fsck: consider gpgsig headers expected in tags · freshlybakedca.ke/git@51acda7

Git fork

fsck: consider gpgsig headers expected in tags

When we're creating a tag, we want to make sure that gpgsig and
gpgsig-sha256 headers are allowed for the commit. The default fsck
behavior is to ignore the fact that they're left over, but some of our
tests enable strict checking which flags them nonetheless. Add
improved checking for these headers as well as documentation and several
tests.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

authored by

brian m. carlson and committed by

Junio C Hamano 5 months ago 51acda73 b95c59e2

+80

4 changed files

expand all

unified split

Documentation

fsck-msgids.adoc

fsck.c

fsck.h

t1450-fsck.sh

Documentation/fsck-msgids.adoc

··· 10 10 `badFilemode`:: 11 11 (INFO) A tree contains a bad filemode entry. 12 12 13 + `badGpgsig`:: 14 + (ERROR) A tag contains a bad (truncated) signature (e.g., `gpgsig`) header. 15 + 16 + `badHeaderContinuation`:: 17 + (ERROR) A continuation header (such as for `gpgsig`) is unexpectedly truncated. 18 + 13 19 `badName`:: 14 20 (ERROR) An author/committer name is empty. 15 21

+18

fsck.c

··· 1067 1067 else 1068 1068 ret = fsck_ident(&buffer, oid, OBJ_TAG, options); 1069 1069 1070 + if (buffer < buffer_end && (skip_prefix(buffer, "gpgsig ", &buffer) || skip_prefix(buffer, "gpgsig-sha256 ", &buffer))) { 1071 + eol = memchr(buffer, '\n', buffer_end - buffer); 1072 + if (!eol) { 1073 + ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_GPGSIG, "invalid format - unexpected end after 'gpgsig' or 'gpgsig-sha256' line"); 1074 + goto done; 1075 + } 1076 + buffer = eol + 1; 1077 + 1078 + while (buffer < buffer_end && starts_with(buffer, " ")) { 1079 + eol = memchr(buffer, '\n', buffer_end - buffer); 1080 + if (!eol) { 1081 + ret = report(options, oid, OBJ_TAG, FSCK_MSG_BAD_HEADER_CONTINUATION, "invalid format - unexpected end in 'gpgsig' or 'gpgsig-sha256' continuation line"); 1082 + goto done; 1083 + } 1084 + buffer = eol + 1; 1085 + } 1086 + } 1087 + 1070 1088 if (buffer < buffer_end && !starts_with(buffer, "\n")) { 1071 1089 /* 1072 1090 * The verify_headers() check will allow

fsck.h

··· 25 25 FUNC(NUL_IN_HEADER, FATAL) \ 26 26 FUNC(UNTERMINATED_HEADER, FATAL) \ 27 27 /* errors */ \ 28 + FUNC(BAD_HEADER_CONTINUATION, ERROR) \ 28 29 FUNC(BAD_DATE, ERROR) \ 29 30 FUNC(BAD_DATE_OVERFLOW, ERROR) \ 30 31 FUNC(BAD_EMAIL, ERROR) \ 32 + FUNC(BAD_GPGSIG, ERROR) \ 31 33 FUNC(BAD_NAME, ERROR) \ 32 34 FUNC(BAD_OBJECT_SHA1, ERROR) \ 33 35 FUNC(BAD_PACKED_REF_ENTRY, ERROR) \

+54

t/t1450-fsck.sh

··· 454 454 test_grep "error in tag $tag.*unterminated header: NUL at offset" out 455 455 ' 456 456 457 + test_expect_success 'tag accepts gpgsig header even if not validly signed' ' 458 + test_oid_cache <<-\EOF && 459 + header sha1:gpgsig-sha256 460 + header sha256:gpgsig 461 + EOF 462 + header=$(test_oid header) && 463 + sha=$(git rev-parse HEAD) && 464 + cat >good-tag <<-EOF && 465 + object $sha 466 + type commit 467 + tag good 468 + tagger T A Gger <tagger@example.com> 1234567890 -0000 469 + $header -----BEGIN PGP SIGNATURE----- 470 + Not a valid signature 471 + -----END PGP SIGNATURE----- 472 + 473 + This is a good tag. 474 + EOF 475 + 476 + tag=$(git hash-object --literally -t tag -w --stdin <good-tag) && 477 + test_when_finished "remove_object $tag" && 478 + git update-ref refs/tags/good $tag && 479 + test_when_finished "git update-ref -d refs/tags/good" && 480 + git -c fsck.extraHeaderEntry=error fsck --tags 481 + ' 482 + 483 + test_expect_success 'tag rejects invalid headers' ' 484 + test_oid_cache <<-\EOF && 485 + header sha1:gpgsig-sha256 486 + header sha256:gpgsig 487 + EOF 488 + header=$(test_oid header) && 489 + sha=$(git rev-parse HEAD) && 490 + cat >bad-tag <<-EOF && 491 + object $sha 492 + type commit 493 + tag good 494 + tagger T A Gger <tagger@example.com> 1234567890 -0000 495 + $header -----BEGIN PGP SIGNATURE----- 496 + Not a valid signature 497 + -----END PGP SIGNATURE----- 498 + junk 499 + 500 + This is a bad tag with junk at the end of the headers. 501 + EOF 502 + 503 + tag=$(git hash-object --literally -t tag -w --stdin <bad-tag) && 504 + test_when_finished "remove_object $tag" && 505 + git update-ref refs/tags/bad $tag && 506 + test_when_finished "git update-ref -d refs/tags/bad" && 507 + test_must_fail git -c fsck.extraHeaderEntry=error fsck --tags 2>out && 508 + test_grep "error in tag $tag.*invalid format - extra header" out 509 + ' 510 + 457 511 test_expect_success 'cleaned up' ' 458 512 git fsck >actual 2>&1 && 459 513 test_must_be_empty actual