aboutsummaryrefslogtreecommitdiffstats
path: root/gpg-interface.c
diff options
context:
space:
mode:
Diffstat (limited to 'gpg-interface.c')
-rw-r--r--gpg-interface.c96
1 files changed, 62 insertions, 34 deletions
diff --git a/gpg-interface.c b/gpg-interface.c
index 5cd66d3a78..cf6126b5aa 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -1,16 +1,37 @@
-#include "cache.h"
+#define USE_THE_REPOSITORY_VARIABLE
+
+#include "git-compat-util.h"
#include "commit.h"
#include "config.h"
+#include "date.h"
+#include "gettext.h"
#include "run-command.h"
#include "strbuf.h"
#include "dir.h"
+#include "ident.h"
#include "gpg-interface.h"
+#include "path.h"
#include "sigchain.h"
#include "tempfile.h"
#include "alias.h"
+static int git_gpg_config(const char *, const char *,
+ const struct config_context *, void *);
+
+static void gpg_interface_lazy_init(void)
+{
+ static int done;
+
+ if (done)
+ return;
+ done = 1;
+ git_config(git_gpg_config, NULL);
+}
+
static char *configured_signing_key;
-static const char *ssh_default_key_command, *ssh_allowed_signers, *ssh_revocation_file;
+static char *ssh_default_key_command;
+static char *ssh_allowed_signers;
+static char *ssh_revocation_file;
static enum signature_trust_level configured_min_trust_level = TRUST_UNDEFINED;
struct gpg_format {
@@ -24,8 +45,8 @@ struct gpg_format {
size_t signature_size);
int (*sign_buffer)(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key);
- const char *(*get_default_key)(void);
- const char *(*get_key_id)(void);
+ char *(*get_default_key)(void);
+ char *(*get_key_id)(void);
};
static const char *openpgp_verify_args[] = {
@@ -65,9 +86,9 @@ static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
const char *signing_key);
-static const char *get_default_ssh_signing_key(void);
+static char *get_default_ssh_signing_key(void);
-static const char *get_ssh_key_id(void);
+static char *get_ssh_key_id(void);
static struct gpg_format gpg_format[] = {
{
@@ -466,7 +487,7 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
if (sigc->payload_timestamp)
strbuf_addf(&verify_time, "-Overify-time=%s",
- show_date(sigc->payload_timestamp, 0, &verify_date_mode));
+ show_date(sigc->payload_timestamp, 0, verify_date_mode));
/* Find the principal from the signers */
strvec_pushl(&ssh_keygen.args, fmt->program,
@@ -569,8 +590,8 @@ static int verify_ssh_signed_buffer(struct signature_check *sigc,
}
}
- strbuf_stripspace(&ssh_keygen_out, 0);
- strbuf_stripspace(&ssh_keygen_err, 0);
+ strbuf_stripspace(&ssh_keygen_out, NULL);
+ strbuf_stripspace(&ssh_keygen_err, NULL);
/* Add stderr outputs to show the user actual ssh-keygen errors */
strbuf_add(&ssh_keygen_out, ssh_principals_err.buf, ssh_principals_err.len);
strbuf_add(&ssh_keygen_out, ssh_keygen_err.buf, ssh_keygen_err.len);
@@ -632,8 +653,10 @@ int check_signature(struct signature_check *sigc,
struct gpg_format *fmt;
int status;
+ gpg_interface_lazy_init();
+
sigc->result = 'N';
- sigc->trust_level = -1;
+ sigc->trust_level = TRUST_UNDEFINED;
fmt = get_format_by_sig(signature);
if (!fmt)
@@ -695,14 +718,18 @@ int parse_signature(const char *buf, size_t size, struct strbuf *payload, struct
void set_signing_key(const char *key)
{
+ gpg_interface_lazy_init();
+
free(configured_signing_key);
configured_signing_key = xstrdup(key);
}
-int git_gpg_config(const char *var, const char *value, void *cb UNUSED)
+static int git_gpg_config(const char *var, const char *value,
+ const struct config_context *ctx UNUSED,
+ void *cb UNUSED)
{
struct gpg_format *fmt = NULL;
- char *fmtname = NULL;
+ const char *fmtname = NULL;
char *trust;
int ret;
