiously the logic for both dates back to the same commit[1]. Let's unify them so we're not maintaining two sets functions to verify that a tag is OK. The behavior of fsck_tag() and the old "mktag" code being removed here is different in few aspects. I think it makes sense to remove some of those checks, namely: A. fsck only cares that the timezone matches [-+][0-9]{4}. The mktag code disallowed values larger than 1400. Yes there's currently no timezone with a greater offset[2], but since we allow any number of non-offical timezones (e.g. +1234) passing this through seems fine. Git also won't break in the future if e.g. French Polynesia decides it needs to outdo the Line Islands when it comes to timezone extravagance. B. fsck allows missing author names such as "tagger ", mktag wouldn't, but would allow e.g. "tagger [2 spaces] " (but not "tagger [1 space] "). Now we allow all of these. C. Like B, but "mktag" disallowed spaces in the part, fsck allows it. In some ways fsck_tag() is stricter than "mktag" was, namely: D. fsck disallows zero-padded dates, but mktag didn't care. So e.g. the timestamp "0000000000 +0000" produces an error now. A test in "t1006-cat-file.sh" relied on this, it's been changed to use "hash-object" (without fsck) instead. There was one check I deemed worth keeping by porting it over to fsck_tag(): E. "mktag" did not allow any custom headers, and by extension (as an empty commit is allowed) also forbade an extra stray trailing newline after the headers it knew about. Add a new check in the "ignore" category to fsck and use it. This somewhat abuses the facility added in efaba7cc77f (fsck: optionally ignore specific fsck issues completely, 2015-06-22). This is somewhat of hack, but probably the least invasive change we can make here. The fsck command will shuffle these categories around, e.g. under --strict the "info" becomes a "warn" and "warn" becomes "error". Existing users of fsck's (and others, e.g. index-pack) --strict option rely on this. So we need to put something into a category that'll be ignored by all existing users of the API. Pretending that fsck.extraHeaderEntry=error ("ignore" by default) was set serves to do this for us. 1. ec4465adb38 (Add "tag" objects that can be used to sign other objects., 2005-04-25) 2. https://en.wikipedia.org/wiki/List_of_UTC_time_offsets Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- Documentation/git-mktag.txt | 9 +- builtin/mktag.c | 192 +++++++++--------------------------- fsck.c | 32 +++++- fsck.h | 9 ++ t/t1006-cat-file.sh | 2 +- t/t3800-mktag.sh | 63 ++++++------ 6 files changed, 125 insertions(+), 182 deletions(-) diff --git a/Documentation/git-mktag.txt b/Documentation/git-mktag.txt index 20af1915e9..fa070e21a0 100644 --- a/Documentation/git-mktag.txt +++ b/Documentation/git-mktag.txt @@ -25,7 +25,14 @@ write a tag found in `my-tag`: git hash-object -t tag -w --stdin ` messages are promoted +from warnings to errors (so e.g. a missing "tagger" line is an error). + +Extra headers in the object are also an error under mktag, but ignored +by linkgit:git-fsck[1] Tag Format ---------- diff --git a/builtin/mktag.c b/builtin/mktag.c index d89a3c201d..4dd35bc79e 100644 --- a/builtin/mktag.c +++ b/builtin/mktag.c @@ -2,160 +2,60 @@ #include "tag.h" #include "replace-object.h" #include "object-store.h" +#include "fsck.h" -/* - * A signature file has a very simple fixed format: four lines - * of "object " + "type " + "tag " + - * "tagger ", followed by a blank line, a free-form tag - * message and a signature block that git itself doesn't care about, - * but that can be verified with gpg or similar. - * - * The first four lines are guaranteed to be at least 83 bytes: - * "object \n" is 48 bytes, "type tag\n" at 9 bytes is the - * shortest possible type-line, "tag .\n" at 6 bytes is the shortest - * single-character-tag line, and "tagger . <> 0 +0000\n" at 20 bytes is - * the shortest possible tagger-line. - */ - -/* - * We refuse to tag something we can't verify. Just because. - */ -static int verify_object(const struct object_id *oid, const char *expected_type) +static int mktag_fsck_error_func(struct fsck_options *o, + const struct object_id *oid, + enum object_type object_type, + int msg_type, const char *message) { - int ret = -1; - enum object_type type; - unsigned long size; - void *buffer = read_object_file(oid, &type, &size); - const struct object_id *repl = lookup_replace_object(the_repository, oid); - - if (buffer) { - if (type == type_from_string(expected_type)) { - ret = check_object_signature(the_repository, repl, - buffer, size, - expected_type); - } - free(buffer); + switch (msg_type) { + case FSCK_WARN: + case FSCK_ERROR: + /* + * We treat both warnings and errors as errors, things + * like missing "tagger" lines are "only" warnings + * under fsck, we've always considered them an error. + */ + fprintf_ln(stderr, "error: tag input does not pass fsck: %s", message); + return 