Hi Fabian
On 06/10/2022 09:28, Fabian Stelzer wrote:
On 04.10.2022 10:01, Phillip Wood via GitGitGadget wrote:
From: Phillip Wood <phillip.wood@xxxxxxxxxxxxx>
This patch is based on maint. In the longer term the code could be
simplified by using pipes rather than tempfiles as we do for gpg.
ssh-keygen has supported reading the data to be signed from stdin and
writing the signature to stdout since it introduced signing.
The ssh-keygen call is already using stdin for the content to sign or
verify. The signature and the signing key need to be files passed as
parameters to ssh-keygen. I'm not aware of any other option of providing
them to it.
We use stdin for the content when verifying but not when signing
strvec_pushl(&signer.args, use_format->program,
"-Y", "sign",
"-n", "git",
"-f", ssh_signing_key_file,
buffer_file->filename.buf,
NULL);
sigchain_push(SIGPIPE, SIG_IGN);
ret = pipe_command(&signer, NULL, 0, NULL, 0, &signer_stderr, 0);
sigchain_pop(SIGPIPE);
Note that when verifying with -Y check-novalidate there is a missing
call to sigchain_push(SIGPIPE, SIG_IGN) as we are passing data over
stdin so need to ignore SIGPIPE.
Best Wishes
Phillip
Cheers,
Fabian
