builtin-verify-tag.con commit Tighten refspec processing (ef00d15)
   1/*
   2 * Builtin "git verify-tag"
   3 *
   4 * Copyright (c) 2007 Carlos Rica <jasampler@gmail.com>
   5 *
   6 * Based on git-verify-tag.sh
   7 */
   8#include "cache.h"
   9#include "builtin.h"
  10#include "tag.h"
  11#include "run-command.h"
  12#include <signal.h>
  13
  14static const char builtin_verify_tag_usage[] =
  15                "git-verify-tag [-v|--verbose] <tag>...";
  16
  17#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
  18
  19static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
  20{
  21        struct child_process gpg;
  22        const char *args_gpg[] = {"gpg", "--verify", "FILE", "-", NULL};
  23        char path[PATH_MAX], *eol;
  24        size_t len;
  25        int fd, ret;
  26
  27        fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
  28        if (fd < 0)
  29                return error("could not create temporary file '%s': %s",
  30                                                path, strerror(errno));
  31        if (write_in_full(fd, buf, size) < 0)
  32                return error("failed writing temporary file '%s': %s",
  33                                                path, strerror(errno));
  34        close(fd);
  35
  36        /* find the length without signature */
  37        len = 0;
  38        while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
  39                eol = memchr(buf + len, '\n', size - len);
  40                len += eol ? eol - (buf + len) + 1 : size - len;
  41        }
  42        if (verbose)
  43                write_in_full(1, buf, len);
  44
  45        memset(&gpg, 0, sizeof(gpg));
  46        gpg.argv = args_gpg;
  47        gpg.in = -1;
  48        args_gpg[2] = path;
  49        if (start_command(&gpg))
  50                return error("could not run gpg.");
  51
  52        write_in_full(gpg.in, buf, len);
  53        close(gpg.in);
  54        ret = finish_command(&gpg);
  55
  56        unlink(path);
  57
  58        return ret;
  59}
  60
  61static int verify_tag(const char *name, int verbose)
  62{
  63        enum object_type type;
  64        unsigned char sha1[20];
  65        char *buf;
  66        unsigned long size;
  67        int ret;
  68
  69        if (get_sha1(name, sha1))
  70                return error("tag '%s' not found.", name);
  71
  72        type = sha1_object_info(sha1, NULL);
  73        if (type != OBJ_TAG)
  74                return error("%s: cannot verify a non-tag object of type %s.",
  75                                name, typename(type));
  76
  77        buf = read_sha1_file(sha1, &type, &size);
  78        if (!buf)
  79                return error("%s: unable to read file.", name);
  80
  81        ret = run_gpg_verify(buf, size, verbose);
  82
  83        free(buf);
  84        return ret;
  85}
  86
  87int cmd_verify_tag(int argc, const char **argv, const char *prefix)
  88{
  89        int i = 1, verbose = 0, had_error = 0;
  90
  91        git_config(git_default_config);
  92
  93        if (argc == 1)
  94                usage(builtin_verify_tag_usage);
  95
  96        if (!strcmp(argv[i], "-v") || !strcmp(argv[i], "--verbose")) {
  97                verbose = 1;
  98                i++;
  99        }
 100
 101        /* sometimes the program was terminated because this signal
 102         * was received in the process of writing the gpg input: */
 103        signal(SIGPIPE, SIG_IGN);
 104        while (i < argc)
 105                if (verify_tag(argv[i++], verbose))
 106                        had_error = 1;
 107        return had_error;
 108}