On Tue, Jun 14, 2016 at 01:11:19PM +0200, Michael J Gruber wrote:
> When we create a signature, it may happen that gpg returns with
> "success" but not with an actual detached signature on stdout.
>
> Check for the correct header to catch these cases better.
Seems like a reasonable idea.
I do worry that checking for PGP_SIGNATURE is a little fragile, though.
We currently let you sign with gpgsm, for example, and I think this
would break it (the verification side is not great because we don't
recognize gpgsm headers, but this feels like a step backwards).
That wouldn't be too hard to work around with a "is this a signature"
function that checks both types.
> diff --git a/gpg-interface.c b/gpg-interface.c
> index c4b1e8c..664796f 100644
> --- a/gpg-interface.c
> +++ b/gpg-interface.c
> @@ -185,7 +185,7 @@ int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *sig
>
> sigchain_pop(SIGPIPE);
>
> - if (finish_command(&gpg) || !len || len < 0)
> + if (finish_command(&gpg) || !len || len < 0 || strncmp(signature->buf, PGP_SIGNATURE, strlen(PGP_SIGNATURE)))
> return error(_("gpg failed to sign the data"));
I think your strncmp is better spelled:
starts_with(signature->buf, PGP_SIGNATURE);
The check for "!len" is redundant now. I think you could drop "len < 0"
as well (and in fact, drop the "len" variable entirely), as in the error
case we'd simply have an empty signature->len.
Your patch effectively swaps out "did we get any data" for "did we get
the data we expect", which is what those "len" checks were doing.
-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html