1; + default: + BUG("%d (FSCK_IGNORE?) should never trigger this callback", + msg_type); } - return ret; } -static int verify_tag(char *buffer, unsigned long size) +static int verify_object_in_tag(struct object_id *tagged_oid, int *tagged_type) { - int typelen; - char type[20]; - struct object_id oid; - const char *object, *type_line, *tag_line, *tagger_line, *lb, *rb, *p; - size_t len; + int ret; + enum object_type type; + unsigned long size; + void *buffer; + const struct object_id *repl; - if (size < 84) - return error("wanna fool me ? you obviously got the size wrong !"); + buffer = read_object_file(tagged_oid, &type, &size); + if (!buffer) + die("could not read tagged object '%s'", + oid_to_hex(tagged_oid)); + if (type != *tagged_type) + die("object '%s' tagged as '%s', but is a '%s' type", + oid_to_hex(tagged_oid), + type_name(*tagged_type), type_name(type)); - buffer[size] = 0; + repl = lookup_replace_object(the_repository, tagged_oid); + ret = check_object_signature(the_repository, repl, + buffer, size, type_name(*tagged_type)); + free(buffer); - /* Verify object line */ - object = buffer; - if (memcmp(object, "object ", 7)) - return error("char%d: does not start with \"object \"", 0); - - if (parse_oid_hex(object + 7, &oid, &p)) - return error("char%d: could not get SHA1 hash", 7); - - /* Verify type line */ - type_line = p + 1; - if (memcmp(type_line - 1, "\ntype ", 6)) - return error("char%d: could not find \"\\ntype \"", 47); - - /* Verify tag-line */ - tag_line = strchr(type_line, '\n'); - if (!tag_line) - return error("char%"PRIuMAX": could not find next \"\\n\"", - (uintmax_t) (type_line - buffer)); - tag_line++; - if (memcmp(tag_line, "tag ", 4) || tag_line[4] == '\n') - return error("char%"PRIuMAX": no \"tag \" found", - (uintmax_t) (tag_line - buffer)); - - /* Get the actual type */ - typelen = tag_line - type_line - strlen("type \n"); - if (typelen >= sizeof(type)) - return error("char%"PRIuMAX": type too long", - (uintmax_t) (type_line+5 - buffer)); - - memcpy(type, type_line+5, typelen); - type[typelen] = 0; - - /* Verify that the object matches */ - if (verify_object(&oid, type)) - return error("char%d: could not verify object %s", 7, oid_to_hex(&oid)); - - /* Verify the tag-name: we don't allow control characters or spaces in it */ - tag_line += 4; - for (;;) { - unsigned char c = *tag_line++; - if (c == '\n') - break; - if (c > ' ') - continue; - return error("char%"PRIuMAX": could not verify tag name", - (uintmax_t) (tag_line - buffer)); - } - - /* Verify the tagger line */ - tagger_line = tag_line; - - if (memcmp(tagger_line, "tagger ", 7)) - return error("char%"PRIuMAX": could not find \"tagger \"", - (uintmax_t) (tagger_line - buffer)); - - /* - * Check for correct form for name and email - * i.e. " <" followed by "> " on _this_ line - * No angle brackets within the name or email address fields. - * No spaces within the email address field. - */ - tagger_line += 7; - if (!(lb = strstr(tagger_line, " <")) || !(rb = strstr(lb+2, "> ")) || - strpbrk(tagger_line, "<>\n") != lb+1 || - strpbrk(lb+2, "><\n ") != rb) - return error("char%"PRIuMAX": malformed tagger field", - (uintmax_t) (tagger_line - buffer)); - - /* Check for author name, at least one character, space is acceptable */ - if (lb == tagger_line) - return error("char%"PRIuMAX": missing tagger name", - (uintmax_t) (tagger_line - buffer)); - - /* timestamp, 1 or more digits followed by space */ - tagger_line = rb + 2; - if (!(len = strspn(tagger_line, "0123456789"))) - return error("char%"PRIuMAX": missing tag timestamp", - (uintmax_t) (tagger_line - buffer)); - tagger_line += len; - if (*tagger_line != ' ') - return error("char%"PRIuMAX": malformed tag timestamp", - (uintmax_t) (tagger_line - buffer)); - tagger_line++; - - /* timezone, 5 digits [+-]hhmm, max. 1400 */ - if (!((tagger_line[0] == '+' || tagger_line[0] == '-') && - strspn(tagger_line+1, "0123456789") == 4 && - tagger_line[5] == '\n' && atoi(tagger_line+1) <= 1400)) - return error("char%"PRIuMAX": malformed tag timezone", - (uintmax_t) (tagger_line - buffer)); - tagger_line += 6; - - /* Verify the blank line separating the header from the body */ - if (*tagger_line != '\n') - return error("char%"PRIuMAX": trailing garbage in tag header", - (uintmax_t) (tagger_line - buffer)); - - /* The actual stuff afterwards we don't care about.. */ - return 0; + return ret; } int cmd_mktag(int argc, const char **argv, const char *prefix) { struct strbuf buf = STRBUF_INIT; + struct fsck_options fsck_options = FSCK_OPTIONS_STRICT; + struct object_id tagged_oid; + int tagged_type; struct object_id result; if (argc != 1) @@ -164,10 +64,14 @@ int cmd_mktag(int argc, const char **argv, const char *prefix) if (strbuf_read(&buf, 0, 0) < 0) die_errno("could not read from stdin"); - /* Verify it for some basic sanity: it needs to start with - "object \ntype\ntagger " */ - if (verify_tag(buf.buf, buf.len) < 