This series introduces support for verifying commits and tags signed by multiple algorithms. Originally, we had planned for SHA-256 tags to stuff the signature in a header instead of using a trailing signature, and a patch to do that was sent out in part 1/3. Unfortunately, for whatever reason, that patch didn't make it into the master branch, and so we use trailing signatures there. We can't change this now, because otherwise it would be ambiguous whether the trailing signature on a SHA-256 object was for the SHA-256 contents or whether the contents were a rewritten SHA-1 object with no SHA-256 signature at all. To do the next best thing, let's use the trailing signature for the preferred hash algorithm and use a header for the other variant. This permits round-tripping, but has the downside that tags signed with multiple algorithms can't be verified with older versions of Git. However, signatures created with older versions of Git continue to be accepted. For commits, let's accept a commit that has two signatures. We previously created the commits correctly but didn't strip the extra header off when verifying, so our verification indicated the signature was bad. Both these situations allow for signing commits and tags that can be round-tripped through both SHA-1 and SHA-256. We verify only the signature using the current hash algorithm, since we currently don't rewrite objects. brian m. carlson (5): commit: ignore additional signatures when parsing signed commits gpg-interface: improve interface for parsing tags commit: allow parsing arbitrary buffers with headers ref-filter: hoist signature parsing gpg-interface: remove other signature headers before verifying builtin/receive-pack.c | 4 +- builtin/tag.c | 16 ++++++-- commit.c | 82 +++++++++++++++++++++++++++------------- commit.h | 12 +++++- fmt-merge-msg.c | 8 ++-- gpg-interface.c | 15 +++++++- gpg-interface.h | 9 ++++- log-tree.c | 15 ++++---- ref-filter.c | 23 +++++++---- t/t7004-tag.sh | 25 ++++++++++++ t/t7510-signed-commit.sh | 43 ++++++++++++++++++++- tag.c | 15 ++++---- 12 files changed, 206 insertions(+), 61 deletions(-)
