a3d3a438268a19507b42d42cdb9acf7eaa69ad5a
1/*
2 * Builtin "git verify-tag"
3 *
4 * Copyright (c) 2007 Carlos Rica <jasampler@gmail.com>
5 *
6 * Based on git-verify-tag.sh
7 */
8#include "cache.h"
9#include "builtin.h"
10#include "tag.h"
11#include "run-command.h"
12#include <signal.h>
13#include "parse-options.h"
14#include "gpg-interface.h"
15
16static const char * const verify_tag_usage[] = {
17 N_("git verify-tag [-v | --verbose] <tag>..."),
18 NULL
19};
20
21static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
22{
23 struct signature_check sigc;
24 size_t payload_size;
25 int ret;
26
27 memset(&sigc, 0, sizeof(sigc));
28
29 payload_size = parse_signature(buf, size);
30
31 if (size == payload_size) {
32 if (flags & GPG_VERIFY_VERBOSE)
33 write_in_full(1, buf, payload_size);
34 return error("no signature found");
35 }
36
37 ret = check_signature(buf, payload_size, buf + payload_size,
38 size - payload_size, &sigc);
39 print_signature_buffer(&sigc, flags);
40
41 signature_check_clear(&sigc);
42 return ret;
43}
44
45static int verify_tag(const unsigned char *sha1, const char *name_to_report,
46 unsigned flags)
47{
48 enum object_type type;
49 char *buf;
50 unsigned long size;
51 int ret;
52
53 type = sha1_object_info(sha1, NULL);
54 if (type != OBJ_TAG)
55 return error("%s: cannot verify a non-tag object of type %s.",
56 name_to_report ?
57 name_to_report :
58 find_unique_abbrev(sha1, DEFAULT_ABBREV),
59 typename(type));
60
61 buf = read_sha1_file(sha1, &type, &size);
62 if (!buf)
63 return error("%s: unable to read file.",
64 name_to_report ?
65 name_to_report :
66 find_unique_abbrev(sha1, DEFAULT_ABBREV));
67
68 ret = run_gpg_verify(buf, size, flags);
69
70 free(buf);
71 return ret;
72}
73
74static int git_verify_tag_config(const char *var, const char *value, void *cb)
75{
76 int status = git_gpg_config(var, value, cb);
77 if (status)
78 return status;
79 return git_default_config(var, value, cb);
80}
81
82int cmd_verify_tag(int argc, const char **argv, const char *prefix)
83{
84 int i = 1, verbose = 0, had_error = 0;
85 unsigned flags = 0;
86 const struct option verify_tag_options[] = {
87 OPT__VERBOSE(&verbose, N_("print tag contents")),
88 OPT_BIT(0, "raw", &flags, N_("print raw gpg status output"), GPG_VERIFY_RAW),
89 OPT_END()
90 };
91
92 git_config(git_verify_tag_config, NULL);
93
94 argc = parse_options(argc, argv, prefix, verify_tag_options,
95 verify_tag_usage, PARSE_OPT_KEEP_ARGV0);
96 if (argc <= i)
97 usage_with_options(verify_tag_usage, verify_tag_options);
98
99 if (verbose)
100 flags |= GPG_VERIFY_VERBOSE;
101
102 while (i < argc) {
103 unsigned char sha1[20];
104 const char *name = argv[i++];
105 if (get_sha1(name, sha1))
106 had_error = !!error("tag '%s' not found.", name);
107 else if (verify_tag(sha1, name, flags))
108 had_error = 1;
109 }
110 return had_error;
111}