From: Phillip Wood <phillip.wood@xxxxxxxxxxxxx>
If the signature file cannot be read we print an error message but do
not return an error to the caller. In practice it seems unlikely that
the file would be unreadable if the call to ssh-keygen succeeds. If we
cannot read the file it may be missing so ignore any errors from
unlink() when we try to remove it.
Signed-off-by: Phillip Wood <phillip.wood@xxxxxxxxxxxxx>
---
ssh signing: return an error when signature cannot be read
This patch is based on maint. In the longer term the code could be
simplified by using pipes rather than tempfiles as we do for gpg.
ssh-keygen has supported reading the data to be signed from stdin and
writing the signature to stdout since it introduced signing.
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1371%2Fphillipwood%2Fssh-signing-return-error-on-missing-signature-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1371/phillipwood/ssh-signing-return-error-on-missing-signature-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/1371
gpg-interface.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/gpg-interface.c b/gpg-interface.c
index 947b58ad4da..d352bc286b6 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -1043,9 +1043,11 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
strbuf_addbuf(&ssh_signature_filename, &buffer_file->filename);
strbuf_addstr(&ssh_signature_filename, ".sig");
if (strbuf_read_file(signature, ssh_signature_filename.buf, 0) < 0) {
- error_errno(
+ ret = error_errno(
_("failed reading ssh signing data buffer from '%s'"),
ssh_signature_filename.buf);
+ unlink(ssh_signature_filename.buf);
+ goto out;
}
unlink_or_warn(ssh_signature_filename.buf);
base-commit: a0feb8611d4c0b2b5d954efe4e98207f62223436
--
gitgitgadget
