[thirdparty/git.git] / builtin-verify-tag.c

/*
 * Builtin "git verify-tag"
 *
 * Copyright (c) 2007 Carlos Rica <jasampler@gmail.com>
 *
 * Based on git-verify-tag.sh
 */
#include "cache.h"
#include "builtin.h"
#include "tag.h"
#include "run-command.h"
#include <signal.h>
#include "parse-options.h"

static const char * const verify_tag_usage[] = {
		"git verify-tag [-v|--verbose] <tag>...",
		NULL
};

#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"

static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
{
	struct child_process gpg;
	const char *args_gpg[] = {"gpg", "--verify", "FILE", "-", NULL};
	char path[PATH_MAX], *eol;
	size_t len;
	int fd, ret;

	fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
	if (fd < 0)
		return error("could not create temporary file '%s': %s",
						path, strerror(errno));
	if (write_in_full(fd, buf, size) < 0)
		return error("failed writing temporary file '%s': %s",
						path, strerror(errno));
	close(fd);

	/* find the length without signature */
	len = 0;
	while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
		eol = memchr(buf + len, '\n', size - len);
		len += eol ? eol - (buf + len) + 1 : size - len;
	}
	if (verbose)
		write_in_full(1, buf, len);

	memset(&gpg, 0, sizeof(gpg));
	gpg.argv = args_gpg;
	gpg.in = -1;
	args_gpg[2] = path;
	if (start_command(&gpg)) {
		unlink(path);
		return error("could not run gpg.");
	}

	write_in_full(gpg.in, buf, len);
	close(gpg.in);
	ret = finish_command(&gpg);

	unlink_or_warn(path);

	return ret;
}

static int verify_tag(const char *name, int verbose)
{
	enum object_type type;
	unsigned char sha1[20];
	char *buf;
	unsigned long size;
	int ret;

	if (get_sha1(name, sha1))
		return error("tag '%s' not found.", name);

	type = sha1_object_info(sha1, NULL);
	if (type != OBJ_TAG)
		return error("%s: cannot verify a non-tag object of type %s.",
				name, typename(type));

	buf = read_sha1_file(sha1, &type, &size);
	if (!buf)
		return error("%s: unable to read file.", name);

	ret = run_gpg_verify(buf, size, verbose);

	free(buf);
	return ret;
}

int cmd_verify_tag(int argc, const char **argv, const char *prefix)
{
	int i = 1, verbose = 0, had_error = 0;
	const struct option verify_tag_options[] = {
		OPT__VERBOSE(&verbose),
		OPT_END()
	};

	git_config(git_default_config, NULL);

	argc = parse_options(argc, argv, prefix, verify_tag_options,
			     verify_tag_usage, PARSE_OPT_KEEP_ARGV0);
	if (argc <= i)
		usage_with_options(verify_tag_usage, verify_tag_options);

	/* sometimes the program was terminated because this signal
	 * was received in the process of writing the gpg input: */
	signal(SIGPIPE, SIG_IGN);
	while (i < argc)
		if (verify_tag(argv[i++], verbose))
			had_error = 1;
	return had_error;
}
Commit	Line	Data
2ae68fcb CR	1	/*
	2	* Builtin "git verify-tag"
	3	*
	4	* Copyright (c) 2007 Carlos Rica <jasampler@gmail.com>
	5	*
	6	* Based on git-verify-tag.sh
	7	*/
	8	#include "cache.h"
	9	#include "builtin.h"
	10	#include "tag.h"
	11	#include "run-command.h"
	12	#include <signal.h>
4855b2a2	13	#include "parse-options.h"
2ae68fcb	14
4855b2a2 SB	15	static const char * const verify_tag_usage[] = {
	16	"git verify-tag [-v\|--verbose] <tag>...",
	17	NULL
	18	};
2ae68fcb CR	19
	20	#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
	21
	22	static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
	23	{
	24	struct child_process gpg;
	25	const char *args_gpg[] = {"gpg", "--verify", "FILE", "-", NULL};
	26	char path[PATH_MAX], *eol;
	27	size_t len;
	28	int fd, ret;
	29
	30	fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
	31	if (fd < 0)
	32	return error("could not create temporary file '%s': %s",
	33	path, strerror(errno));
	34	if (write_in_full(fd, buf, size) < 0)
	35	return error("failed writing temporary file '%s': %s",
	36	path, strerror(errno));
	37	close(fd);
	38
	39	/* find the length without signature */
	40	len = 0;
fec60a26	41	while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
2ae68fcb CR	42	eol = memchr(buf + len, '\n', size - len);
	43	len += eol ? eol - (buf + len) + 1 : size - len;
	44	}
	45	if (verbose)
	46	write_in_full(1, buf, len);
	47
	48	memset(&gpg, 0, sizeof(gpg));
	49	gpg.argv = args_gpg;
	50	gpg.in = -1;
2ae68fcb	51	args_gpg[2] = path;
69fe5ef6 JS	52	if (start_command(&gpg)) {
69fe5ef6 JS	53	unlink(path);
2ae68fcb	54	return error("could not run gpg.");
69fe5ef6	55	}
2ae68fcb CR	56
	57	write_in_full(gpg.in, buf, len);
	58	close(gpg.in);
2ae68fcb CR	59	ret = finish_command(&gpg);
2ae68fcb CR	60
691f1a28	61	unlink_or_warn(path);
2ae68fcb CR	62
	63	return ret;
	64	}
	65
	66	static int verify_tag(const char *name, int verbose)
	67	{
	68	enum object_type type;
	69	unsigned char sha1[20];
	70	char *buf;
	71	unsigned long size;
	72	int ret;
	73
	74	if (get_sha1(name, sha1))
	75	return error("tag '%s' not found.", name);
	76
	77	type = sha1_object_info(sha1, NULL);
	78	if (type != OBJ_TAG)
	79	return error("%s: cannot verify a non-tag object of type %s.",
	80	name, typename(type));
	81
	82	buf = read_sha1_file(sha1, &type, &size);
	83	if (!buf)
	84	return error("%s: unable to read file.", name);
	85
	86	ret = run_gpg_verify(buf, size, verbose);
	87
	88	free(buf);
	89	return ret;
	90	}
	91
	92	int cmd_verify_tag(int argc, const char *argv, const char prefix)
	93	{
	94	int i = 1, verbose = 0, had_error = 0;
4855b2a2 SB	95	const struct option verify_tag_options[] = {
	96	OPT__VERBOSE(&verbose),
	97	OPT_END()
	98	};
2ae68fcb	99
ef90d6d4	100	git_config(git_default_config, NULL);
2ae68fcb	101
4855b2a2 SB	102	argc = parse_options(argc, argv, prefix, verify_tag_options,
4855b2a2 SB	103	verify_tag_usage, PARSE_OPT_KEEP_ARGV0);
d2761895	104	if (argc <= i)
4855b2a2	105	usage_with_options(verify_tag_usage, verify_tag_options);
d2761895	106
2ae68fcb CR	107	/* sometimes the program was terminated because this signal
	108	* was received in the process of writing the gpg input: */
	109	signal(SIGPIPE, SIG_IGN);
	110	while (i < argc)
	111	if (verify_tag(argv[i++], verbose))
	112	had_error = 1;
	113	return had_error;
	114	}