0) - die("invalid tag signature file"); + fsck_options.error_func = mktag_fsck_error_func; + fsck_set_msg_type(&fsck_options, "extraheaderentry", "warn"); + if (fsck_tag_standalone(NULL, buf.buf, buf.len, &fsck_options, + &tagged_oid, &tagged_type)) + die("tag on stdin did not pass our strict fsck check"); + + if (verify_object_in_tag(&tagged_oid, &tagged_type)) + die("tag on stdin did not refer to a valid object"); if (write_object_file(buf.buf, buf.len, tag_type, &result) < 0) die("unable to write tag file"); diff --git a/fsck.c b/fsck.c index f82e2fe9e3..bed5e20e03 100644 --- a/fsck.c +++ b/fsck.c @@ -80,7 +80,9 @@ static struct oidset gitmodules_done = OIDSET_INIT; /* infos (reported as warnings, but ignored by default) */ \ FUNC(GITMODULES_PARSE, INFO) \ FUNC(BAD_TAG_NAME, INFO) \ - FUNC(MISSING_TAGGER_ENTRY, INFO) + FUNC(MISSING_TAGGER_ENTRY, INFO) \ + /* ignored (elevated when requested) */ \ + FUNC(EXTRA_HEADER_ENTRY, IGNORE) #define MSG_ID(id, msg_type) FSCK_MSG_##id, enum fsck_msg_id { @@ -911,6 +913,16 @@ static int fsck_tag(const struct object_id *oid, const char *buffer, unsigned long size, struct fsck_options *options) { struct object_id tagged_oid; + int tagged_type; + return fsck_tag_standalone(oid, buffer, size, options, &tagged_oid, + &tagged_type); +} + +int fsck_tag_standalone(const struct object_id *oid, const char *buffer, + unsigned long size, struct fsck_options *options, + struct object_id *tagged_oid, + int *tagged_type) +{ int ret = 0; char *eol; struct strbuf sb = STRBUF_INIT; @@ -924,7 +936,7 @@ static int fsck_tag(const struct object_id *oid, const char *buffer, ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_OBJECT, "invalid format - expected 'object' line"); goto done; } - if (parse_oid_hex(buffer, &tagged_oid, &p) || *p != '\n') { + if (parse_oid_hex(buffer, tagged_oid, &p) || *p != '\n') { ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_OBJECT_SHA1, "invalid 'object' line format - bad sha1"); if (ret) goto done; @@ -940,7 +952,8 @@ static int fsck_tag(const struct object_id *oid, const char *buffer, ret = report(options, oid, OBJ_TAG, FSCK_MSG_MISSING_TYPE, "invalid format - unexpected end after 'type' line"); goto done; } - if (type_from_string_gently(buffer, eol - buffer, 1) < 0) + *tagged_type = type_from_string_gently(buffer, eol - buffer, 1); + if (*tagged_type < 0) ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_TYPE, "invalid 'type' value"); if (ret) goto done; @@ -975,6 +988,19 @@ static int fsck_tag(const struct object_id *oid, const char *buffer, else ret = fsck_ident(&buffer, oid, OBJ_TAG, options); + if (!starts_with(buffer, "\n")) { + /* + * The verify_headers() check will allow + * e.g. "[...]tagger \nsome + * garbage\n\nmessage" to pass, thinking "some + * garbage" could be a custom header. E.g. "mktag" + * doesn't want any unknown headers. + */ + ret = report(options, oid, OBJ_TAG, FSCK_MSG_EXTRA_HEADER_ENTRY, "invalid format - extra header(s) after 'tagger'"); + if (ret) + goto done; + } + done: strbuf_release(&sb); return ret; diff --git a/fsck.h b/fsck.h index 69cf715e79..29ee4c45e8 100644 --- a/fsck.h +++ b/fsck.h @@ -62,6 +62,15 @@ int fsck_walk(struct object *obj, void *data, struct fsck_options *options); int fsck_object(struct object *obj, void *data, unsigned long size, struct fsck_options *options); +/* + * fsck a tag, and pass info about it back to the caller. This is + * exposed fsck_object() internals for git-mktag(1). + */ +int fsck_tag_standalone(const struct object_id *oid, const char *buffer, + unsigned long size, struct fsck_options *options, + struct object_id *tagged_oid, + int *tag_type); + /* * Some fsck checks are context-dependent, and may end up queued; run this * after completing all fsck_object() calls in order to resolve any remaining diff --git a/t/t1006-cat-file.sh b/t/t1006-cat-file.sh index 2f501d2dc9..5d2dc99b74 100755 --- a/t/t1006-cat-file.sh +++ b/t/t1006-cat-file.sh @@ -166,7 +166,7 @@ tag_content="$tag_header_without_timestamp 0000000000 +0000 $tag_description" -tag_sha1=$(echo_without_newline "$tag_content" | git mktag) +tag_sha1=$(echo_without_newline "$tag_content" | git hash-object -t tag --stdin -w) tag_size=$(strlen "$tag_content") run_tests 'tag' $tag_sha1 $tag_size "$tag_content" "$tag_content" 1 diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index 8bf0e88115..5e96f69e69 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -53,7 +53,7 @@ too short for a tag EOF check_verify_failure 'Tag object length check' \ - '^error: .*size wrong.*$' + '^error:.* missingObject:' ############################################################ # 2. object line label check @@ -66,7 +66,7 @@ tagger . <> 0 +0000 EOF -check_verify_failure '"object" line label check' '^error: char0: .*"object "$' +check_verify_failure '"object" line label check' '^error:.