1. 16 Apr, 2018 2 commits
  2. 18 Jan, 2017 1 commit
  3. 22 Jun, 2015 4 commits
  4. 15 Sep, 2014 2 commits
    • Junio C Hamano's avatar
      gpg-interface: move parse_signature() to where it should be · d7c67668
      Junio C Hamano authored
      Our signed-tag objects set the standard format used by Git to store
      GPG-signed payload (i.e. the payload followed by its detached
      signature) [*1*], and it made sense to have a helper to find the
      boundary between the payload and its signature in tag.c back then.
      
      Newer code added later to parse other kinds of objects that learned
      to use the same format to store GPG-signed payload (e.g. signed
      commits), however, kept using the helper from the same location.
      
      Move it to gpg-interface; the helper is no longer about signed tag,
      but it is how our code and data interact with GPG.
      
      [Reference]
      *1* http://thread.gmane.org/gmane.linux.kernel/297998/focus=1383Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
      d7c67668
    • Junio C Hamano's avatar
      gpg-interface: move parse_gpg_output() to where it should be · a50e7ca3
      Junio C Hamano authored
      Earlier, ffb6d7d5 (Move commit GPG signature verification to
      commit.c, 2013-03-31) moved this helper that used to be in pretty.c
      (i.e. the output code path) to commit.c for better reusability.
      
      It was a good first step in the right direction, but still suffers
      from a myopic view that commits will be the only thing we would ever
      want to sign---we would actually want to be able to reuse it even
      wider.
      
      The function interprets what GPG said; gpg-interface is obviously a
      better place.  Move it there.
      Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
      a50e7ca3
  5. 23 Jun, 2014 2 commits
  6. 01 Apr, 2013 2 commits
  7. 14 Feb, 2013 1 commit
  8. 05 Nov, 2011 1 commit
    • Junio C Hamano's avatar
      Split GPG interface into its own helper library · 2f47eae2
      Junio C Hamano authored
      This mostly moves existing code from builtin/tag.c (for signing)
      and builtin/verify-tag.c (for verifying) to a new gpg-interface.c
      file to provide a more generic library interface.
      
       - sign_buffer() takes a payload strbuf, a signature strbuf, and a signing
         key, runs "gpg" to produce a detached signature for the payload, and
         appends it to the signature strbuf. The contents of a signed tag that
         concatenates the payload and the detached signature can be produced by
         giving the same strbuf as payload and signature strbuf.
      
       - verify_signed_buffer() takes a payload and a detached signature as
         <ptr, len> pairs, and runs "gpg --verify" to see if the payload matches
         the signature. It can optionally capture the output from GPG to allow
         the callers to pretty-print it in a way more suitable for their
         contexts.
      
      "verify-tag" (aka "tag -v") used to save the whole tag contents as if it
      is a detached signature, and fed gpg the payload part of the tag. It
      relied on gpg to fail when the given tag is not signed but just is
      annotated.  The updated run_gpg_verify() function detects the lack of
      detached signature in the input, and errors out without bothering "gpg".
      Signed-off-by: default avatarJunio C Hamano <gitster@pobox.com>
      2f47eae2