config: document value 2 for protocol.version
[gitweb.git] / gpg-interface.c
index 8672edaf4823daafbfa1c51b37faca11250374d4..4feacf16e5bcd93dcde4a2ea769f6b61ca369593 100644 (file)
@@ -1,4 +1,5 @@
 #include "cache.h"
+#include "config.h"
 #include "run-command.h"
 #include "strbuf.h"
 #include "gpg-interface.h"
@@ -13,16 +14,11 @@ static const char *gpg_program = "gpg";
 
 void signature_check_clear(struct signature_check *sigc)
 {
-       free(sigc->payload);
-       free(sigc->gpg_output);
-       free(sigc->gpg_status);
-       free(sigc->signer);
-       free(sigc->key);
-       sigc->payload = NULL;
-       sigc->gpg_output = NULL;
-       sigc->gpg_status = NULL;
-       sigc->signer = NULL;
-       sigc->key = NULL;
+       FREE_AND_NULL(sigc->payload);
+       FREE_AND_NULL(sigc->gpg_output);
+       FREE_AND_NULL(sigc->gpg_status);
+       FREE_AND_NULL(sigc->signer);
+       FREE_AND_NULL(sigc->key);
 }
 
 static struct {
@@ -33,6 +29,10 @@ static struct {
        { 'B', "\n[GNUPG:] BADSIG " },
        { 'U', "\n[GNUPG:] TRUST_NEVER" },
        { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
+       { 'E', "\n[GNUPG:] ERRSIG "},
+       { 'X', "\n[GNUPG:] EXPSIG "},
+       { 'Y', "\n[GNUPG:] EXPKEYSIG "},
+       { 'R', "\n[GNUPG:] REVKEYSIG "},
 };
 
 void parse_gpg_output(struct signature_check *sigc)
@@ -54,9 +54,12 @@ void parse_gpg_output(struct signature_check *sigc)
                /* The trust messages are not followed by key/signer information */
                if (sigc->result != 'U') {
                        sigc->key = xmemdupz(found, 16);
-                       found += 17;
-                       next = strchrnul(found, '\n');
-                       sigc->signer = xmemdupz(found, next - found);
+                       /* The ERRSIG message is not followed by signer information */
+                       if (sigc-> result != 'E') {
+                               found += 17;
+                               next = strchrnul(found, '\n');
+                               sigc->signer = xmemdupz(found, next - found);
+                       }
                }
        }
 }
@@ -199,26 +202,26 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
                         struct strbuf *gpg_output, struct strbuf *gpg_status)
 {
        struct child_process gpg = CHILD_PROCESS_INIT;
-       static struct tempfile temp;
-       int fd, ret;
+       struct tempfile *temp;
+       int ret;
        struct strbuf buf = STRBUF_INIT;
 
-       fd = mks_tempfile_t(&temp, ".git_vtag_tmpXXXXXX");
-       if (fd < 0)
+       temp = mks_tempfile_t(".git_vtag_tmpXXXXXX");
+       if (!temp)
                return error_errno(_("could not create temporary file"));
-       if (write_in_full(fd, signature, signature_size) < 0) {
+       if (write_in_full(temp->fd, signature, signature_size) < 0 ||
+           close_tempfile_gently(temp) < 0) {
                error_errno(_("failed writing detached signature to '%s'"),
-                           temp.filename.buf);
+                           temp->filename.buf);
                delete_tempfile(&temp);
                return -1;
        }
-       close(fd);
 
        argv_array_pushl(&gpg.args,
                         gpg_program,
                         "--status-fd=1",
                         "--keyid-format=long",
-                        "--verify", temp.filename.buf, "-",
+                        "--verify", temp->filename.buf, "-",
                         NULL);
 
        if (!gpg_status)