[PATCH v8 0/5] Verify GPG signatures when merging and extend %G? pretty string

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/31/2013 04:41 PM, John Keeping wrote:> On Sun, Mar 31, 2013 at 04:32:52PM +0200, Sebastian Götte wrote:
>> +	/* Iterate over all search strings */
>>  	for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
>> -		const char *found = strstr(buf, sigcheck_gpg_status[i].check);
>> -		const char *next;
>> -		if (!found)
>> -			continue;
>> +		const char *found, *next;
>> +
>> +		if (!prefixcmp(buf, sigcheck_gpg_status[i].check + 1)) {
>> +			/* At the very beginning of the buffer */
> 
> This seems wrong.  You're losing the "\n" in front of the status strings
> above but adding a special first line check skipping the first
> character.  Surely it should be one of these changes or the other, not
> both?

You're right, that does not make a whole lot of sense.

On 03/31/2013 04:44 PM, John Keeping wrote:
>> +		if (sigc->result != 'U') {
>
> This could use a comment; we know now that only GOODSIG and BADSIG
> are followed by a signature, but someone looking at this code in the
> future will probably appreciate an explanation.

Fixed.

Sebastian Götte (5):
  Move commit GPG signature verification to commit.c
  commit.c/GPG signature verification: Also look at the first GPG status
    line
  merge/pull: verify GPG signatures of commits being merged
  merge/pull Check for untrusted good GPG signatures
  pretty printing: extend %G? to include 'N' and 'U'

 Documentation/merge-options.txt    |   5 ++
 Documentation/pretty-formats.txt   |   3 +-
 builtin/merge.c                    |  34 +++++++++++++-
 commit.c                           |  70 ++++++++++++++++++++++++++++
 commit.h                           |  10 ++++
 git-pull.sh                        |  10 +++-
 gpg-interface.h                    |  12 +++++
 pretty.c                           |  93 ++++++-------------------------------
 t/lib-gpg/pubring.gpg              | Bin 1164 -> 2359 bytes
 t/lib-gpg/random_seed              | Bin 600 -> 600 bytes
 t/lib-gpg/secring.gpg              | Bin 1237 -> 3734 bytes
 t/lib-gpg/trustdb.gpg              | Bin 1280 -> 1360 bytes
 t/t7612-merge-verify-signatures.sh |  61 ++++++++++++++++++++++++
 13 files changed, 216 insertions(+), 82 deletions(-)
 create mode 100755 t/t7612-merge-verify-signatures.sh

-- 
1.8.1.5

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]