verify-tag: share code with verify-commit

verify-tag was executing an entirely different codepath than
verify-commit, except for the underlying verify_signed_buffer.  Move
much of the code from check_commit_signature to a generic
check_signature function and adjust both codepaths to call it.

Update verify-tag to explicitly output the signature text, as we now
call verify_signed_buffer with strbufs to catch the output, which
prevents it from being printed automatically.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c
index 53c68fce3ac182db907224d12d89659469f4b9d6..e1eb341baeaa4833fdff08b11901264f4bd207ea 100644 (file)
--- a/builtin/verify-tag.c
+++ b/builtin/verify-tag.c
@@ -20,8 +20,11 @@ static const char * const verify_tag_usage[] = {
 
 static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
 {
+       struct signature_check sigc;
        int len;
 
+       memset(&sigc, 0, sizeof(sigc));
+
        len = parse_signature(buf, size);
        if (verbose)
                write_in_full(1, buf, len);
@@ -29,7 +32,11 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
        if (size == len)
                return error("no signature found");
 
-       return verify_signed_buffer(buf, len, buf + len, size - len, NULL, NULL);
+       check_signature(buf, len, buf + len, size - len, &sigc);
+       fputs(sigc.gpg_output, stderr);
+
+       signature_check_clear(&sigc);
+       return sigc.result != 'G' && sigc.result != 'U';
 }
 
 static int verify_tag(const char *name, int verbose)

diff --git a/commit.c b/commit.c
index a8c7577d28a4b2a0b5fc13420f8a141871626087..d07a9849850a3e958870358c67dd88f16c9a4156 100644 (file)
--- a/commit.c
+++ b/commit.c
@@ -1231,27 +1231,14 @@ void check_commit_signature(const struct commit *commit, struct signature_check
 {
        struct strbuf payload = STRBUF_INIT;
        struct strbuf signature = STRBUF_INIT;
-       struct strbuf gpg_output = STRBUF_INIT;
-       struct strbuf gpg_status = STRBUF_INIT;
-       int status;
 
        sigc->result = 'N';
 
        if (parse_signed_commit(commit, &payload, &signature) <= 0)
                goto out;
-       status = verify_signed_buffer(payload.buf, payload.len,
-                                     signature.buf, signature.len,
-                                     &gpg_output, &gpg_status);
-       if (status && !gpg_output.len)
-               goto out;
-       sigc->payload = strbuf_detach(&payload, NULL);
-       sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
-       sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
-       parse_gpg_output(sigc);
+       check_signature(payload.buf, payload.len, signature.buf, signature.len, sigc);
 
  out:
-       strbuf_release(&gpg_status);
-       strbuf_release(&gpg_output);
        strbuf_release(&payload);
        strbuf_release(&signature);
 }

diff --git a/gpg-interface.c b/gpg-interface.c
index 68b0c814f789f39151d380b1d318d6f80090d524..66dbee25b3ce77e10000c285188a64917cb7a37f 100644 (file)
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -60,6 +60,29 @@ void parse_gpg_output(struct signature_check *sigc)
        }
 }
 
+void check_signature(const char *payload, size_t plen, const char *signature,
+       size_t slen, struct signature_check *sigc)
+{
+       struct strbuf gpg_output = STRBUF_INIT;
+       struct strbuf gpg_status = STRBUF_INIT;
+       int status;
+
+       sigc->result = 'N';
+
+       status = verify_signed_buffer(payload, plen, signature, slen,
+                                     &gpg_output, &gpg_status);
+       if (status && !gpg_output.len)
+               goto out;
+       sigc->payload = xmemdupz(payload, plen);
+       sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
+       sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
+       parse_gpg_output(sigc);
+
+ out:
+       strbuf_release(&gpg_status);
+       strbuf_release(&gpg_output);
+}
+
 /*
  * Look at GPG signed content (e.g. a signed tag object), whose
  * payload is followed by a detached signature on it.  Return the

diff --git a/gpg-interface.h b/gpg-interface.h
index 87a4f2e3fad92b4622a40ef5612db293bf4c5dd4..043bcaa6306e9d6654ce7ca5a89cfec755d203d5 100644 (file)
--- a/gpg-interface.h
+++ b/gpg-interface.h
@@ -27,5 +27,7 @@ extern int verify_signed_buffer(const char *payload, size_t payload_size, const
 extern int git_gpg_config(const char *, const char *, void *);
 extern void set_signing_key(const char *);
 extern const char *get_signing_key(void);
+extern void check_signature(const char *payload, size_t plen,
+       const char *signature, size_t slen, struct signature_check *sigc);
 
 #endif