• Junio C Hamano's avatar
    Split GPG interface into its own helper library · 2f47eae2
    Junio C Hamano authored
    This mostly moves existing code from builtin/tag.c (for signing)
    and builtin/verify-tag.c (for verifying) to a new gpg-interface.c
    file to provide a more generic library interface.
     - sign_buffer() takes a payload strbuf, a signature strbuf, and a signing
       key, runs "gpg" to produce a detached signature for the payload, and
       appends it to the signature strbuf. The contents of a signed tag that
       concatenates the payload and the detached signature can be produced by
       giving the same strbuf as payload and signature strbuf.
     - verify_signed_buffer() takes a payload and a detached signature as
       <ptr, len> pairs, and runs "gpg --verify" to see if the payload matches
       the signature. It can optionally capture the output from GPG to allow
       the callers to pretty-print it in a way more suitable for their
    "verify-tag" (aka "tag -v") used to save the whole tag contents as if it
    is a detached signature, and fed gpg the payload part of the tag. It
    relied on gpg to fail when the given tag is not signed but just is
    annotated.  The updated run_gpg_verify() function detects the lack of
    detached signature in the input, and errors out without bothering "gpg".
    Signed-off-by: default avatarJunio C Hamano <[email protected]>
tag.c 3.67 KB