In contrast to tag signatures, commit signatures are put into the
header, that is between the other header parts and commit messages.
Provide access to the commit content sans the signature, which is the
payload that is actually signed. Commit signature verification does the
parsing anyways, and callers may wish to act on or display the commit
object sans the signature.
Signed-off-by: Michael J Gruber <git@xxxxxxxxxxxxxxxxxxxx>
---
commit.c | 1 +
gpg-interface.c | 2 ++
gpg-interface.h | 1 +
3 files changed, 4 insertions(+)
diff --git a/commit.c b/commit.c
index 881be3b..d0ad7f0 100644
--- a/commit.c
+++ b/commit.c
@@ -1219,6 +1219,7 @@ void check_commit_signature(const struct commit* commit, struct signature_check
&gpg_output, &gpg_status);
if (status && !gpg_output.len)
goto out;
+ sigc->payload = strbuf_detach(&payload, NULL);
sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
parse_gpg_output(sigc);
diff --git a/gpg-interface.c b/gpg-interface.c
index e71b59d..ff07012 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -9,10 +9,12 @@ static const char *gpg_program = "gpg";
void signature_check_clear(struct signature_check *sigc)
{
+ free(sigc->payload);
free(sigc->gpg_output);
free(sigc->gpg_status);
free(sigc->signer);
free(sigc->key);
+ sigc->payload = NULL;
sigc->gpg_output = NULL;
sigc->gpg_status = NULL;
sigc->signer = NULL;
diff --git a/gpg-interface.h b/gpg-interface.h
index 9f0784a..37c23da 100644
--- a/gpg-interface.h
+++ b/gpg-interface.h
@@ -2,6 +2,7 @@
#define GPG_INTERFACE_H
struct signature_check {
+ char *payload;
char *gpg_output;
char *gpg_status;
char result; /* 0 (not checked),
--
2.0.0.426.g37dbf84
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html