* missingObject:' ############################################################ # 3. object line hash check @@ -79,7 +79,7 @@ tagger . <> 0 +0000 EOF -check_verify_failure '"object" line SHA1 check' '^error: char7: .*SHA1 hash$' +check_verify_failure '"object" line check' '^error:.* badObjectSha1:' ############################################################ # 4. type line label check @@ -92,7 +92,7 @@ tagger . <> 0 +0000 EOF -check_verify_failure '"type" line label check' '^error: char.*: .*"\\ntype "$' +check_verify_failure '"type" line label check' '^error:.* missingTypeEntry:' ############################################################ # 5. type line eol check @@ -100,7 +100,7 @@ check_verify_failure '"type" line label check' '^error: char.*: .*"\\ntype "$' echo "object $head" >tag.sig printf "type tagsssssssssssssssssssssssssssssss" >>tag.sig -check_verify_failure '"type" line eol check' '^error: char.*: .*"\\n"$' +check_verify_failure '"type" line eol check' '^error:.* unterminatedHeader:' ############################################################ # 6. tag line label check #1 @@ -114,7 +114,7 @@ tagger . <> 0 +0000 EOF check_verify_failure '"tag" line label check #1' \ - '^error: char.*: no "tag " found$' + '^error:.* missingTagEntry:' ############################################################ # 7. tag line label check #2 @@ -126,7 +126,7 @@ tag EOF check_verify_failure '"tag" line label check #2' \ - '^error: char.*: no "tag " found$' + '^error:.* badType:' ############################################################ # 8. type line type-name length check @@ -138,7 +138,7 @@ tag mytag EOF check_verify_failure '"type" line type-name length check' \ - '^error: char.*: type too long$' + '^error:.* badType:' ############################################################ # 9. verify object (hash/type) check @@ -152,7 +152,7 @@ tagger . <> 0 +0000 EOF check_verify_failure 'verify object (hash/type) check -- correct type, nonexisting object' \ - '^error: char7: could not verify object.*$' + '^fatal: could not read tagged object' cat >tag.sig < 0 +0000 EOF check_verify_failure 'verify object (hash/type) check -- made-up type, valid object' \ - '^fatal: invalid object type' + '^error:.* badType:' cat >tag.sig < 0 +0000 EOF check_verify_failure 'verify object (hash/type) check -- made-up type, nonexisting object' \ - '^error: char7: could not verify object.*$' + '^error:.* badType:' cat >tag.sig < 0 +0000 EOF check_verify_failure 'verify object (hash/type) check -- mismatched type, valid object' \ - '^error: char7: could not verify object' + '^fatal: object.*tagged as.*tree.*but is.*commit' ############################################################ # 9.5. verify object (hash/type) check -- replacement @@ -214,7 +214,7 @@ tagger . <> 0 +0000 EOF check_verify_failure 'verify object (hash/type) check -- mismatched type, valid object' \ - '^error: char7: could not verify object' + '^fatal: object.*tagged as.*tree.*but is.*blob' ############################################################ # 10. verify tag-name check @@ -228,7 +228,7 @@ tagger . <> 0 +0000 EOF check_verify_failure 'verify tag-name check' \ - '^error: char.*: could not verify tag name$' + '^error:.* badTagName:' ############################################################ # 11. tagger line label check #1 @@ -242,7 +242,7 @@ This is filler EOF check_verify_failure '"tagger" line label check #1' \ - '^error: char.*: could not find "tagger "$' + '^error:.* missingTaggerEntry:' ############################################################ # 12. tagger line label check #2 @@ -257,10 +257,10 @@ This is filler EOF check_verify_failure '"tagger" line label check #2' \ - '^error: char.*: could not find "tagger "$' + '^error:.* missingTaggerEntry:' ############################################################ -# 13. disallow missing tag author name +# 13. allow missing tag author name like fsck cat >tag.sig < 0 +0000 This is filler EOF -check_verify_failure 'disallow missing tag author name' \ - '^error: char.*: missing tagger name$' +test_expect_mktag_success 'allow missing tag author name' ############################################################ # 14. disallow missing tag author name @@ -287,7 +286,7 @@ tagger T A Gger < EOF check_verify_failure 'disallow malformed tagger' \ - '^error: char.*: malformed tagger field$' + '^error:.* badEmail:' ############################################################ # 15. allow empty tag email @@ -303,7 +302,7 @@ EOF test_expect_mktag_success 'allow empty tag email' ############################################################ -# 16. disallow spaces in tag email +# 16. allow spaces in tag email like fsck cat >tag.sig < 0 +0000 EOF -check_verify_failure 'disallow spaces in tag email' \ - '^error: char.*: malformed tagger field$' +test_expect_mktag_success 'allow spaces in tag email like fsck' ############################################################ # 17. disallow missing tag timestamp @@ -328,7 +326,7 @@ tagger T A Gger __ EOF check_verify_failure 'disallow missing tag timestamp' \ - '^error: char.