builtin-verify-tag.con commit "needs update" considered harmful (d14e740)
   1/*
   2 * Builtin "git verify-tag"
   3 *
   4 * Copyright (c) 2007 Carlos Rica <jasampler@gmail.com>
   5 *
   6 * Based on git-verify-tag.sh
   7 */
   8#include "cache.h"
   9#include "builtin.h"
  10#include "tag.h"
  11#include "run-command.h"
  12#include <signal.h>
  13
  14static const char builtin_verify_tag_usage[] =
  15                "git verify-tag [-v|--verbose] <tag>...";
  16
  17#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
  18
  19static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
  20{
  21        struct child_process gpg;
  22        const char *args_gpg[] = {"gpg", "--verify", "FILE", "-", NULL};
  23        char path[PATH_MAX], *eol;
  24        size_t len;
  25        int fd, ret;
  26
  27        fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
  28        if (fd < 0)
  29                return error("could not create temporary file '%s': %s",
  30                                                path, strerror(errno));
  31        if (write_in_full(fd, buf, size) < 0)
  32                return error("failed writing temporary file '%s': %s",
  33                                                path, strerror(errno));
  34        close(fd);
  35
  36        /* find the length without signature */
  37        len = 0;
  38        while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
  39                eol = memchr(buf + len, '\n', size - len);
  40                len += eol ? eol - (buf + len) + 1 : size - len;
  41        }
  42        if (verbose)
  43                write_in_full(1, buf, len);
  44
  45        memset(&gpg, 0, sizeof(gpg));
  46        gpg.argv = args_gpg;
  47        gpg.in = -1;
  48        args_gpg[2] = path;
  49        if (start_command(&gpg)) {
  50                unlink(path);
  51                return error("could not run gpg.");
  52        }
  53
  54        write_in_full(gpg.in, buf, len);
  55        close(gpg.in);
  56        ret = finish_command(&gpg);
  57
  58        unlink(path);
  59
  60        return ret;
  61}
  62
  63static int verify_tag(const char *name, int verbose)
  64{
  65        enum object_type type;
  66        unsigned char sha1[20];
  67        char *buf;
  68        unsigned long size;
  69        int ret;
  70
  71        if (get_sha1(name, sha1))
  72                return error("tag '%s' not found.", name);
  73
  74        type = sha1_object_info(sha1, NULL);
  75        if (type != OBJ_TAG)
  76                return error("%s: cannot verify a non-tag object of type %s.",
  77                                name, typename(type));
  78
  79        buf = read_sha1_file(sha1, &type, &size);
  80        if (!buf)
  81                return error("%s: unable to read file.", name);
  82
  83        ret = run_gpg_verify(buf, size, verbose);
  84
  85        free(buf);
  86        return ret;
  87}
  88
  89int cmd_verify_tag(int argc, const char **argv, const char *prefix)
  90{
  91        int i = 1, verbose = 0, had_error = 0;
  92
  93        git_config(git_default_config, NULL);
  94
  95        if (argc == 1)
  96                usage(builtin_verify_tag_usage);
  97
  98        if (!strcmp(argv[i], "-v") || !strcmp(argv[i], "--verbose")) {
  99                verbose = 1;
 100                i++;
 101        }
 102
 103        /* sometimes the program was terminated because this signal
 104         * was received in the process of writing the gpg input: */
 105        signal(SIGPIPE, SIG_IGN);
 106        while (i < argc)
 107                if (verify_tag(argv[i++], verbose))
 108                        had_error = 1;
 109        return had_error;
 110}