Re: [PATCH v2 0/7] Raw gpg output support for verify-commit and verify-tag

2015-06-21 Thread Junio C Hamano 
On Sun, Jun 21, 2015 at 4:14 PM, brian m. carlson
sand...@crustytoothpaste.net wrote:

 This series introduces a --raw option for verify-commit and verify-tag.
 If it's used, they provide the gpg --status-fd output on standard error
 instead of the human-readable output.  The series also adds tests for
 verify-tag, since there were none; these are based off the ones for
 verify-commit.

The series was a logical and gradual progression that was pleasant to read.

Thanks.
--
To unsubscribe from this list: send the line unsubscribe git in

[PATCH v2 0/7] Raw gpg output support for verify-commit and verify-tag

2015-06-21 Thread brian m. carlson 
Currently, verify-commit and verify-tag produce human-readable output.
This is great for humans, and awful for machines.  It also lacks a lot
of the information that GnuPG's --status-fd output provides.

For example, if you wanted to know
* the hash algorithm;
* whether the signature was made with a subkey; or
* the OpenPGP signature version
none of that information is available in the human-readable output.

This series introduces a --raw option for verify-commit and verify-tag.
If it's used, they provide the gpg --status-fd output on standard error
instead of the human-readable output.  The series also adds tests for
verify-tag, since there were none; these are based off the ones for
verify-commit.

v2 of the series corrects one of two incompatibilities between
verify-commit and verify-tag.  If a valid signature was made with an
untrusted key, verify-commit would exit 1, but verify-tag would exit 0.
This has been corrected (as Michael J Gruber suggested); both now return
0, as the signature is in fact good.

The other incompatibility is that verify-tag --verbose always prints the
tag contents even if no signature is found, while verify-commit
--verbose does not print the commit.  I left this alone, as it seemed
easy enough to accommodate at the expense of making the code slightly
uglier.

Changes since v1:
* Unify some of the code between verify-commit and verify-tag.
* Pass the --verbose and --raw options as flags instead of individual
  boolean arguments.
* Reorder the patches to ensure that verify-tag tests came before
  refactors, to avoid regressing functionality.
* Changed verify-commit to succeed if a signature is good, regardless of
  whether it is trusted, at Michael J Gruber's suggestion.

brian m. carlson (7):
  verify-tag: add tests
  verify-tag: share code with verify-commit
  verify-commit: add test for exit status on untrusted signature
  gpg: centralize signature check
  gpg: centralize printing signature buffers
  verify-commit: add option to print raw gpg status information
  verify-tag: add option to print raw gpg status information

 Documentation/git-verify-commit.txt |   4 ++
 Documentation/git-verify-tag.txt|   4 ++
 builtin/verify-commit.c |  25 
 builtin/verify-tag.c|  30 +++---
 commit.c|  21 ++-
 commit.h|   2 +-
 gpg-interface.c |  37 
 gpg-interface.h |   6 ++
 t/t7030-verify-tag.sh   | 115 
 t/t7510-signed-commit.sh|  38 
 10 files changed, 246 insertions(+), 36 deletions(-)
 create mode 100755 t/t7030-verify-tag.sh

-- 
2.4.0

--
To unsubscribe from this list: send the line unsubscribe git in