From: Jeff King <peff@xxxxxxxx> A signed tag has a detached signature like this: object ... [...more header...] This is the tag body. -----BEGIN PGP SIGNATURE----- [opaque gpg data] -----END PGP SIGNATURE----- Our parser finds the _first_ line that appears to start a PGP signature block, meaning we may be confused by a signature (or a signature-like line) in the actual body. Let's keep parsing and always find the final block, which should be the detached signature over all of the preceding content. --- gpg-interface.c | 12 +++++++++--- t/t7004-tag.sh | 11 +++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/gpg-interface.c b/gpg-interface.c index 79333c1ee8..0647bd6348 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -110,11 +110,17 @@ static int is_gpg_start(const char *line) size_t parse_signature(const char *buf, size_t size) { size_t len = 0; - while (len < size && !is_gpg_start(buf + len)) { - const char *eol = memchr(buf + len, '\n', size - len); + size_t match = size; + while (len < size) { + const char *eol; + + if (is_gpg_start(buf + len)) + match = len; + + eol = memchr(buf + len, '\n', size - len); len += eol ? eol - (buf + len) + 1 : size - len; } - return len; + return match; } void set_signing_key(const char *key) diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh index ee093b393d..e3f1e014aa 100755 --- a/t/t7004-tag.sh +++ b/t/t7004-tag.sh @@ -1059,6 +1059,17 @@ test_expect_success GPG \ git tag -v blanknonlfile-signed-tag ' +test_expect_success GPG 'signed tag with embedded PGP message' ' + cat >msg <<-\EOF && + -----BEGIN PGP MESSAGE----- + + this is not a real PGP message + -----END PGP MESSAGE----- + EOF + git tag -s -F msg confusing-pgp-message && + git tag -v confusing-pgp-message +' + # messages with commented lines for signed tags: cat >sigcommentsfile <<EOF -- 2.15.1 (Apple Git-101)