*: missing tag timestamp$' + '^error:.* badDate:' ############################################################ # 18. detect invalid tag timestamp1 @@ -342,7 +340,7 @@ tagger T A Gger Tue Mar 25 15:47:44 2008 EOF check_verify_failure 'detect invalid tag timestamp1' \ - '^error: char.*: missing tag timestamp$' + '^error:.* badDate:' ############################################################ # 19. detect invalid tag timestamp2 @@ -356,7 +354,7 @@ tagger T A Gger 2008-03-31T12:20:15-0500 EOF check_verify_failure 'detect invalid tag timestamp2' \ - '^error: char.*: malformed tag timestamp$' + '^error:.* badDate:' ############################################################ # 20. detect invalid tag timezone1 @@ -370,7 +368,7 @@ tagger T A Gger 1206478233 GMT EOF check_verify_failure 'detect invalid tag timezone1' \ - '^error: char.*: malformed tag timezone$' + '^error:.* badTimezone:' ############################################################ # 21. detect invalid tag timezone2 @@ -384,10 +382,10 @@ tagger T A Gger 1206478233 + 30 EOF check_verify_failure 'detect invalid tag timezone2' \ - '^error: char.*: malformed tag timezone$' + '^error:.* badTimezone:' ############################################################ -# 22. detect invalid tag timezone3 +# 22. allow invalid tag timezone3 (the maximum is -1200/+1400) cat >tag.sig < 1206478233 -1430 EOF -check_verify_failure 'detect invalid tag timezone3' \ - '^error: char.*: malformed tag timezone$' +test_expect_mktag_success 'allow invalid tag timezone' ############################################################ # 23. detect invalid header entry @@ -413,7 +410,7 @@ this line should not be here EOF check_verify_failure 'detect invalid header entry' \ - '^error: char.*: trailing garbage in tag header$' + '^error:.* extraHeaderEntry:' cat >tag.sig < 1206478233 -0500 EOF check_verify_failure 'require a blank line before an empty body (2)' \ - '^error: char.*: trailing garbage in tag header$' + '^error:.* extraHeaderEntry:' ############################################################ # 24. create valid tag From 1f3299fda9d0800d8e882540d36e4d78797e998e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:47 +0100 Subject: [PATCH 18/23] fsck: make fsck_config() re-usable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move the fsck_config() function from builtin/fsck.c to fsck.[ch]. This allows for re-using it in other tools that expose fsck logic and want to support its configuration variables. A logical continuation of this change would be to use a common function for all of {fetch,receive}.fsck.* and fsck.*. See 5d477a334a6 (fsck (receive-pack): allow demoting errors to warnings, 2015-06-22) and my own 1362df0d413 (fetch: implement fetch.fsck.*, 2018-07-27) for the relevant code. However, those routines want to not parse the fsck.skipList into OIDs, but rather pass them along with the --strict option to another process. It would be possible to refactor that whole thing so we support e.g. a "fetch." prefix, then just keep track of the skiplist as a filename instead of parsing it, and learn to spew that all out from our internal structures into something we can append to the --strict option. But instead I'm planning to re-use this in "mktag", which'll just re-use these "fsck.*" variables as-is. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- builtin/fsck.c | 20 +------------------- fsck.c | 24 ++++++++++++++++++++++++ fsck.h | 7 +++++++ 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/builtin/fsck.c b/builtin/fsck.c index fbf26cafcf..821e7798c7 100644 --- a/builtin/fsck.c +++ b/builtin/fsck.c @@ -73,25 +73,7 @@ static const char *printable_type(const struct object_id *oid, static int fsck_config(const char *var, const char *value, void *cb) { - if (strcmp(var, "fsck.skiplist") == 0) { - const char *path; - struct strbuf sb = STRBUF_INIT; - - if (git_config_pathname(&path, var, value)) - return 1; - strbuf_addf(&sb, "skiplist=%s", path); - free((char *)path); - fsck_set_msg_types(&fsck_obj_options, sb.buf); - strbuf_release(&sb); - return 0; - } - - if (skip_prefix(var, "fsck.", &var)) { - fsck_set_msg_type(&fsck_obj_options, var, value); - return 0; - } - - return git_default_config(var, value, cb); + return fsck_config_internal(var, value, cb, &fsck_obj_options); } static int objerror(struct object *obj, const char *err) diff --git a/fsck.c b/fsck.c index bed5e20e03..9c3a5942d2 100644 --- a/fsck.c +++ b/fsck.c @@ -1310,3 +1310,27 @@ int fsck_finish(struct fsck_options *options) oidset_clear(&gitmodules_done); return ret; } + +int fsck_config_internal(const char *var, const char *value, void *cb, + struct fsck_options *options) +{ + if (strcmp(var, "fsck.skiplist") == 0) { + const char *path; + struct strbuf sb = STRBUF_INIT; + + if (git_config_pathname(&path, var, value)) + return 1; + strbuf_addf(&sb, "skiplist=%s", path); + free((char *)path); + fsck_set_msg_types(options, sb.buf); + strbuf_release(&sb); + return 0; + } + + if (skip_prefix(var, "fsck.", &var)) { + fsck_set_msg_type(options, var, value); + return 0; + } + + return git_default_config(var, value, cb); +} diff --git a/fsck.h b/fsck.h index 29ee4c45e8..423c467feb 100644 --- a/fsck.h +++ b/fsck.h @@ -103,4 +103,11 @@ void fsck_put_object_name(struct fsck_options *options, const char *fsck_describe_object(struct fsck_options *options, const struct object_id *oid); +/* + * git_config() callback for use by fsck-y tools that want to support + * fsck. fsck.skipList etc. + */ +int fsck_config_internal(const char *var, const char *value, void *cb, + struct fsck_options *options); + #endif From acfc01332bc477e19b8af6b5002c0b962fde3326 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:48 +0100 Subject: [PATCH 19/23] mktag: allow turning off fsck.extraHeaderEntry MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In earlier commits mktag learned to use the fsck machinery, at which point we needed to add fsck.extraHeaderEntry so it could be as strict about extra headers as it's been ever since it was implemented. But it's not nice to need to switch away from "mktag" to "hash-object" + manual "fsck" just because you'd like to have an extra header. So let's support turning it off by getting "fsck.*" variables from the config. Pedantically speaking it's still not possible to make "mktag" behave just like "hash-object -t tag" does, since we're unconditionally going to check the referenced object in verify_object_in_tag(), which is our own check, and not one that exists in fsck.c. But the spirit of "this works like fsck" is preserved, in that if you created such a tag with "hash-object" and did a full "fsck" on the repository it would also error out about that invalid object, it just wouldn't emit the same message as fsck does. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- Documentation/git-mktag.txt | 5 ++++- builtin/mktag.c | 11 ++++++++++- t/t3800-mktag.sh | 14 ++++++++++++++ 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/Documentation/git-mktag.txt b/Documentation/git-mktag.txt index fa070e21a0..79813ff8df 100644 --- a/Documentation/git-mktag.txt +++ b/Documentation/git-mktag.txt @@ -32,7 +32,10 @@ would run by default in that all `fsck.` messages are promoted from warnings to errors (so e.g. a missing "tagger" line is an error). Extra headers in the object are also an error under mktag, but ignored -by linkgit:git-fsck[1] +by linkgit:git-fsck[1]. This extra check can be turned off by setting +the appropriate `fsck.` varible: + + git -c fsck.extraHeaderEntry=ignore mktag err && + grep "warning .*extraHeaderEntry:" err && + test_must_fail env GIT_TEST_GETTEXT_POISON=false \ + git -c fsck.extraHeaderEntry=error 2>err fsck && + grep "error .* extraHeaderEntry:" err +' + cat >tag.sig < Date: Tue, 5 Jan 2021 20:42:49 +0100 Subject: [PATCH 20/23] mktag: allow omitting the header/body \n separator MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change mktag's acceptance rules to accept an empty body without an empty line after the header again. This fixes an ancient unintended dregression in "mktag". When "mktag" was introduced in ec4465adb3 (Add "tag" objects that can be used to sign other objects., 2005-04-25) the input checks were much looser. When it was documented it 6cfec03680 (mktag: minimally update the description., 2007-06-10) it was clearly intended for this \n to be optional: The message, when [it] exists, is separated by a blank line from the header. But then in e0aaf781f6 (mktag.c: improve verification of tagger field and tests, 2008-03-27) this was made an error, seemingly by accident. It was just a result of the general header checks, and all the tests after that patch have a trailing empty line (but did not before). Let's allow this again, and tweak the test semantics changed in e0aaf781f6 to remove the redundant empty line. New tests added in previous commits of mine already added an explicit test for allowing the empty line between header and body. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- fsck.c | 2 ++ t/t3800-mktag.sh | 6 ++---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fsck.c b/fsck.c index 9c3a5942d2..69d0049e4d 100644 --- a/fsck.c +++ b/fsck.c @@ -987,6 +987,8 @@ int fsck_tag_standalone(const struct object_id *oid, const char *buffer, } else ret = fsck_ident(&buffer, oid, OBJ_TAG, options); + if (!*buffer) + goto done; if (!starts_with(buffer, "\n")) { /* diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index 929bb9f492..1fd97def33 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -446,7 +446,7 @@ tagger T A Gger 1206478233 -0500 EOF -test_expect_mktag_success 'require a blank line before an empty body (1)' +test_expect_mktag_success 'allow a blank line before an empty body (1)' cat >tag.sig < 1206478233 -0500 EOF -check_verify_failure 'require a blank line before an empty body (2)' \ - '^error:.