In contrast to tag signatures, commit signatures are put into the header, that is between the other header parts and commit messages. Provide access to the commit content sans the signature, which is the payload that is actually signed. Commit signature verification does the parsing anyways, and callers may wish to act on or display the commit object sans the signature. Signed-off-by: Michael J Gruber <git@xxxxxxxxxxxxxxxxxxxx> --- commit.c | 1 + gpg-interface.c | 2 ++ gpg-interface.h | 1 + 3 files changed, 4 insertions(+) diff --git a/commit.c b/commit.c index fb7897c..acb74b5 100644 --- a/commit.c +++ b/commit.c @@ -1270,6 +1270,7 @@ void check_commit_signature(const struct commit* commit, struct signature_check &gpg_output, &gpg_status); if (status && !gpg_output.len) goto out; + sigc->payload = strbuf_detach(&payload, NULL); sigc->gpg_output = strbuf_detach(&gpg_output, NULL); sigc->gpg_status = strbuf_detach(&gpg_status, NULL); parse_gpg_output(sigc); diff --git a/gpg-interface.c b/gpg-interface.c index e71b59d..ff07012 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -9,10 +9,12 @@ static const char *gpg_program = "gpg"; void signature_check_clear(struct signature_check *sigc) { + free(sigc->payload); free(sigc->gpg_output); free(sigc->gpg_status); free(sigc->signer); free(sigc->key); + sigc->payload = NULL; sigc->gpg_output = NULL; sigc->gpg_status = NULL; sigc->signer = NULL; diff --git a/gpg-interface.h b/gpg-interface.h index 9f0784a..37c23da 100644 --- a/gpg-interface.h +++ b/gpg-interface.h @@ -2,6 +2,7 @@ #define GPG_INTERFACE_H struct signature_check { + char *payload; char *gpg_output; char *gpg_status; char result; /* 0 (not checked), -- 2.0.1.563.g162087b.dirty -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html