Win32: Unicode file name support (except dirent)
[gitweb.git] / gpg-interface.c
index 45590330aa3131da69174899783913cee9a44c31..ff07012726ea28daa2551966d0555d2e8efa2375 100644 (file)
@@ -7,6 +7,20 @@
 static char *configured_signing_key;
 static const char *gpg_program = "gpg";
 
+void signature_check_clear(struct signature_check *sigc)
+{
+       free(sigc->payload);
+       free(sigc->gpg_output);
+       free(sigc->gpg_status);
+       free(sigc->signer);
+       free(sigc->key);
+       sigc->payload = NULL;
+       sigc->gpg_output = NULL;
+       sigc->gpg_status = NULL;
+       sigc->signer = NULL;
+       sigc->key = NULL;
+}
+
 void set_signing_key(const char *key)
 {
        free(configured_signing_key);
@@ -96,15 +110,18 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig
 /*
  * Run "gpg" to see if the payload matches the detached signature.
  * gpg_output, when set, receives the diagnostic output from GPG.
+ * gpg_status, when set, receives the status output from GPG.
  */
 int verify_signed_buffer(const char *payload, size_t payload_size,
                         const char *signature, size_t signature_size,
-                        struct strbuf *gpg_output)
+                        struct strbuf *gpg_output, struct strbuf *gpg_status)
 {
        struct child_process gpg;
-       const char *args_gpg[] = {NULL, "--verify", "FILE", "-", NULL};
+       const char *args_gpg[] = {NULL, "--status-fd=1", "--verify", "FILE", "-", NULL};
        char path[PATH_MAX];
        int fd, ret;
+       struct strbuf buf = STRBUF_INIT;
+       struct strbuf *pbuf = &buf;
 
        args_gpg[0] = gpg_program;
        fd = git_mkstemp(path, PATH_MAX, ".git_vtag_tmpXXXXXX");
@@ -119,9 +136,10 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
        memset(&gpg, 0, sizeof(gpg));
        gpg.argv = args_gpg;
        gpg.in = -1;
+       gpg.out = -1;
        if (gpg_output)
                gpg.err = -1;
-       args_gpg[2] = path;
+       args_gpg[3] = path;
        if (start_command(&gpg)) {
                unlink(path);
                return error(_("could not run gpg."));
@@ -134,9 +152,17 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
                strbuf_read(gpg_output, gpg.err, 0);
                close(gpg.err);
        }
+       if (gpg_status)
+               pbuf = gpg_status;
+       strbuf_read(pbuf, gpg.out, 0);
+       close(gpg.out);
+
        ret = finish_command(&gpg);
 
        unlink_or_warn(path);
 
+       ret |= !strstr(pbuf->buf, "\n[GNUPG:] GOODSIG ");
+       strbuf_release(&buf); /* no matter it was used or not */
+
        return ret;
 }