git.ipfire.org Git - thirdparty/git.git/commit

author	Junio C Hamano <gitster@pobox.com>
	Thu, 8 Sep 2011 04:19:47 +0000 (21:19 -0700)
committer	Junio C Hamano <gitster@pobox.com>
	Sat, 5 Nov 2011 04:40:25 +0000 (21:40 -0700)
commit	2f47eae2a1337bd0cb50dbc936df6433f460bb4a
tree	6433828b342b5bc1bb5d1d133f9052fd143b82ab	tree \| snapshot
parent	3dfbe68fc29248feea3a384e156497ca2463f932	commit \| diff

Split GPG interface into its own helper library

This mostly moves existing code from builtin/tag.c (for signing)
and builtin/verify-tag.c (for verifying) to a new gpg-interface.c
file to provide a more generic library interface.

- sign_buffer() takes a payload strbuf, a signature strbuf, and a signing
   key, runs "gpg" to produce a detached signature for the payload, and
   appends it to the signature strbuf. The contents of a signed tag that
   concatenates the payload and the detached signature can be produced by
   giving the same strbuf as payload and signature strbuf.

- verify_signed_buffer() takes a payload and a detached signature as
   <ptr, len> pairs, and runs "gpg --verify" to see if the payload matches
   the signature. It can optionally capture the output from GPG to allow
   the callers to pretty-print it in a way more suitable for their
   contexts.

"verify-tag" (aka "tag -v") used to save the whole tag contents as if it
is a detached signature, and fed gpg the payload part of the tag. It
relied on gpg to fail when the given tag is not signed but just is
annotated.  The updated run_gpg_verify() function detects the lack of
detached signature in the input, and errors out without bothering "gpg".

Signed-off-by: Junio C Hamano <gitster@pobox.com>

Makefile		diff \| blob \| blame \| history
builtin/tag.c		diff \| blob \| blame \| history
builtin/verify-tag.c		diff \| blob \| blame \| history
gpg-interface.c	[new file with mode: 0644]	blob
gpg-interface.h	[new file with mode: 0644]	blob
tag.c		diff \| blob \| blame \| history