* extraHeaderEntry:' +test_expect_mktag_success 'allow no blank line before an empty body (2)' ############################################################ # 24. create valid tag @@ -466,7 +465,6 @@ object $head type commit tag mytag tagger T A Gger 1206478233 -0500 - EOF test_expect_mktag_success 'create valid tag object' From 3f390a366cc4a083b11452b899a04416aea00bdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Tue, 5 Jan 2021 20:42:50 +0100 Subject: [PATCH 21/23] mktag: convert to parse-options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Convert the "mktag" command to use parse-options.h instead of its own ad-hoc argc handling. This doesn't matter much in practice since it doesn't support any options, but removes another special-case in our codebase, and makes it easier to add options to it in the future. It does marginally improve the situation for programs that want to execute git commands in a consistent manner and e.g. always use --end-of-options. E.g. "gitaly" does that, and has a blacklist of built-ins that don't support --end-of-options. This is one less special case for it and other similar programs to support. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- builtin/mktag.c | 14 ++++++++++++-- t/t3800-mktag.sh | 12 ++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/builtin/mktag.c b/builtin/mktag.c index 373926d7e0..18b8492f4d 100644 --- a/builtin/mktag.c +++ b/builtin/mktag.c @@ -1,10 +1,16 @@ #include "builtin.h" +#include "parse-options.h" #include "tag.h" #include "replace-object.h" #include "object-store.h" #include "fsck.h" #include "config.h" +static char const * const builtin_mktag_usage[] = { + N_("git mktag"), + NULL +}; + static struct fsck_options fsck_options = FSCK_OPTIONS_STRICT; static int mktag_config(const char *var, const char *value, void *cb) @@ -60,13 +66,17 @@ static int verify_object_in_tag(struct object_id *tagged_oid, int *tagged_type) int cmd_mktag(int argc, const char **argv, const char *prefix) { + static struct option builtin_mktag_options[] = { + OPT_END(), + }; struct strbuf buf = STRBUF_INIT; struct object_id tagged_oid; int tagged_type; struct object_id result; - if (argc != 1) - usage("git mktag"); + argc = parse_options(argc, argv, NULL, + builtin_mktag_options, + builtin_mktag_usage, 0); if (strbuf_read(&buf, 0, 0) < 0) die_errno("could not read from stdin"); diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index 1fd97def33..98708659fd 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -45,6 +45,18 @@ test_expect_success 'setup' ' blob=$(git rev-parse --verify HEAD:B.t) ' +test_expect_success 'basic usage' ' + cat >tag.sig <<-EOF && + object $head + type commit + tag mytag + tagger T A Gger 1206478233 -0500 + EOF + git mktag Date: Tue, 5 Jan 2021 20:42:51 +0100 Subject: [PATCH 22/23] mktag: mark strings for translation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mark the errors mktag might emit for translation. This is a plumbing command, but the errors it emits are intended to be human-readable. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- builtin/mktag.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/builtin/mktag.c b/builtin/mktag.c index 18b8492f4d..9b04b61c2b 100644 --- a/builtin/mktag.c +++ b/builtin/mktag.c @@ -31,10 +31,10 @@ static int mktag_fsck_error_func(struct fsck_options *o, * like missing "tagger" lines are "only" warnings * under fsck, we've always considered them an error. */ - fprintf_ln(stderr, "error: tag input does not pass fsck: %s", message); + fprintf_ln(stderr, _("error: tag input does not pass fsck: %s"), message); return 1; default: - BUG("%d (FSCK_IGNORE?) should never trigger this callback", + BUG(_("%d (FSCK_IGNORE?) should never trigger this callback"), msg_type); } } @@ -49,10 +49,10 @@ static int verify_object_in_tag(struct object_id *tagged_oid, int *tagged_type) buffer = read_object_file(tagged_oid, &type, &size); if (!buffer) - die("could not read tagged object '%s'", + die(_("could not read tagged object '%s'"), oid_to_hex(tagged_oid)); if (type != *tagged_type) - die("object '%s' tagged as '%s', but is a '%s' type", + die(_("object '%s' tagged as '%s', but is a '%s' type"), oid_to_hex(tagged_oid), type_name(*tagged_type), type_name(type)); @@ -79,7 +79,7 @@ int cmd_mktag(int argc, const char **argv, const char *prefix) builtin_mktag_usage, 0); if (strbuf_read(&buf, 0, 0) < 0) - die_errno("could not read from stdin"); + die_errno(_("could not read from stdin")); fsck_options.error_func = mktag_fsck_error_func; fsck_set_msg_type(&fsck_options, "extraheaderentry", "warn"); @@ -87,13 +87,13 @@ int cmd_mktag(int argc, const char **argv, const char *prefix) git_config(mktag_config, NULL); if (fsck_tag_standalone(NULL, buf.buf, buf.len, &fsck_options, &tagged_oid, &tagged_type)) - die("tag on stdin did not pass our strict fsck check"); + die(_("tag on stdin did not pass our strict fsck check")); if (verify_object_in_tag(&tagged_oid, &tagged_type)) - die("tag on stdin did not refer to a valid object"); + die(_("tag on stdin did not refer to a valid object")); if (write_object_file(buf.buf, buf.len, tag_type, &result) < 0) - die("unable to write tag file"); + die(_("unable to write tag file")); strbuf_release(&buf); puts(oid_to_hex(&result)); From 06ce79152be8dab44b63faf4486d5c5c171434af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=86var=20Arnfj=C3=B6r=C3=B0=20Bjarmason?