On Thu, Sep 22, 2016 at 02:16:21PM -0700, Junio C Hamano wrote:
> santi...@nyu.edu writes:
> 
> > From: Santiago Torres <santi...@nyu.edu>
> >
> > Callers of verify-tag may want to cross-check the tagname from refs/tags
> > with the tagname from the tag object header upon GPG verification. This
> > is to avoid tag refs that point to an incorrect object.
> >
> > Add a --format parameter to git verify-tag to print the formatted tag
> > object header in addition to or instead of the --verbose or --raw GPG
> > verification output.
> >
> > Signed-off-by: Santiago Torres <santi...@nyu.edu>
> > ---
> >  builtin/verify-tag.c | 13 +++++++++++--
> >  1 file changed, 11 insertions(+), 2 deletions(-)
> >
> > diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c
> > index 7a1121b..319d469 100644
> > --- a/builtin/verify-tag.c
> > +++ b/builtin/verify-tag.c
> > @@ -12,12 +12,15 @@
> >  #include <signal.h>
> >  #include "parse-options.h"
> >  #include "gpg-interface.h"
> > +#include "ref-filter.h"
> >  
> >  static const char * const verify_tag_usage[] = {
> > -           N_("git verify-tag [-v | --verbose] <tag>..."),
> > +           N_("git verify-tag [-v | --verbose] [--format=<format>] 
> > <tag>..."),
> >             NULL
> >  };
> >  
> > +char *fmt_pretty;
> 
> Does this have to be extern?  I do not think so; prepend "static "
> in front of it.
> 
> >     while (i < argc) {
> >             unsigned char sha1[20];
> >             const char *name = argv[i++];
> >             if (get_sha1(name, sha1))
> >                     had_error = !!error("tag '%s' not found.", name);
> >             else {
> > -                   if (verify_and_format_tag(sha1, name, NULL, flags))
> > +                   if (verify_and_format_tag(sha1, name, fmt_pretty, 
> > flags))
> 
> OK.  The callchain from here is
> 
>     verify_and_format_tag()
>     -> run_gpg_verify()
>       -> print_signature_buffer()
> 
> so not cramming QUIET into the flags parameter that is already
> passed is cumbersome.  As I said in my earlier review, it would make
> more sense to have the conditional NOT in print_signature_buffer()
> but in its caller, but it still is OK to add GPG_VERIFY_QUIET bit
> to the flag, which you would check in run_gpg_verify() to decide not
> to call print_signature_buffer().
> 

Yeah, in retrospect, this sounds like a more reasonable approach than
doing it on gpg-nterface. I'll keep the QUIET bit then.

Attachment: signature.asc
Description: PGP signature

Reply via email to