]>
git.ipfire.org Git - thirdparty/git.git/blob - gpg-interface.c
2 #include "run-command.h"
4 #include "gpg-interface.h"
7 static char *configured_signing_key
;
8 static const char *gpg_program
= "gpg";
10 #define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
11 #define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----"
13 void signature_check_clear(struct signature_check
*sigc
)
16 free(sigc
->gpg_output
);
17 free(sigc
->gpg_status
);
21 sigc
->gpg_output
= NULL
;
22 sigc
->gpg_status
= NULL
;
30 } sigcheck_gpg_status
[] = {
31 { 'G', "\n[GNUPG:] GOODSIG " },
32 { 'B', "\n[GNUPG:] BADSIG " },
33 { 'U', "\n[GNUPG:] TRUST_NEVER" },
34 { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
37 void parse_gpg_output(struct signature_check
*sigc
)
39 const char *buf
= sigc
->gpg_status
;
42 /* Iterate over all search strings */
43 for (i
= 0; i
< ARRAY_SIZE(sigcheck_gpg_status
); i
++) {
44 const char *found
, *next
;
46 if (!skip_prefix(buf
, sigcheck_gpg_status
[i
].check
+ 1, &found
)) {
47 found
= strstr(buf
, sigcheck_gpg_status
[i
].check
);
50 found
+= strlen(sigcheck_gpg_status
[i
].check
);
52 sigc
->result
= sigcheck_gpg_status
[i
].result
;
53 /* The trust messages are not followed by key/signer information */
54 if (sigc
->result
!= 'U') {
55 sigc
->key
= xmemdupz(found
, 16);
57 next
= strchrnul(found
, '\n');
58 sigc
->signer
= xmemdupz(found
, next
- found
);
63 void check_signature(const char *payload
, size_t plen
, const char *signature
,
64 size_t slen
, struct signature_check
*sigc
)
66 struct strbuf gpg_output
= STRBUF_INIT
;
67 struct strbuf gpg_status
= STRBUF_INIT
;
72 status
= verify_signed_buffer(payload
, plen
, signature
, slen
,
73 &gpg_output
, &gpg_status
);
74 if (status
&& !gpg_output
.len
)
76 sigc
->payload
= xmemdupz(payload
, plen
);
77 sigc
->gpg_output
= strbuf_detach(&gpg_output
, NULL
);
78 sigc
->gpg_status
= strbuf_detach(&gpg_status
, NULL
);
79 parse_gpg_output(sigc
);
82 strbuf_release(&gpg_status
);
83 strbuf_release(&gpg_output
);
87 * Look at GPG signed content (e.g. a signed tag object), whose
88 * payload is followed by a detached signature on it. Return the
89 * offset where the embedded detached signature begins, or the end of
90 * the data when there is no such signature.
92 size_t parse_signature(const char *buf
, unsigned long size
)
96 while (len
< size
&& !starts_with(buf
+ len
, PGP_SIGNATURE
) &&
97 !starts_with(buf
+ len
, PGP_MESSAGE
)) {
98 eol
= memchr(buf
+ len
, '\n', size
- len
);
99 len
+= eol
? eol
- (buf
+ len
) + 1 : size
- len
;
104 void set_signing_key(const char *key
)
106 free(configured_signing_key
);
107 configured_signing_key
= xstrdup(key
);
110 int git_gpg_config(const char *var
, const char *value
, void *cb
)
112 if (!strcmp(var
, "user.signingkey")) {
113 set_signing_key(value
);
115 if (!strcmp(var
, "gpg.program")) {
117 return config_error_nonbool(var
);
118 gpg_program
= xstrdup(value
);
123 const char *get_signing_key(void)
125 if (configured_signing_key
)
126 return configured_signing_key
;
127 return git_committer_info(IDENT_STRICT
|IDENT_NO_DATE
);
131 * Create a detached signature for the contents of "buffer" and append
132 * it after "signature"; "buffer" and "signature" can be the same
133 * strbuf instance, which would cause the detached signature appended
136 int sign_buffer(struct strbuf
*buffer
, struct strbuf
*signature
, const char *signing_key
)
138 struct child_process gpg
= CHILD_PROCESS_INIT
;
146 args
[0] = gpg_program
;
148 args
[2] = signing_key
;
151 if (start_command(&gpg
))
152 return error(_("could not run gpg."));
155 * When the username signingkey is bad, program could be terminated
156 * because gpg exits without reading and then write gets SIGPIPE.
158 sigchain_push(SIGPIPE
, SIG_IGN
);
160 if (write_in_full(gpg
.in
, buffer
->buf
, buffer
->len
) != buffer
->len
) {
163 finish_command(&gpg
);
164 return error(_("gpg did not accept the data"));
168 bottom
= signature
->len
;
169 len
= strbuf_read(signature
, gpg
.out
, 1024);
172 sigchain_pop(SIGPIPE
);
174 if (finish_command(&gpg
) || !len
|| len
< 0)
175 return error(_("gpg failed to sign the data"));
177 /* Strip CR from the line endings, in case we are on Windows. */
178 for (i
= j
= bottom
; i
< signature
->len
; i
++)
179 if (signature
->buf
[i
] != '\r') {
181 signature
->buf
[j
] = signature
->buf
[i
];
184 strbuf_setlen(signature
, j
);
190 * Run "gpg" to see if the payload matches the detached signature.
191 * gpg_output, when set, receives the diagnostic output from GPG.
192 * gpg_status, when set, receives the status output from GPG.
194 int verify_signed_buffer(const char *payload
, size_t payload_size
,
195 const char *signature
, size_t signature_size
,
196 struct strbuf
*gpg_output
, struct strbuf
*gpg_status
)
198 struct child_process gpg
= CHILD_PROCESS_INIT
;
199 const char *args_gpg
[] = {NULL
, "--status-fd=1", "--verify", "FILE", "-", NULL
};
202 struct strbuf buf
= STRBUF_INIT
;
203 struct strbuf
*pbuf
= &buf
;
205 args_gpg
[0] = gpg_program
;
206 fd
= git_mkstemp(path
, PATH_MAX
, ".git_vtag_tmpXXXXXX");
208 return error(_("could not create temporary file '%s': %s"),
209 path
, strerror(errno
));
210 if (write_in_full(fd
, signature
, signature_size
) < 0)
211 return error(_("failed writing detached signature to '%s': %s"),
212 path
, strerror(errno
));
221 if (start_command(&gpg
)) {
223 return error(_("could not run gpg."));
226 write_in_full(gpg
.in
, payload
, payload_size
);
230 strbuf_read(gpg_output
, gpg
.err
, 0);
235 strbuf_read(pbuf
, gpg
.out
, 0);
238 ret
= finish_command(&gpg
);
240 unlink_or_warn(path
);
242 ret
|= !strstr(pbuf
->buf
, "\n[GNUPG:] GOODSIG ");
243 strbuf_release(&buf
); /* no matter it was used or not */