diff options
author | Michał Górny <mgorny@gentoo.org> | 2018-10-22 19:38:20 +0300 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2018-10-23 02:00:09 +0300 |
commit | 3daaaabe7ed22c17bff04d19c711be427bd2e225 (patch) | |
tree | a731b31651b54e0f23b079e10e8aeaf9b094aaf2 /gpg-interface.c | |
parent | 0b11a84e1ba26fa3c9995f19e224848d8afc9bcf (diff) |
gpg-interface.c: support getting key fingerprint via %GF format
Support processing VALIDSIG status that provides additional information
for valid signatures. Use this information to propagate signing key
fingerprint and expose it via %GF pretty format. This format can be
used to build safer key verification systems that verify the key via
complete fingerprint rather than short/long identifier provided by %GK.
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'gpg-interface.c')
-rw-r--r-- | gpg-interface.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/gpg-interface.c b/gpg-interface.c index 71618d86b9..1d33a7e9d4 100644 --- a/gpg-interface.c +++ b/gpg-interface.c @@ -73,6 +73,7 @@ void signature_check_clear(struct signature_check *sigc) FREE_AND_NULL(sigc->gpg_status); FREE_AND_NULL(sigc->signer); FREE_AND_NULL(sigc->key); + FREE_AND_NULL(sigc->fingerprint); } /* An exclusive status -- only one of them can appear in output */ @@ -81,6 +82,8 @@ void signature_check_clear(struct signature_check *sigc) #define GPG_STATUS_KEYID (1<<1) /* The status includes user identifier */ #define GPG_STATUS_UID (1<<2) +/* The status includes key fingerprints */ +#define GPG_STATUS_FINGERPRINT (1<<3) /* Short-hand for standard exclusive *SIG status with keyid & UID */ #define GPG_STATUS_STDSIG (GPG_STATUS_EXCLUSIVE|GPG_STATUS_KEYID|GPG_STATUS_UID) @@ -98,6 +101,7 @@ static struct { { 'X', "EXPSIG ", GPG_STATUS_STDSIG }, { 'Y', "EXPKEYSIG ", GPG_STATUS_STDSIG }, { 'R', "REVKEYSIG ", GPG_STATUS_STDSIG }, + { 0, "VALIDSIG ", GPG_STATUS_FINGERPRINT }, }; static void parse_gpg_output(struct signature_check *sigc) @@ -123,7 +127,8 @@ static void parse_gpg_output(struct signature_check *sigc) goto found_duplicate_status; } - sigc->result = sigcheck_gpg_status[i].result; + if (sigcheck_gpg_status[i].result) + sigc->result = sigcheck_gpg_status[i].result; /* Do we have key information? */ if (sigcheck_gpg_status[i].flags & GPG_STATUS_KEYID) { next = strchrnul(line, ' '); @@ -137,6 +142,12 @@ static void parse_gpg_output(struct signature_check *sigc) sigc->signer = xmemdupz(line, next - line); } } + /* Do we have fingerprint? */ + if (sigcheck_gpg_status[i].flags & GPG_STATUS_FINGERPRINT) { + next = strchrnul(line, ' '); + free(sigc->fingerprint); + sigc->fingerprint = xmemdupz(line, next - line); + } break; } @@ -154,6 +165,7 @@ found_duplicate_status: */ sigc->result = 'E'; /* Clear partial data to avoid confusion */ + FREE_AND_NULL(sigc->fingerprint); FREE_AND_NULL(sigc->signer); FREE_AND_NULL(sigc->key); } |