diff --git a/git-tag-script b/git-tag-script index aee4891f60..4124f5494a 100755 --- a/git-tag-script +++ b/git-tag-script @@ -7,6 +7,7 @@ name="$1" object=${2:-$(cat "$GIT_DIR"/HEAD)} type=$(git-cat-file -t $object) || exit 1 +tagger=$(git-var GIT_COMMITTER_IDENT) || exit 1 ( echo "#" echo "# Write a tag message" @@ -17,7 +18,7 @@ grep -v '^#' < .editmsg | git-stripspace > .tagmsg [ -s .tagmsg ] || exit -( echo -e "object $object\ntype $type\ntag $name\n"; cat .tagmsg ) > .tmp-tag +( echo -e "object $object\ntype $type\ntag $name\ntagger $tagger\n"; cat .tagmsg ) > .tmp-tag rm -f .tmp-tag.asc .tagmsg gpg -bsa .tmp-tag && cat .tmp-tag.asc >> .tmp-tag mkdir -p "$GIT_DIR/refs/tags" diff --git a/mktag.c b/mktag.c index 8cbbef67e6..585677eb83 100644 --- a/mktag.c +++ b/mktag.c @@ -42,7 +42,7 @@ static int verify_tag(char *buffer, unsigned long size) int typelen; char type[20]; unsigned char sha1[20]; - const char *object, *type_line, *tag_line; + const char *object, *type_line, *tag_line, *tagger_line; if (size < 64 || size > MAXSIZE-1) return -1; @@ -92,6 +92,12 @@ static int verify_tag(char *buffer, unsigned long size) return -1; } + /* Verify the tagger line */ + tagger_line = tag_line; + + if (memcmp(tagger_line, "tagger", 6) || (tagger_line[6] == '\n')) + return -1; + /* The actual stuff afterwards we don't care about.. */ return 0; } @@ -119,7 +125,7 @@ int main(int argc, char **argv) size += ret; } - // Verify it for some basic sanity: it needs to start with "object \ntype " + // Verify it for some basic sanity: it needs to start with "object \ntype\ntagger " if (verify_tag(buffer, size) < 0) die("invalid tag signature file");