a3d3a438268a19507b42d42cdb9acf7eaa69ad5a
   1/*
   2 * Builtin "git verify-tag"
   3 *
   4 * Copyright (c) 2007 Carlos Rica <jasampler@gmail.com>
   5 *
   6 * Based on git-verify-tag.sh
   7 */
   8#include "cache.h"
   9#include "builtin.h"
  10#include "tag.h"
  11#include "run-command.h"
  12#include <signal.h>
  13#include "parse-options.h"
  14#include "gpg-interface.h"
  15
  16static const char * const verify_tag_usage[] = {
  17                N_("git verify-tag [-v | --verbose] <tag>..."),
  18                NULL
  19};
  20
  21static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
  22{
  23        struct signature_check sigc;
  24        size_t payload_size;
  25        int ret;
  26
  27        memset(&sigc, 0, sizeof(sigc));
  28
  29        payload_size = parse_signature(buf, size);
  30
  31        if (size == payload_size) {
  32                if (flags & GPG_VERIFY_VERBOSE)
  33                        write_in_full(1, buf, payload_size);
  34                return error("no signature found");
  35        }
  36
  37        ret = check_signature(buf, payload_size, buf + payload_size,
  38                                size - payload_size, &sigc);
  39        print_signature_buffer(&sigc, flags);
  40
  41        signature_check_clear(&sigc);
  42        return ret;
  43}
  44
  45static int verify_tag(const unsigned char *sha1, const char *name_to_report,
  46                        unsigned flags)
  47{
  48        enum object_type type;
  49        char *buf;
  50        unsigned long size;
  51        int ret;
  52
  53        type = sha1_object_info(sha1, NULL);
  54        if (type != OBJ_TAG)
  55                return error("%s: cannot verify a non-tag object of type %s.",
  56                                name_to_report ?
  57                                name_to_report :
  58                                find_unique_abbrev(sha1, DEFAULT_ABBREV),
  59                                typename(type));
  60
  61        buf = read_sha1_file(sha1, &type, &size);
  62        if (!buf)
  63                return error("%s: unable to read file.",
  64                                name_to_report ?
  65                                name_to_report :
  66                                find_unique_abbrev(sha1, DEFAULT_ABBREV));
  67
  68        ret = run_gpg_verify(buf, size, flags);
  69
  70        free(buf);
  71        return ret;
  72}
  73
  74static int git_verify_tag_config(const char *var, const char *value, void *cb)
  75{
  76        int status = git_gpg_config(var, value, cb);
  77        if (status)
  78                return status;
  79        return git_default_config(var, value, cb);
  80}
  81
  82int cmd_verify_tag(int argc, const char **argv, const char *prefix)
  83{
  84        int i = 1, verbose = 0, had_error = 0;
  85        unsigned flags = 0;
  86        const struct option verify_tag_options[] = {
  87                OPT__VERBOSE(&verbose, N_("print tag contents")),
  88                OPT_BIT(0, "raw", &flags, N_("print raw gpg status output"), GPG_VERIFY_RAW),
  89                OPT_END()
  90        };
  91
  92        git_config(git_verify_tag_config, NULL);
  93
  94        argc = parse_options(argc, argv, prefix, verify_tag_options,
  95                             verify_tag_usage, PARSE_OPT_KEEP_ARGV0);
  96        if (argc <= i)
  97                usage_with_options(verify_tag_usage, verify_tag_options);
  98
  99        if (verbose)
 100                flags |= GPG_VERIFY_VERBOSE;
 101
 102        while (i < argc) {
 103                unsigned char sha1[20];
 104                const char *name = argv[i++];
 105                if (get_sha1(name, sha1))
 106                        had_error = !!error("tag '%s' not found.", name);
 107                else if (verify_tag(sha1, name, flags))
 108                        had_error = 1;
 109        }
 110        return had_error;
 111}