From: Junio C Hamano <gitster@pobox.com>
Date: Thu, 10 Jul 2014 18:27:33 +0000 (-0700)
Subject: Merge branch 'mg/verify-commit'
X-Git-Tag: v2.1.0-rc0~55
X-Git-Url: https://repo.or.cz/w/git.git/commitdiff_plain/39177c7f184b4c07a1f53f99f59c920c3fb6222d

Merge branch 'mg/verify-commit'

Add 'verify-commit' to be used in a way similar to 'verify-tag' is
used.  Further work on verifying the mergetags might be needed.

* mg/verify-commit:
  t7510: test verify-commit
  t7510: exit for loop with test result
  verify-commit: scriptable commit signature verification
  gpg-interface: provide access to the payload
  gpg-interface: provide clear helper for struct signature_check
---

39177c7f184b4c07a1f53f99f59c920c3fb6222d
diff --cc pretty.c
index 8d201f6bda,f6a0023dd2..14357e233f
--- a/pretty.c
+++ b/pretty.c
@@@ -1519,9 -1531,8 +1519,7 @@@ void format_commit_message(const struc
  	}
  
  	free(context.commit_encoding);
 -	logmsg_free(context.message, commit);
 -	signature_check_clear(&context.signature_check);
 +	unuse_commit_buffer(commit, context.message);
- 	free(context.signature_check.gpg_output);
- 	free(context.signature_check.signer);
  }
  
  static void pp_header(struct pretty_print_context *pp,
diff --cc t/t7510-signed-commit.sh
index e97477a3b9,dd4b94823e..474dab381a
--- a/t/t7510-signed-commit.sh
+++ b/t/t7510-signed-commit.sh
@@@ -43,44 -43,46 +43,59 @@@ test_expect_success GPG 'create signed 
  
  	test_tick && git rebase -f HEAD^^ && git tag sixth-signed HEAD^ &&
  	git tag seventh-signed
 +
 +	echo 8 >file && test_tick && git commit -a -m eighth -SB7227189 &&
 +	git tag eighth-signed-alt
  '
  
- test_expect_success GPG 'show signatures' '
+ test_expect_success GPG 'verify and show signatures' '
  	(
 -		for commit in initial second merge fourth-signed fifth-signed sixth-signed master
 +		for commit in initial second merge fourth-signed fifth-signed sixth-signed seventh-signed
  		do
+ 			git verify-commit $commit &&
  			git show --pretty=short --show-signature $commit >actual &&
  			grep "Good signature from" actual &&
 -			! grep "BAD signature from" actual || exit 1
 -			echo $commit OK
 +			! grep "BAD signature from" actual &&
 +			echo $commit OK || exit 1
  		done
  	) &&
  	(
  		for commit in merge^2 fourth-unsigned sixth-unsigned seventh-unsigned
  		do
+ 			test_must_fail git verify-commit $commit &&
  			git show --pretty=short --show-signature $commit >actual &&
  			! grep "Good signature from" actual &&
 -			! grep "BAD signature from" actual || exit 1
 -			echo $commit OK
 +			! grep "BAD signature from" actual &&
 +			echo $commit OK || exit 1
 +		done
 +	) &&
 +	(
 +		for commit in eighth-signed-alt
 +		do
 +			git show --pretty=short --show-signature $commit >actual &&
 +			grep "Good signature from" actual &&
 +			! grep "BAD signature from" actual &&
 +			grep "not certified" actual &&
 +			echo $commit OK || exit 1
  		done
  	)
  '
  
+ test_expect_success GPG 'show signed commit with signature' '
+ 	git show -s initial >commit &&
+ 	git show -s --show-signature initial >show &&
+ 	git verify-commit -v initial >verify.1 2>verify.2 &&
+ 	git cat-file commit initial >cat &&
+ 	grep -v "gpg: " show >show.commit &&
+ 	grep "gpg: " show >show.gpg &&
+ 	grep -v "^ " cat | grep -v "^gpgsig " >cat.commit &&
+ 	test_cmp show.commit commit &&
+ 	test_cmp show.gpg verify.2 &&
+ 	test_cmp cat.commit verify.1
+ '
+ 
  test_expect_success GPG 'detect fudged signature' '
 -	git cat-file commit master >raw &&
 +	git cat-file commit seventh-signed >raw &&
  
  	sed -e "s/seventh/7th forged/" raw >forged1 &&
  	git hash-object -w -t commit forged1 >forged1.commit &&