Welcome to mirror list, hosted at ThFree Co, Russian Federation.

git.kernel.org/pub/scm/git/git.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/gpg-interface.c
diff options
context:
space:
mode:
Diffstat (limited to 'gpg-interface.c')
-rw-r--r--gpg-interface.c53
1 files changed, 53 insertions, 0 deletions
diff --git a/gpg-interface.c b/gpg-interface.c
index 75ab6faacb..330cfc5845 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -439,6 +439,13 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
struct strbuf ssh_principals_err = STRBUF_INIT;
struct strbuf ssh_keygen_out = STRBUF_INIT;
struct strbuf ssh_keygen_err = STRBUF_INIT;
+ struct strbuf verify_time = STRBUF_INIT;
+ const struct date_mode verify_date_mode = {
+ .type = DATE_STRFTIME,
+ .strftime_fmt = "%Y%m%d%H%M%S",
+ /* SSH signing key validity has no timezone information - Use the local timezone */
+ .local = 1,
+ };
if (!ssh_allowed_signers) {
error(_("gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification"));
@@ -456,11 +463,16 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
return -1;
}
+ if (sigc->payload_timestamp)
+ strbuf_addf(&verify_time, "-Overify-time=%s",
+ show_date(sigc->payload_timestamp, 0, &verify_date_mode));
+
/* Find the principal from the signers */
strvec_pushl(&ssh_keygen.args, fmt->program,
"-Y", "find-principals",
"-f", ssh_allowed_signers,
"-s", buffer_file->filename.buf,
+ verify_time.buf,
NULL);
ret = pipe_command(&ssh_keygen, NULL, 0, &ssh_principals_out, 0,
&ssh_principals_err, 0);
@@ -478,6 +490,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
"-Y", "check-novalidate",
"-n", "git",
"-s", buffer_file->filename.buf,
+ verify_time.buf,
NULL);
pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len,
&ssh_keygen_out, 0, &ssh_keygen_err, 0);
@@ -512,6 +525,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
"-f", ssh_allowed_signers,
"-I", principal,
"-s", buffer_file->filename.buf,
+ verify_time.buf,
NULL);
if (ssh_revocation_file) {
@@ -556,10 +570,46 @@ out:
strbuf_release(&ssh_principals_err);
strbuf_release(&ssh_keygen_out);
strbuf_release(&ssh_keygen_err);
+ strbuf_release(&verify_time);
return ret;
}
+static int parse_payload_metadata(struct signature_check *sigc)
+{
+ const char *ident_line = NULL;
+ size_t ident_len;
+ struct ident_split ident;
+ const char *signer_header;
+
+ switch (sigc->payload_type) {
+ case SIGNATURE_PAYLOAD_COMMIT:
+ signer_header = "committer";
+ break;
+ case SIGNATURE_PAYLOAD_TAG:
+ signer_header = "tagger";
+ break;
+ case SIGNATURE_PAYLOAD_UNDEFINED:
+ case SIGNATURE_PAYLOAD_PUSH_CERT:
+ /* Ignore payloads we don't want to parse */
+ return 0;
+ default:
+ BUG("invalid value for sigc->payload_type");
+ }
+
+ ident_line = find_commit_header(sigc->payload, signer_header, &ident_len);
+ if (!ident_line || !ident_len)
+ return 1;
+
+ if (split_ident_line(&ident, ident_line, ident_len))
+ return 1;
+
+ if (!sigc->payload_timestamp && ident.date_begin && ident.date_end)
+ sigc->payload_timestamp = parse_timestamp(ident.date_begin, NULL, 10);
+
+ return 0;
+}
+
int check_signature(struct signature_check *sigc,
const char *signature, size_t slen)
{
@@ -573,6 +623,9 @@ int check_signature(struct signature_check *sigc,
if (!fmt)
die(_("bad/incompatible signature '%s'"), signature);
+ if (parse_payload_metadata(sigc))
+ return 1;
+
status = fmt->verify_signed_buffer(sigc, fmt, signature, slen);
if (status && !sigc->output)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-24 02:12:43 +0300