@@ -738,23 +765,14 @@ int git_gpg_config(const char *var, const char *value, void *cb UNUSED)
return 0;
}
- if (!strcmp(var, "gpg.ssh.defaultkeycommand")) {
- if (!value)
- return config_error_nonbool(var);
+ if (!strcmp(var, "gpg.ssh.defaultkeycommand"))
return git_config_string(&ssh_default_key_command, var, value);
- }
- if (!strcmp(var, "gpg.ssh.allowedsignersfile")) {
- if (!value)
- return config_error_nonbool(var);
+ if (!strcmp(var, "gpg.ssh.allowedsignersfile"))
return git_config_pathname(&ssh_allowed_signers, var, value);
- }
- if (!strcmp(var, "gpg.ssh.revocationfile")) {
- if (!value)
- return config_error_nonbool(var);
+ if (!strcmp(var, "gpg.ssh.revocationfile"))
return git_config_pathname(&ssh_revocation_file, var, value);
- }
if (!strcmp(var, "gpg.program") || !strcmp(var, "gpg.openpgp.program"))
fmtname = "openpgp";
@@ -767,7 +785,7 @@ int git_gpg_config(const char *var, const char *value, void *cb UNUSED)
if (fmtname) {
fmt = get_format_by_name(fmtname);
- return git_config_string(&fmt->program, var, value);
+ return git_config_string((char **) &fmt->program, var, value);
}
return 0;
@@ -829,7 +847,7 @@ static char *get_ssh_key_fingerprint(const char *signing_key)
}
/* Returns the first public key from an ssh-agent to use for signing */
-static const char *get_default_ssh_signing_key(void)
+static char *get_default_ssh_signing_key(void)
{
struct child_process ssh_default_key = CHILD_PROCESS_INIT;
int ret = -1;
@@ -881,13 +899,19 @@ static const char *get_default_ssh_signing_key(void)
return default_key;
}
-static const char *get_ssh_key_id(void) {
- return get_ssh_key_fingerprint(get_signing_key());
+static char *get_ssh_key_id(void)
+{
+ char *signing_key = get_signing_key();
+ char *key_id = get_ssh_key_fingerprint(signing_key);
+ free(signing_key);
+ return key_id;
}
/* Returns a textual but unique representation of the signing key */
-const char *get_signing_key_id(void)
+char *get_signing_key_id(void)
{
+ gpg_interface_lazy_init();
+
if (use_format->get_key_id) {
return use_format->get_key_id();
}
@@ -896,15 +920,17 @@ const char *get_signing_key_id(void)
return get_signing_key();
}
-const char *get_signing_key(void)
+char *get_signing_key(void)
{
+ gpg_interface_lazy_init();
+
if (configured_signing_key)
- return configured_signing_key;
+ return xstrdup(configured_signing_key);
if (use_format->get_default_key) {
return use_format->get_default_key();
}
- return git_committer_info(IDENT_STRICT | IDENT_NO_DATE);
+ return xstrdup(git_committer_info(IDENT_STRICT | IDENT_NO_DATE));
}
const char *gpg_trust_level_to_str(enum signature_trust_level level)
@@ -923,6 +949,8 @@ const char *gpg_trust_level_to_str(enum signature_trust_level level)
int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key)
{
+ gpg_interface_lazy_init();
+
return use_format->sign_buffer(buffer, signature, signing_key);
}
@@ -1025,7 +1053,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
ssh_signing_key_file = strbuf_detach(&key_file->filename, NULL);
} else {
/* We assume a file */
- ssh_signing_key_file = expand_user_path(signing_key, 1);
+ ssh_signing_key_file = interpolate_path(signing_key, 1);
}
buffer_file = mks_tempfile_t(".git_signing_buffer_tmpXXXXXX");
@@ -1058,7 +1086,7 @@ static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature,
if (strstr(signer_stderr.buf, "usage:"))
error(_("ssh-keygen -Y sign is needed for ssh signing (available in openssh version 8.2p1+)"));
- error("%s", signer_stderr.buf);
+ ret = error("%s", signer_stderr.buf);
goto out;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-27 08:07:13 +0000