fast-export: handle all kinds of tag signatures · freshlybakedca.ke/git@31f375c

Git fork

fast-export: handle all kinds of tag signatures

Currently the handle_tag() function in "builtin/fast-export.c" searches
only for "\n-----BEGIN PGP SIGNATURE-----\n" in the tag message to find
a tag signature.

This doesn't handle all kinds of OpenPGP signatures as some can start
with "-----BEGIN PGP MESSAGE-----" too, and this doesn't handle SSH and
X.509 signatures either as they use "-----BEGIN SSH SIGNATURE-----" and
"-----BEGIN SIGNED MESSAGE-----" respectively.

To handle all these kinds of tag signatures supported by Git, let's use
the parse_signed_buffer() function to properly find signatures in tag
messages.

Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

authored by

Christian Couder and committed by

Junio C Hamano 4 months ago 31f375c3 132e5666

+39 -4

2 changed files

expand all

unified split

builtin

fast-export.c

t9350-fast-export.sh

+3 -4

builtin/fast-export.c

··· 931 931 932 932 /* handle signed tags */ 933 933 if (message) { 934 - const char *signature = strstr(message, 935 - "\n-----BEGIN PGP SIGNATURE-----\n"); 936 - if (signature) 934 + size_t sig_offset = parse_signed_buffer(message, message_size); 935 + if (sig_offset < message_size) 937 936 switch (signed_tag_mode) { 938 937 case SIGN_ABORT: 939 938 die("encountered signed tag %s; use " ··· 950 949 oid_to_hex(&tag->object.oid)); 951 950 /* fallthru */ 952 951 case SIGN_STRIP: 953 - message_size = signature + 1 - message; 952 + message_size = sig_offset; 954 953 break; 955 954 } 956 955 }

+36

t/t9350-fast-export.sh

··· 279 279 test -s err 280 280 ' 281 281 282 + test_expect_success GPGSM 'setup X.509 signed tag' ' 283 + test_config gpg.format x509 && 284 + test_config user.signingkey $GIT_COMMITTER_EMAIL && 285 + 286 + git tag -s -m "X.509 signed tag" x509-signed $(git rev-parse HEAD) && 287 + ANNOTATED_TAG_COUNT=$((ANNOTATED_TAG_COUNT + 1)) 288 + ' 289 + 290 + test_expect_success GPGSM 'signed-tags=verbatim with X.509' ' 291 + git fast-export --signed-tags=verbatim x509-signed > output && 292 + test_grep "SIGNED MESSAGE" output 293 + ' 294 + 295 + test_expect_success GPGSM 'signed-tags=strip with X.509' ' 296 + git fast-export --signed-tags=strip x509-signed > output && 297 + test_grep ! "SIGNED MESSAGE" output 298 + ' 299 + 300 + test_expect_success GPGSSH 'setup SSH signed tag' ' 301 + test_config gpg.format ssh && 302 + test_config user.signingkey "${GPGSSH_KEY_PRIMARY}" && 303 + 304 + git tag -s -m "SSH signed tag" ssh-signed $(git rev-parse HEAD) && 305 + ANNOTATED_TAG_COUNT=$((ANNOTATED_TAG_COUNT + 1)) 306 + ' 307 + 308 + test_expect_success GPGSSH 'signed-tags=verbatim with SSH' ' 309 + git fast-export --signed-tags=verbatim ssh-signed > output && 310 + test_grep "SSH SIGNATURE" output 311 + ' 312 + 313 + test_expect_success GPGSSH 'signed-tags=strip with SSH' ' 314 + git fast-export --signed-tags=strip ssh-signed > output && 315 + test_grep ! "SSH SIGNATURE" output 316 + ' 317 + 282 318 test_expect_success GPG 'set up signed commit' ' 283 319 284 320 # Generate a commit with both "gpgsig" and "encoding" set, so