Andrew's git / gitweb.git / blobdiff
?
transport: reformat flag #defines to be more readable
[gitweb.git] / gpg-interface.c
diff --git a/gpg-interface.c b/gpg-interface.c
index c98035dffaaa880abc538c30c125717574ae4bca..e44cc27da15f03629989ee0083664d0af09c55b3 100644 (file)
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -33,6 +33,10 @@ static struct {
        { 'B', "\n[GNUPG:] BADSIG " },
        { 'U', "\n[GNUPG:] TRUST_NEVER" },
        { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
+       { 'E', "\n[GNUPG:] ERRSIG "},
+       { 'X', "\n[GNUPG:] EXPSIG "},
+       { 'Y', "\n[GNUPG:] EXPKEYSIG "},
+       { 'R', "\n[GNUPG:] REVKEYSIG "},
 };
 
 void parse_gpg_output(struct signature_check *sigc)
@@ -54,9 +58,12 @@ void parse_gpg_output(struct signature_check *sigc)
                /* The trust messages are not followed by key/signer information */
                if (sigc->result != 'U') {
                        sigc->key = xmemdupz(found, 16);
-                       found += 17;
-                       next = strchrnul(found, '\n');
-                       sigc->signer = xmemdupz(found, next - found);
+                       /* The ERRSIG message is not followed by signer information */
+                       if (sigc-> result != 'E') {
+                               found += 17;
+                               next = strchrnul(found, '\n');
+                               sigc->signer = xmemdupz(found, next - found);
+                       }
                }
        }
 }
@@ -151,40 +158,30 @@ const char *get_signing_key(void)
 int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key)
 {
        struct child_process gpg = CHILD_PROCESS_INIT;
-       ssize_t len;
+       int ret;
        size_t i, j, bottom;
+       struct strbuf gpg_status = STRBUF_INIT;
 
-       gpg.in = -1;
-       gpg.out = -1;
        argv_array_pushl(&gpg.args,
                         gpg_program,
+                        "--status-fd=2",
                         "-bsau", signing_key,
                         NULL);
 
-       if (start_command(&gpg))
-               return error(_("could not run gpg."));
+       bottom = signature->len;
 
        /*
         * When the username signingkey is bad, program could be terminated
         * because gpg exits without reading and then write gets SIGPIPE.
         */
        sigchain_push(SIGPIPE, SIG_IGN);
-
-       if (write_in_full(gpg.in, buffer->buf, buffer->len) != buffer->len) {
-               close(gpg.in);
-               close(gpg.out);
-               finish_command(&gpg);
-               return error(_("gpg did not accept the data"));
-       }
-       close(gpg.in);
-
-       bottom = signature->len;
-       len = strbuf_read(signature, gpg.out, 1024);
-       close(gpg.out);
-
+       ret = pipe_command(&gpg, buffer->buf, buffer->len,
+                          signature, 1024, &gpg_status, 0);
        sigchain_pop(SIGPIPE);
 
-       if (finish_command(&gpg) || !len || len < 0)
+       ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
+       strbuf_release(&gpg_status);
+       if (ret)
                return error(_("gpg failed to sign the data"));
 
        /* Strip CR from the line endings, in case we are on Windows. */
@@ -227,6 +224,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
        argv_array_pushl(&gpg.args,
                         gpg_program,
                         "--status-fd=1",
+                        "--keyid-format=long",
                         "--verify", temp.filename.buf, "-",
                         NULL);