commit: refactor verify_commit_buffer()

In a following commit, we are going to check commit signatures, but we
won't have a commit yet, only a commit buffer, and we are going to
discard this commit buffer if the signature is invalid. So it would be
wasteful to create a commit that we might discard, just to be able to
check a commit signature.

It would be simpler instead to be able to check commit signatures
using only a commit buffer instead of a commit.

To be able to do that, let's extract some code from the
check_commit_signature() function into a new verify_commit_buffer()
function, and then let's make check_commit_signature() call
verify_commit_buffer().

Note that this doesn't fundamentally change how
check_commit_signature() works. It used to call parse_signed_commit()
which calls repo_get_commit_buffer(), parse_buffer_signed_by_header()
and repo_unuse_commit_buffer(). Now these 3 functions are called
directly by verify_commit_buffer().

Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/commit.c b/commit.c
index 16d91b2bfcf291b876e1edb5ea54520edad21c0c..709c9eed58a790194e0f7e6555e84844c6e67a26 100644 (file)
--- a/commit.c
+++ b/commit.c
@@ -1315,7 +1315,8 @@ free_return:
        free(buf);
 }
 
-int check_commit_signature(const struct commit *commit, struct signature_check *sigc)
+int verify_commit_buffer(const char *buffer, size_t size,
+                        struct signature_check *sigc)
 {
        struct strbuf payload = STRBUF_INIT;
        struct strbuf signature = STRBUF_INIT;
@@ -1323,7 +1324,8 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
 
        sigc->result = 'N';
 
-       if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
+       if (parse_buffer_signed_by_header(buffer, size, &payload,
+                                         &signature, the_hash_algo) <= 0)
                goto out;
 
        sigc->payload_type = SIGNATURE_PAYLOAD_COMMIT;
@@ -1337,6 +1339,17 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
        return ret;
 }
 
+int check_commit_signature(const struct commit *commit, struct signature_check *sigc)
+{
+       unsigned long size;
+       const char *buffer = repo_get_commit_buffer(the_repository, commit, &size);
+       int ret = verify_commit_buffer(buffer, size, sigc);
+
+       repo_unuse_commit_buffer(the_repository, commit, buffer);
+
+       return ret;
+}
+
 void verify_merge_signature(struct commit *commit, int verbosity,
                            int check_trust)
 {

diff --git a/commit.h b/commit.h
index 1d6e0c7518b3bb7d1f478b157a509f658515e52d..5406dd266327d4e3c3141c05c099d1bee9e0b999 100644 (file)
--- a/commit.h
+++ b/commit.h
@@ -333,6 +333,13 @@ int remove_signature(struct strbuf *buf);
  */
 int check_commit_signature(const struct commit *commit, struct signature_check *sigc);
 
+/*
+ * Same as check_commit_signature() but accepts a commit buffer and
+ * its size, instead of a `struct commit *`.
+ */
+int verify_commit_buffer(const char *buffer, size_t size,
+                        struct signature_check *sigc);
+
 /* record author-date for each commit object */
 struct author_date_slab;
 void record_author_date(struct author_date_slab *author_date,