transport-helper: pass --signed-tags=warn-strip to fast-export
[gitweb.git] / commit.c
index b4512ab0b2ebd008aa90e0dfe00fbc1aa42a5c64..888e02ae2f65ab566555465e5d88d02bbe52420f 100644 (file)
--- a/commit.c
+++ b/commit.c
@@ -841,7 +841,7 @@ struct commit_list *get_merge_bases(struct commit *one, struct commit *two,
 }
 
 /*
- * Is "commit" a decendant of one of the elements on the "with_commit" list?
+ * Is "commit" a descendant of one of the elements on the "with_commit" list?
  */
 int is_descendant_of(struct commit *commit, struct commit_list *with_commit)
 {
@@ -1041,6 +1041,76 @@ static void handle_signed_tag(struct commit *parent, struct commit_extra_header
        free(buf);
 }
 
+static struct {
+       char result;
+       const char *check;
+} sigcheck_gpg_status[] = {
+       { 'G', "\n[GNUPG:] GOODSIG " },
+       { 'B', "\n[GNUPG:] BADSIG " },
+       { 'U', "\n[GNUPG:] TRUST_NEVER" },
+       { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
+};
+
+static void parse_gpg_output(struct signature_check *sigc)
+{
+       const char *buf = sigc->gpg_status;
+       int i;
+
+       /* Iterate over all search strings */
+       for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
+               const char *found, *next;
+
+               if (!prefixcmp(buf, sigcheck_gpg_status[i].check + 1)) {
+                       /* At the very beginning of the buffer */
+                       found = buf + strlen(sigcheck_gpg_status[i].check + 1);
+               } else {
+                       found = strstr(buf, sigcheck_gpg_status[i].check);
+                       if (!found)
+                               continue;
+                       found += strlen(sigcheck_gpg_status[i].check);
+               }
+               sigc->result = sigcheck_gpg_status[i].result;
+               /* The trust messages are not followed by key/signer information */
+               if (sigc->result != 'U') {
+                       sigc->key = xmemdupz(found, 16);
+                       found += 17;
+                       next = strchrnul(found, '\n');
+                       sigc->signer = xmemdupz(found, next - found);
+               }
+       }
+}
+
+void check_commit_signature(const struct commit* commit, struct signature_check *sigc)
+{
+       struct strbuf payload = STRBUF_INIT;
+       struct strbuf signature = STRBUF_INIT;
+       struct strbuf gpg_output = STRBUF_INIT;
+       struct strbuf gpg_status = STRBUF_INIT;
+       int status;
+
+       sigc->result = 'N';
+
+       if (parse_signed_commit(commit->object.sha1,
+                               &payload, &signature) <= 0)
+               goto out;
+       status = verify_signed_buffer(payload.buf, payload.len,
+                                     signature.buf, signature.len,
+                                     &gpg_output, &gpg_status);
+       if (status && !gpg_output.len)
+               goto out;
+       sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
+       sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
+       parse_gpg_output(sigc);
+
+ out:
+       strbuf_release(&gpg_status);
+       strbuf_release(&gpg_output);
+       strbuf_release(&payload);
+       strbuf_release(&signature);
+}
+
+
+
 void append_merge_tag_headers(struct commit_list *parents,
                              struct commit_extra_header ***tail)
 {