gpg-interface.c: support getting key fingerprint via %GF format

Support processing VALIDSIG status that provides additional information
for valid signatures.  Use this information to propagate signing key
fingerprint and expose it via %GF pretty format.  This format can be
used to build safer key verification systems that verify the key via
complete fingerprint rather than short/long identifier provided by %GK.

Signed-off-by: Michał Górny <mgorny@gentoo.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Michał Górny 2018-10-22 18:38:20 +02:00 committed by Junio C Hamano
parent 0b11a84e1b
commit 3daaaabe7e
5 changed files with 31 additions and 7 deletions

View File

@ -153,6 +153,7 @@ endif::git-rev-list[]
and "N" for no signature
- '%GS': show the name of the signer for a signed commit
- '%GK': show the key used to sign a signed commit
- '%GF': show the fingerprint of the key used to sign a signed commit
- '%gD': reflog selector, e.g., `refs/stash@{1}` or
`refs/stash@{2 minutes ago`}; the format follows the rules described
for the `-g` option. The portion before the `@` is the refname as

View File

@ -73,6 +73,7 @@ void signature_check_clear(struct signature_check *sigc)
FREE_AND_NULL(sigc->gpg_status);
FREE_AND_NULL(sigc->signer);
FREE_AND_NULL(sigc->key);
FREE_AND_NULL(sigc->fingerprint);
}
/* An exclusive status -- only one of them can appear in output */
@ -81,6 +82,8 @@ void signature_check_clear(struct signature_check *sigc)
#define GPG_STATUS_KEYID (1<<1)
/* The status includes user identifier */
#define GPG_STATUS_UID (1<<2)
/* The status includes key fingerprints */
#define GPG_STATUS_FINGERPRINT (1<<3)
/* Short-hand for standard exclusive *SIG status with keyid & UID */
#define GPG_STATUS_STDSIG (GPG_STATUS_EXCLUSIVE|GPG_STATUS_KEYID|GPG_STATUS_UID)
@ -98,6 +101,7 @@ static struct {
{ 'X', "EXPSIG ", GPG_STATUS_STDSIG },
{ 'Y', "EXPKEYSIG ", GPG_STATUS_STDSIG },
{ 'R', "REVKEYSIG ", GPG_STATUS_STDSIG },
{ 0, "VALIDSIG ", GPG_STATUS_FINGERPRINT },
};
static void parse_gpg_output(struct signature_check *sigc)
@ -123,7 +127,8 @@ static void parse_gpg_output(struct signature_check *sigc)
goto found_duplicate_status;
}
sigc->result = sigcheck_gpg_status[i].result;
if (sigcheck_gpg_status[i].result)
sigc->result = sigcheck_gpg_status[i].result;
/* Do we have key information? */
if (sigcheck_gpg_status[i].flags & GPG_STATUS_KEYID) {
next = strchrnul(line, ' ');
@ -137,6 +142,12 @@ static void parse_gpg_output(struct signature_check *sigc)
sigc->signer = xmemdupz(line, next - line);
}
}
/* Do we have fingerprint? */
if (sigcheck_gpg_status[i].flags & GPG_STATUS_FINGERPRINT) {
next = strchrnul(line, ' ');
free(sigc->fingerprint);
sigc->fingerprint = xmemdupz(line, next - line);
}
break;
}
@ -154,6 +165,7 @@ found_duplicate_status:
*/
sigc->result = 'E';
/* Clear partial data to avoid confusion */
FREE_AND_NULL(sigc->fingerprint);
FREE_AND_NULL(sigc->signer);
FREE_AND_NULL(sigc->key);
}

View File

@ -23,6 +23,7 @@ struct signature_check {
char result;
char *signer;
char *key;
char *fingerprint;
};
void signature_check_clear(struct signature_check *sigc);

View File

@ -1256,6 +1256,10 @@ static size_t format_commit_one(struct strbuf *sb, /* in UTF-8 */
if (c->signature_check.key)
strbuf_addstr(sb, c->signature_check.key);
break;
case 'F':
if (c->signature_check.fingerprint)
strbuf_addstr(sb, c->signature_check.fingerprint);
break;
default:
return 0;
}

View File

@ -175,8 +175,9 @@ test_expect_success GPG 'show good signature with custom format' '
G
13B6F51ECDDE430D
C O Mitter <committer@example.com>
73D758744BE721698EC54E8713B6F51ECDDE430D
EOF
git log -1 --format="%G?%n%GK%n%GS" sixth-signed >actual &&
git log -1 --format="%G?%n%GK%n%GS%n%GF" sixth-signed >actual &&
test_cmp expect actual
'
@ -185,8 +186,9 @@ test_expect_success GPG 'show bad signature with custom format' '
B
13B6F51ECDDE430D
C O Mitter <committer@example.com>
EOF
git log -1 --format="%G?%n%GK%n%GS" $(cat forged1.commit) >actual &&
git log -1 --format="%G?%n%GK%n%GS%n%GF" $(cat forged1.commit) >actual &&
test_cmp expect actual
'
@ -195,8 +197,9 @@ test_expect_success GPG 'show untrusted signature with custom format' '
U
61092E85B7227189
Eris Discordia <discord@example.net>
D4BE22311AD3131E5EDA29A461092E85B7227189
EOF
git log -1 --format="%G?%n%GK%n%GS" eighth-signed-alt >actual &&
git log -1 --format="%G?%n%GK%n%GS%n%GF" eighth-signed-alt >actual &&
test_cmp expect actual
'
@ -205,8 +208,9 @@ test_expect_success GPG 'show unknown signature with custom format' '
E
61092E85B7227189
EOF
GNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GK%n%GS" eighth-signed-alt >actual &&
GNUPGHOME="$GNUPGHOME_NOT_USED" git log -1 --format="%G?%n%GK%n%GS%n%GF" eighth-signed-alt >actual &&
test_cmp expect actual
'
@ -215,8 +219,9 @@ test_expect_success GPG 'show lack of signature with custom format' '
N
EOF
git log -1 --format="%G?%n%GK%n%GS" seventh-unsigned >actual &&
git log -1 --format="%G?%n%GK%n%GS%n%GF" seventh-unsigned >actual &&
test_cmp expect actual
'
@ -255,8 +260,9 @@ test_expect_success GPG 'show double signature with custom format' '
E
EOF
git log -1 --format="%G?%n%GK%n%GS" $(cat double-commit.commit) >actual &&
git log -1 --format="%G?%n%GK%n%GS%n%GF" $(cat double-commit.commit) >actual &&
test_cmp expect actual
'