builtin-verify-tag.con commit Update draft release notes to 1.6.6 (610f99e)
   1/*
   2 * Builtin "git verify-tag"
   3 *
   4 * Copyright (c) 2007 Carlos Rica <jasampler@gmail.com>
   5 *
   6 * Based on git-verify-tag.sh
   7 */
   8#include "cache.h"
   9#include "builtin.h"
  10#include "tag.h"
  11#include "run-command.h"
  12#include <signal.h>
  13#include "parse-options.h"
  14
  15static const char * const verify_tag_usage[] = {
  16                "git verify-tag [-v|--verbose] <tag>...",
  17                NULL
  18};
  19
  20#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
  21
  22static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
  23{
  24        struct child_process gpg;
  25        const char *args_gpg[] = {"gpg", "--verify", "FILE", "-", NULL};
  26        char path[PATH_MAX], *eol;
  27        size_t len;
  28        int fd, ret;
  29
  30        fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
  31        if (fd < 0)
  32                return error("could not create temporary file '%s': %s",
  33                                                path, strerror(errno));
  34        if (write_in_full(fd, buf, size) < 0)
  35                return error("failed writing temporary file '%s': %s",
  36                                                path, strerror(errno));
  37        close(fd);
  38
  39        /* find the length without signature */
  40        len = 0;
  41        while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
  42                eol = memchr(buf + len, '\n', size - len);
  43                len += eol ? eol - (buf + len) + 1 : size - len;
  44        }
  45        if (verbose)
  46                write_in_full(1, buf, len);
  47
  48        memset(&gpg, 0, sizeof(gpg));
  49        gpg.argv = args_gpg;
  50        gpg.in = -1;
  51        args_gpg[2] = path;
  52        if (start_command(&gpg)) {
  53                unlink(path);
  54                return error("could not run gpg.");
  55        }
  56
  57        write_in_full(gpg.in, buf, len);
  58        close(gpg.in);
  59        ret = finish_command(&gpg);
  60
  61        unlink_or_warn(path);
  62
  63        return ret;
  64}
  65
  66static int verify_tag(const char *name, int verbose)
  67{
  68        enum object_type type;
  69        unsigned char sha1[20];
  70        char *buf;
  71        unsigned long size;
  72        int ret;
  73
  74        if (get_sha1(name, sha1))
  75                return error("tag '%s' not found.", name);
  76
  77        type = sha1_object_info(sha1, NULL);
  78        if (type != OBJ_TAG)
  79                return error("%s: cannot verify a non-tag object of type %s.",
  80                                name, typename(type));
  81
  82        buf = read_sha1_file(sha1, &type, &size);
  83        if (!buf)
  84                return error("%s: unable to read file.", name);
  85
  86        ret = run_gpg_verify(buf, size, verbose);
  87
  88        free(buf);
  89        return ret;
  90}
  91
  92int cmd_verify_tag(int argc, const char **argv, const char *prefix)
  93{
  94        int i = 1, verbose = 0, had_error = 0;
  95        const struct option verify_tag_options[] = {
  96                OPT__VERBOSE(&verbose),
  97                OPT_END()
  98        };
  99
 100        git_config(git_default_config, NULL);
 101
 102        argc = parse_options(argc, argv, prefix, verify_tag_options,
 103                             verify_tag_usage, PARSE_OPT_KEEP_ARGV0);
 104        if (argc <= i)
 105                usage_with_options(verify_tag_usage, verify_tag_options);
 106
 107        /* sometimes the program was terminated because this signal
 108         * was received in the process of writing the gpg input: */
 109        signal(SIGPIPE, SIG_IGN);
 110        while (i < argc)
 111                if (verify_tag(argv[i++], verbose))
 112                        had_error = 1;
 113        return had_error;
 114}