[PATCH 09/10] Add time-stamping functionality to git verify-tag

[Anton Wuerfel]

This commit introduces command line options for git verify-tag to allow
verification of RFC3161 time-stamped tags.

To keep consistent with the current behavior of verifying gpg signatures, the
return value of `git verify-tag` still indicates only the success of gpg
signature verification by default. To influence this behavior, the configuration
variable `ts.failonverify` is introduced.

ts.failonverify set to 0: use default behavior
        Return 1 if gpg verification failed or no signature was found
        Return 0 on success.

If config variable ts.failonverify is set, the return value includes the status
of time-stamp verification in the second lowest bit. Possible return values are:
        0 - both gpg and time stamp verification succeeded
        1 - gpg failed, time stamp succeeded
        2 - gpg succeeded, time stamp failed
        3 - both gpg and time stamp verification failed

Command line parameters `-s` or `-t` override the configuration
variable mentioned above.

Signed-off-by: Anton Würfel <anton.wuer...@fau.de>
Signed-off-by: Phillip Raffeck <phillip.raff...@fau.de>
---
 builtin/verify-tag.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 57 insertions(+), 4 deletions(-)

diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c
index 00663f6..67fd464 100644
--- a/builtin/verify-tag.c
+++ b/builtin/verify-tag.c
@@ -12,9 +12,15 @@
 #include <signal.h>
 #include "parse-options.h"
 #include "gpg-interface.h"
+#include "rfc3161.h"
+
+#define GPG_VERIFY_RET 4
+#define TS_VERIFY_RET 8
+
+static const char *config_key_verify_ts = "ts.failonverify";
 
 static const char * const verify_tag_usage[] = {
-               N_("git verify-tag [-v | --verbose] <tag>..."),
+               N_("git verify-tag [-s | --signature] [-t | --timestamp] [-v | 
--verbose] [--raw] <tag>..."),
                NULL
 };
 
@@ -31,7 +37,8 @@ static int run_gpg_verify(const char *buf, unsigned long 
size, unsigned flags)
        if (size == len) {
                if (flags & GPG_VERIFY_VERBOSE)
                        write_in_full(1, buf, len);
-               return error("no signature found");
+               printf("pgp: no signature found\n");
+               return 1;
        }
 
        ret = check_signature(buf, len, buf + len, size - len, &sigc);
@@ -47,7 +54,12 @@ static int verify_tag(const char *name, unsigned flags)
        unsigned char sha1[20];
        char *buf;
        unsigned long size;
-       int ret;
+       int gpg_had_error = 0;
+       int ret = 0;
+       int config_failonverify = 0;
+       int ts_had_error = 0;
+
+       git_config_get_bool(config_key_verify_ts, &config_failonverify);
 
        if (get_sha1(name, sha1))
                return error("tag '%s' not found.", name);
@@ -61,9 +73,48 @@ static int verify_tag(const char *name, unsigned flags)
        if (!buf)
                return error("%s: unable to read file.", name);
 
-       ret = run_gpg_verify(buf, size, flags);
+       if (run_gpg_verify(buf, size, flags))
+               gpg_had_error = 1;
+
+#if defined(NO_CURL) || defined(NO_OPENSSL)
+       fputs("git has been compiled without RFC3161 time-stamp support. "
+             "NO_CURL and NO_OPENSSL must not be defined", stderr);
+#else
+       if (verify_time_signature(buf, size))
+               ts_had_error = 1;
+#endif
 
        free(buf);
+
+       /*
+        * If the config variable ts.failonverify is not set, behave like older
+        * versions of git verify-tag:
+        * Return 1 if gpg verification failed or no signature was found
+        * Return 0 on success.
+        *
+        * If the config variable ts.failonverify is set and neither -s nor -t
+        * are set as command line parameters, the return value includes the
+        * status of time-stamp verification in the second lowest bit. Possible
+        * return values are:
+        * 0 - both gpg and time stamp verification succeeded
+        * 1 - gpg failed, time stamp succeeded
+        * 2 - gpg succeeded, time stamp failed
+        * 3 - both gpg and time stamp verification failed
+        *
+        * Command line parameters `-s` or `-t` override the configuration
+        * variable mentioned above.
+        */
+       if (flags & (GPG_VERIFY_RET | TS_VERIFY_RET)) {
+               if (flags & GPG_VERIFY_RET)
+                       ret = gpg_had_error;
+               if (flags & TS_VERIFY_RET)
+                       ret |= (ts_had_error << 1);
+       } else {
+               ret = gpg_had_error;
+
+               if (config_failonverify)
+                       ret |= (ts_had_error << 1);
+       }
        return ret;
 }
 
@@ -82,6 +133,8 @@ int cmd_verify_tag(int argc, const char **argv, const char 
*prefix)
        const struct option verify_tag_options[] = {
                OPT__VERBOSE(&verbose, N_("print tag contents")),
                OPT_BIT(0, "raw", &flags, N_("print raw gpg status output"), 
GPG_VERIFY_RAW),
+               OPT_BIT('s', "signature", &flags, N_("report return value of 
gpg signature"), GPG_VERIFY_RET),
+               OPT_BIT('t', "timestamp", &flags, N_("report return value of 
time-stamp signature"), TS_VERIFY_RET),
                OPT_END()
        };
 
-- 
2.8.0.rc0.62.gfc8aefa.dirty

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html