2 #include "run-command.h"
4 #include "gpg-interface.h"
7 static char *configured_signing_key
;
8 static const char *gpg_program
= "gpg";
10 #define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
11 #define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----"
13 void signature_check_clear(struct signature_check
*sigc
)
16 free(sigc
->gpg_output
);
17 free(sigc
->gpg_status
);
21 sigc
->gpg_output
= NULL
;
22 sigc
->gpg_status
= NULL
;
30 } sigcheck_gpg_status
[] = {
31 { 'G', "\n[GNUPG:] GOODSIG " },
32 { 'B', "\n[GNUPG:] BADSIG " },
33 { 'U', "\n[GNUPG:] TRUST_NEVER" },
34 { 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
37 void parse_gpg_output(struct signature_check
*sigc
)
39 const char *buf
= sigc
->gpg_status
;
42 /* Iterate over all search strings */
43 for (i
= 0; i
< ARRAY_SIZE(sigcheck_gpg_status
); i
++) {
44 const char *found
, *next
;
46 if (!skip_prefix(buf
, sigcheck_gpg_status
[i
].check
+ 1, &found
)) {
47 found
= strstr(buf
, sigcheck_gpg_status
[i
].check
);
50 found
+= strlen(sigcheck_gpg_status
[i
].check
);
52 sigc
->result
= sigcheck_gpg_status
[i
].result
;
53 /* The trust messages are not followed by key/signer information */
54 if (sigc
->result
!= 'U') {
55 sigc
->key
= xmemdupz(found
, 16);
57 next
= strchrnul(found
, '\n');
58 sigc
->signer
= xmemdupz(found
, next
- found
);
63 int check_signature(const char *payload
, size_t plen
, const char *signature
,
64 size_t slen
, struct signature_check
*sigc
)
66 struct strbuf gpg_output
= STRBUF_INIT
;
67 struct strbuf gpg_status
= STRBUF_INIT
;
72 status
= verify_signed_buffer(payload
, plen
, signature
, slen
,
73 &gpg_output
, &gpg_status
);
74 if (status
&& !gpg_output
.len
)
76 sigc
->payload
= xmemdupz(payload
, plen
);
77 sigc
->gpg_output
= strbuf_detach(&gpg_output
, NULL
);
78 sigc
->gpg_status
= strbuf_detach(&gpg_status
, NULL
);
79 parse_gpg_output(sigc
);
82 strbuf_release(&gpg_status
);
83 strbuf_release(&gpg_output
);
85 return sigc
->result
!= 'G' && sigc
->result
!= 'U';
88 void print_signature_buffer(const struct signature_check
*sigc
, unsigned flags
)
90 const char *output
= flags
& GPG_VERIFY_RAW
?
91 sigc
->gpg_status
: sigc
->gpg_output
;
93 if (flags
& GPG_VERIFY_VERBOSE
&& sigc
->payload
)
94 fputs(sigc
->payload
, stdout
);
97 fputs(output
, stderr
);
101 * Look at GPG signed content (e.g. a signed tag object), whose
102 * payload is followed by a detached signature on it. Return the
103 * offset where the embedded detached signature begins, or the end of
104 * the data when there is no such signature.
106 size_t parse_signature(const char *buf
, unsigned long size
)
110 while (len
< size
&& !starts_with(buf
+ len
, PGP_SIGNATURE
) &&
111 !starts_with(buf
+ len
, PGP_MESSAGE
)) {
112 eol
= memchr(buf
+ len
, '\n', size
- len
);
113 len
+= eol
? eol
- (buf
+ len
) + 1 : size
- len
;
118 void set_signing_key(const char *key
)
120 free(configured_signing_key
);
121 configured_signing_key
= xstrdup(key
);
124 int git_gpg_config(const char *var
, const char *value
, void *cb
)
126 if (!strcmp(var
, "user.signingkey")) {
127 set_signing_key(value
);
129 if (!strcmp(var
, "gpg.program")) {
131 return config_error_nonbool(var
);
132 gpg_program
= xstrdup(value
);
137 const char *get_signing_key(void)
139 if (configured_signing_key
)
140 return configured_signing_key
;
141 return git_committer_info(IDENT_STRICT
|IDENT_NO_DATE
);
145 * Create a detached signature for the contents of "buffer" and append
146 * it after "signature"; "buffer" and "signature" can be the same
147 * strbuf instance, which would cause the detached signature appended
150 int sign_buffer(struct strbuf
*buffer
, struct strbuf
*signature
, const char *signing_key
)
152 struct child_process gpg
= CHILD_PROCESS_INIT
;
160 args
[0] = gpg_program
;
162 args
[2] = signing_key
;
165 if (start_command(&gpg
))
166 return error(_("could not run gpg."));
169 * When the username signingkey is bad, program could be terminated
170 * because gpg exits without reading and then write gets SIGPIPE.
172 sigchain_push(SIGPIPE
, SIG_IGN
);
174 if (write_in_full(gpg
.in
, buffer
->buf
, buffer
->len
) != buffer
->len
) {
177 finish_command(&gpg
);
178 return error(_("gpg did not accept the data"));
182 bottom
= signature
->len
;
183 len
= strbuf_read(signature
, gpg
.out
, 1024);
186 sigchain_pop(SIGPIPE
);
188 if (finish_command(&gpg
) || !len
|| len
< 0)
189 return error(_("gpg failed to sign the data"));
191 /* Strip CR from the line endings, in case we are on Windows. */
192 for (i
= j
= bottom
; i
< signature
->len
; i
++)
193 if (signature
->buf
[i
] != '\r') {
195 signature
->buf
[j
] = signature
->buf
[i
];
198 strbuf_setlen(signature
, j
);
204 * Run "gpg" to see if the payload matches the detached signature.
205 * gpg_output, when set, receives the diagnostic output from GPG.
206 * gpg_status, when set, receives the status output from GPG.
208 int verify_signed_buffer(const char *payload
, size_t payload_size
,
209 const char *signature
, size_t signature_size
,
210 struct strbuf
*gpg_output
, struct strbuf
*gpg_status
)
212 struct child_process gpg
= CHILD_PROCESS_INIT
;
213 const char *args_gpg
[] = {NULL
, "--status-fd=1", "--verify", "FILE", "-", NULL
};
216 struct strbuf buf
= STRBUF_INIT
;
217 struct strbuf
*pbuf
= &buf
;
219 args_gpg
[0] = gpg_program
;
220 fd
= git_mkstemp(path
, PATH_MAX
, ".git_vtag_tmpXXXXXX");
222 return error_errno(_("could not create temporary file '%s'"), path
);
223 if (write_in_full(fd
, signature
, signature_size
) < 0)
224 return error_errno(_("failed writing detached signature to '%s'"), path
);
233 if (start_command(&gpg
)) {
235 return error(_("could not run gpg."));
238 write_in_full(gpg
.in
, payload
, payload_size
);
242 strbuf_read(gpg_output
, gpg
.err
, 0);
247 strbuf_read(pbuf
, gpg
.out
, 0);
250 ret
= finish_command(&gpg
);
252 unlink_or_warn(path
);
254 ret
|= !strstr(pbuf
->buf
, "\n[GNUPG:] GOODSIG ");
255 strbuf_release(&buf
); /* no matter it was used or not */