= Date: Wed, 6 Jan 2021 12:47:27 +0100 Subject: [PATCH 23/23] mktag: add a --[no-]strict option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that mktag has been migrated to use the fsck machinery to check its input, it makes sense to teach it to run in the equivalent of "git fsck"'s default mode. For cases where mktag is used to (re)create a tag object using data from an existing and malformed tag object, the validation may optionally have to be loosened. Teach the command to take the "--[no-]strict" option to do so. Signed-off-by: Ævar Arnfjörð Bjarmason Signed-off-by: Junio C Hamano --- Documentation/git-mktag.txt | 8 ++++++++ builtin/mktag.c | 9 +++++++++ t/t3800-mktag.sh | 33 +++++++++++++++++++++++---------- 3 files changed, 40 insertions(+), 10 deletions(-) diff --git a/Documentation/git-mktag.txt b/Documentation/git-mktag.txt index 79813ff8df..17a2603a60 100644 --- a/Documentation/git-mktag.txt +++ b/Documentation/git-mktag.txt @@ -11,6 +11,14 @@ SYNOPSIS [verse] 'git mktag' +OPTIONS +------- + +--strict:: + By default mktag turns on the equivalent of + linkgit:git-fsck[1] `--strict` mode. Use `--no-strict` to + disable it. + DESCRIPTION ----------- diff --git a/builtin/mktag.c b/builtin/mktag.c index 9b04b61c2b..41a399a69e 100644 --- a/builtin/mktag.c +++ b/builtin/mktag.c @@ -10,6 +10,7 @@ static char const * const builtin_mktag_usage[] = { N_("git mktag"), NULL }; +static int option_strict = 1; static struct fsck_options fsck_options = FSCK_OPTIONS_STRICT; @@ -25,6 +26,12 @@ static int mktag_fsck_error_func(struct fsck_options *o, { switch (msg_type) { case FSCK_WARN: + if (!option_strict) { + fprintf_ln(stderr, _("warning: tag input does not pass fsck: %s"), message); + return 0; + + } + /* fallthrough */ case FSCK_ERROR: /* * We treat both warnings and errors as errors, things @@ -67,6 +74,8 @@ static int verify_object_in_tag(struct object_id *tagged_oid, int *tagged_type) int cmd_mktag(int argc, const char **argv, const char *prefix) { static struct option builtin_mktag_options[] = { + OPT_BOOL(0, "strict", &option_strict, + N_("enable more strict checking")), OPT_END(), }; struct strbuf buf = STRBUF_INIT; diff --git a/t/t3800-mktag.sh b/t/t3800-mktag.sh index 98708659fd..86bfeb271e 100755 --- a/t/t3800-mktag.sh +++ b/t/t3800-mktag.sh @@ -12,12 +12,17 @@ test_description='git mktag: tag object verify test' # given in the expect.pat file. check_verify_failure () { - expect="$2" - test_expect_success "$1" ' + test_expect_success "$1" " test_must_fail env GIT_TEST_GETTEXT_POISON=false \ git mktag message && - grep "$expect" message - ' + grep '$2' message && + if test '$3' != '--no-strict' + then + test_must_fail env GIT_TEST_GETTEXT_POISON=false \ + git mktag --no-strict message.no-strict && + grep '$2' message.no-strict + fi + " } test_expect_mktag_success() { @@ -65,7 +70,7 @@ too short for a tag EOF check_verify_failure 'Tag object length check' \ - '^error:.* missingObject:' + '^error:.* missingObject:' 'strict' ############################################################ # 2. object line label check @@ -240,7 +245,7 @@ tagger . <> 0 +0000 EOF check_verify_failure 'verify tag-name check' \ - '^error:.* badTagName:' + '^error:.* badTagName:' '--no-strict' ############################################################ # 11. tagger line label check #1 @@ -254,7 +259,7 @@ This is filler EOF check_verify_failure '"tagger" line label check #1' \ - '^error:.* missingTaggerEntry:' + '^error:.* missingTaggerEntry:' '--no-strict' ############################################################ # 12. tagger line label check #2 @@ -269,7 +274,7 @@ This is filler EOF check_verify_failure '"tagger" line label check #2' \ - '^error:.* missingTaggerEntry:' + '^error:.* missingTaggerEntry:' '--no-strict' ############################################################ # 13. allow missing tag author name like fsck @@ -298,7 +303,7 @@ tagger T A Gger < EOF check_verify_failure 'disallow malformed tagger' \ - '^error:.* badEmail:' + '^error:.* badEmail:' '--no-strict' ############################################################ # 15. allow empty tag email @@ -422,13 +427,21 @@ this line should not be here EOF check_verify_failure 'detect invalid header entry' \ - '^error:.* extraHeaderEntry:' + '^error:.* extraHeaderEntry:' '--no-strict' test_expect_success 'invalid header entry config & fsck' ' test_must_fail git mktag err &&