Re: [PATCH 1/8] builtin/receive-pack: use check_signature from gpg-interface

Fri, 06 Jul 2018 12:51:29 -0700 

Henning Schild <henning.sch...@siemens.com> writes:

> The combination of verify_signed_buffer followed by parse_gpg_output is
> available as check_signature. Use that instead of implementing it again.
>
> Signed-off-by: Henning Schild <henning.sch...@siemens.com>
> ---

Makes sense.  

When d05b9618 ("receive-pack: GPG-validate push certificates",
2014-08-14) implemented the check, there wasn't check_signature()
available.  The commit probably should have done what a4cc18f2
("verify-tag: share code with verify-commit", 2015-06-21) later did
to introduce the check_signature() function by factoring it out of
commit.c::check_commit_signature() as a preparatory step.

Will queue.  Thanks.

>  builtin/receive-pack.c | 17 ++---------------
>  1 file changed, 2 insertions(+), 15 deletions(-)
>
> diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
> index 68d36e0a5..9f0583deb 100644
> --- a/builtin/receive-pack.c
> +++ b/builtin/receive-pack.c
> @@ -629,8 +629,6 @@ static void prepare_push_cert_sha1(struct child_process 
> *proc)
>               return;
>  
>       if (!already_done) {
> -             struct strbuf gpg_output = STRBUF_INIT;
> -             struct strbuf gpg_status = STRBUF_INIT;
>               int bogs /* beginning_of_gpg_sig */;
>  
>               already_done = 1;
> @@ -639,22 +637,11 @@ static void prepare_push_cert_sha1(struct child_process 
> *proc)
>                       oidclr(&push_cert_oid);
>  
>               memset(&sigcheck, '\0', sizeof(sigcheck));
> -             sigcheck.result = 'N';
>  
>               bogs = parse_signature(push_cert.buf, push_cert.len);
> -             if (verify_signed_buffer(push_cert.buf, bogs,
> -                                      push_cert.buf + bogs, push_cert.len - 
> bogs,
> -                                      &gpg_output, &gpg_status) < 0) {
> -                     ; /* error running gpg */
> -             } else {
> -                     sigcheck.payload = push_cert.buf;
> -                     sigcheck.gpg_output = gpg_output.buf;
> -                     sigcheck.gpg_status = gpg_status.buf;
> -                     parse_gpg_output(&sigcheck);
> -             }
> +             check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
> +                             push_cert.len - bogs, &sigcheck);
>  
> -             strbuf_release(&gpg_output);
> -             strbuf_release(&gpg_status);
>               nonce_status = check_nonce(push_cert.buf, bogs);
>       }
>       if (!is_null_oid(&push_cert_oid)) {

Reply via email to