git-tag.shon commit gitweb: Secure against commit-ish/tree-ish with the same name as path (45bd0c8)
   1#!/bin/sh
   2# Copyright (c) 2005 Linus Torvalds
   3
   4USAGE='-l [<pattern>] | [-a | -s | -u <key-id>] [-f | -d] [-m <msg>] <tagname> [<head>]'
   5SUBDIRECTORY_OK='Yes'
   6. git-sh-setup
   7
   8annotate=
   9signed=
  10force=
  11message=
  12username=
  13list=
  14while case "$#" in 0) break ;; esac
  15do
  16    case "$1" in
  17    -a)
  18        annotate=1
  19        ;;
  20    -s)
  21        annotate=1
  22        signed=1
  23        ;;
  24    -f)
  25        force=1
  26        ;;
  27    -l)
  28        case "$#" in
  29        1)
  30                set x . ;;
  31        esac
  32        shift
  33        git rev-parse --symbolic --tags | sort | grep "$@"
  34        exit $?
  35        ;;
  36    -m)
  37        annotate=1
  38        shift
  39        message="$1"
  40        ;;
  41    -u)
  42        annotate=1
  43        signed=1
  44        shift
  45        username="$1"
  46        ;;
  47    -d)
  48        shift
  49        tag_name="$1"
  50        tag=$(git-show-ref --verify --hash -- "refs/tags/$tag_name") ||
  51                die "Seriously, what tag are you talking about?"
  52        git-update-ref -m 'tag: delete' -d "refs/tags/$tag_name" "$tag" &&
  53                echo "Deleted tag $tag_name."
  54        exit $?
  55        ;;
  56    -*)
  57        usage
  58        ;;
  59    *)
  60        break
  61        ;;
  62    esac
  63    shift
  64done
  65
  66name="$1"
  67[ "$name" ] || usage
  68prev=0000000000000000000000000000000000000000
  69if git-show-ref --verify --quiet -- "refs/tags/$name"
  70then
  71    test -n "$force" || die "tag '$name' already exists"
  72    prev=`git rev-parse "refs/tags/$name"`
  73fi
  74shift
  75git-check-ref-format "tags/$name" ||
  76        die "we do not like '$name' as a tag name."
  77
  78object=$(git-rev-parse --verify --default HEAD "$@") || exit 1
  79type=$(git-cat-file -t $object) || exit 1
  80tagger=$(git-var GIT_COMMITTER_IDENT) || exit 1
  81: ${username:=$(expr "z$tagger" : 'z\(.*>\)')}
  82
  83trap 'rm -f "$GIT_DIR"/TAG_TMP* "$GIT_DIR"/TAG_FINALMSG "$GIT_DIR"/TAG_EDITMSG' 0
  84
  85if [ "$annotate" ]; then
  86    if [ -z "$message" ]; then
  87        ( echo "#"
  88          echo "# Write a tag message"
  89          echo "#" ) > "$GIT_DIR"/TAG_EDITMSG
  90        ${VISUAL:-${EDITOR:-vi}} "$GIT_DIR"/TAG_EDITMSG || exit
  91    else
  92        echo "$message" >"$GIT_DIR"/TAG_EDITMSG
  93    fi
  94
  95    grep -v '^#' <"$GIT_DIR"/TAG_EDITMSG |
  96    git-stripspace >"$GIT_DIR"/TAG_FINALMSG
  97
  98    [ -s "$GIT_DIR"/TAG_FINALMSG ] || {
  99        echo >&2 "No tag message?"
 100        exit 1
 101    }
 102
 103    ( printf 'object %s\ntype %s\ntag %s\ntagger %s\n\n' \
 104        "$object" "$type" "$name" "$tagger";
 105      cat "$GIT_DIR"/TAG_FINALMSG ) >"$GIT_DIR"/TAG_TMP
 106    rm -f "$GIT_DIR"/TAG_TMP.asc "$GIT_DIR"/TAG_FINALMSG
 107    if [ "$signed" ]; then
 108        gpg -bsa -u "$username" "$GIT_DIR"/TAG_TMP &&
 109        cat "$GIT_DIR"/TAG_TMP.asc >>"$GIT_DIR"/TAG_TMP ||
 110        die "failed to sign the tag with GPG."
 111    fi
 112    object=$(git-mktag < "$GIT_DIR"/TAG_TMP)
 113fi
 114
 115git update-ref "refs/tags/$name" "$object" "$prev"
 116