Andrew's git / gitweb.git / diff
?
gpg-interface: check gpg signature creation status
authorMichael J Gruber <git@drmicha.warpmail.net>
Fri, 17 Jun 2016 23:38:59 +0000 (19:38 -0400)
committerJunio C Hamano <gitster@pobox.com>
Sat, 18 Jun 2016 00:03:57 +0000 (17:03 -0700)
When we create a signature, it may happen that gpg returns with
"success" but not with an actual detached signature on stdout.

Check for the correct signature creation status to catch these cases
better. Really, --status-fd parsing is the only way to check gpg status
reliably. We do the same for verify already.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
gpg-interface.c patch | blob | history
t/t7004-tag.sh patch | blob | history
diff --git a/gpg-interface.c b/gpg-interface.c
index 74f08a2a0e3b196f907aa13928bcd1f1275c6e21..08356f92e7b39787deb145868b01bf4c2cf0102a 100644 (file)
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -153,9 +153,11 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig
        struct child_process gpg = CHILD_PROCESS_INIT;
        int ret;
        size_t i, j, bottom;
+       struct strbuf gpg_status = STRBUF_INIT;
 
        argv_array_pushl(&gpg.args,
                         gpg_program,
+                        "--status-fd=2",
                         "-bsau", signing_key,
                         NULL);
 
@@ -167,10 +169,12 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig
         */
        sigchain_push(SIGPIPE, SIG_IGN);
        ret = pipe_command(&gpg, buffer->buf, buffer->len,
-                          signature, 1024, NULL, 0);
+                          signature, 1024, &gpg_status, 0);
        sigchain_pop(SIGPIPE);
 
-       if (ret || signature->len == bottom)
+       ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
+       strbuf_release(&gpg_status);
+       if (ret)
                return error(_("gpg failed to sign the data"));
 
        /* Strip CR from the line endings, in case we are on Windows. */
diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index f9b7d79af571ab2c377edeb7d46c1605078a4e02..8b0f71a2ac15d65f977b0daa2a53ad47b64a043a 100755 (executable)
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -1202,10 +1202,17 @@ test_expect_success GPG,RFC1991 \
 # try to sign with bad user.signingkey
 git config user.signingkey BobTheMouse
 test_expect_success GPG \
-       'git tag -s fails if gpg is misconfigured' \
+       'git tag -s fails if gpg is misconfigured (bad key)' \
        'test_must_fail git tag -s -m tail tag-gpg-failure'
 git config --unset user.signingkey
 
+# try to produce invalid signature
+test_expect_success GPG \
+       'git tag -s fails if gpg is misconfigured (bad signature format)' \
+       'test_config gpg.program echo &&
+        test_must_fail git tag -s -m tail tag-gpg-failure'
+
+
 # try to verify without gpg:
 
 rm -rf gpghome