fast-export: handle all kinds of tag signatures

Currently the handle_tag() function in "builtin/fast-export.c" searches
only for "\n-----BEGIN PGP SIGNATURE-----\n" in the tag message to find
a tag signature.

This doesn't handle all kinds of OpenPGP signatures as some can start
with "-----BEGIN PGP MESSAGE-----" too, and this doesn't handle SSH and
X.509 signatures either as they use "-----BEGIN SSH SIGNATURE-----" and
"-----BEGIN SIGNED MESSAGE-----" respectively.

To handle all these kinds of tag signatures supported by Git, let's use
the parse_signed_buffer() function to properly find signatures in tag
messages.

Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/builtin/fast-export.c b/builtin/fast-export.c
index dc2486f9a83a9b00632c68148b5f2277c58cfa74..7adbc55f0dccb1878071aeb8af45f9b39ce3bf4c 100644 (file)
--- a/builtin/fast-export.c
+++ b/builtin/fast-export.c
@@ -931,9 +931,8 @@ static void handle_tag(const char *name, struct tag *tag)
 
        /* handle signed tags */
        if (message) {
-               const char *signature = strstr(message,
-                                              "\n-----BEGIN PGP SIGNATURE-----\n");
-               if (signature)
+               size_t sig_offset = parse_signed_buffer(message, message_size);
+               if (sig_offset < message_size)
                        switch (signed_tag_mode) {
                        case SIGN_ABORT:
                                die("encountered signed tag %s; use "
@@ -950,7 +949,7 @@ static void handle_tag(const char *name, struct tag *tag)
                                        oid_to_hex(&tag->object.oid));
                                /* fallthru */
                        case SIGN_STRIP:
-                               message_size = signature + 1 - message;
+                               message_size = sig_offset;
                                break;
                        }
        }

diff --git a/t/t9350-fast-export.sh b/t/t9350-fast-export.sh
index 21ff26939c6885d9117402b9cfde05d2a4ee55af..3d153a4805bbfc22c561c8526b449c6297e86669 100755 (executable)
--- a/t/t9350-fast-export.sh
+++ b/t/t9350-fast-export.sh
@@ -279,6 +279,42 @@ test_expect_success 'signed-tags=warn-strip' '
        test -s err
 '
 
+test_expect_success GPGSM 'setup X.509 signed tag' '
+       test_config gpg.format x509 &&
+       test_config user.signingkey $GIT_COMMITTER_EMAIL &&
+
+       git tag -s -m "X.509 signed tag" x509-signed $(git rev-parse HEAD) &&
+       ANNOTATED_TAG_COUNT=$((ANNOTATED_TAG_COUNT + 1))
+'
+
+test_expect_success GPGSM 'signed-tags=verbatim with X.509' '
+       git fast-export --signed-tags=verbatim x509-signed > output &&
+       test_grep "SIGNED MESSAGE" output
+'
+
+test_expect_success GPGSM 'signed-tags=strip with X.509' '
+       git fast-export --signed-tags=strip x509-signed > output &&
+       test_grep ! "SIGNED MESSAGE" output
+'
+
+test_expect_success GPGSSH 'setup SSH signed tag' '
+       test_config gpg.format ssh &&
+       test_config user.signingkey "${GPGSSH_KEY_PRIMARY}" &&
+
+       git tag -s -m "SSH signed tag" ssh-signed $(git rev-parse HEAD) &&
+       ANNOTATED_TAG_COUNT=$((ANNOTATED_TAG_COUNT + 1))
+'
+
+test_expect_success GPGSSH 'signed-tags=verbatim with SSH' '
+       git fast-export --signed-tags=verbatim ssh-signed > output &&
+       test_grep "SSH SIGNATURE" output
+'
+
+test_expect_success GPGSSH 'signed-tags=strip with SSH' '
+       git fast-export --signed-tags=strip ssh-signed > output &&
+       test_grep ! "SSH SIGNATURE" output
+'
+
 test_expect_success GPG 'set up signed commit' '
 
        # Generate a commit with both "gpgsig" and "encoding" set, so