On Fri, Oct 22 2021, Fabian Stelzer wrote:
[Just nits]
> + if (payload_timestamp) {
> + strbuf_addf(&verify_time, "-Overify-time=%s",
> + show_date(payload_timestamp, 0, &verify_date_mode));
> + }
No braces needed.
> @@ -482,6 +495,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
> error(_("ssh-keygen -Y find-principals/verify is needed for ssh signature verification (available in openssh version 8.2p1+)"));
> goto out;
> }
> +
> if (ret || !ssh_principals_out.len) {
> /*
> * We did not find a matching principal in the allowedSigners
Stray whitespace change.
> +int parse_signed_buffer_metadata(const char *payload, const char *signer_header,
> + timestamp_t *payload_timestamp,
> + struct strbuf *payload_signer)
> +{
> + const char *ident_line = NULL;
> + size_t ident_len;
> + struct ident_split ident;
> +
> + ident_line = find_commit_header(payload, signer_header, &ident_len);
> + if (ident_line && ident_len) {
> + if (!split_ident_line(&ident, ident_line, ident_len)) {
> + if (payload_timestamp && ident.date_begin &&
> + ident.date_end)
> + *payload_timestamp = parse_timestamp(
> + ident.date_begin, NULL, 10);
> + if (payload_signer)
> + strbuf_add(payload_signer, ident.mail_begin,
> + (ident.mail_end - ident.mail_begin));
> +
> + return 0;
> + }
> + }
> +
> + return 1;
> +}
This would be more readable with less nesting, i.e. instead of:
if (x) {
if (y) {
[...]
Doing:
if (!x)
return 1;
if (!y)
return 1;
I.e. only if you get zero from split_ident_line() do you return 0.
