merge/pull Check for untrusted good GPG signatures When --verify-signatures is specified, abort the merge in case a good GPG signature from an untrusted key is encountered. Signed-off-by: Sebastian Götte <jaseg@physik-pool.tu-berlin.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>

commit: eb307ae7bb78ccde4e2ac69f302ccf8834883628 [log] [tgz]
author: Sebastian Götte <jaseg@physik.tu-berlin.de> Sun Mar 31 18:02:46 2013 +0200
committer: Junio C Hamano <gitster@pobox.com> Sun Mar 31 22:38:49 2013 -0700
tree: 40bed8e400a5208b7c81ff94752133818014da6b
parent: efed0022492b81bf59d29193c4ffe96492dd9e9b [diff] [blame]
diff --git a/commit.c b/commit.c
index 94029c9..516a4ff 100644
--- a/commit.c
+++ b/commit.c

@@ -1047,6 +1047,8 @@
 } sigcheck_gpg_status[] = {
 	{ 'G', "\n[GNUPG:] GOODSIG " },
 	{ 'B', "\n[GNUPG:] BADSIG " },
+	{ 'U', "\n[GNUPG:] TRUST_NEVER" },
+	{ 'U', "\n[GNUPG:] TRUST_UNDEFINED" },
 };
 
 static void parse_gpg_output(struct signature_check *sigc)
@@ -1068,11 +1070,13 @@
 			found += strlen(sigcheck_gpg_status[i].check);
 		}
 		sigc->result = sigcheck_gpg_status[i].result;
-		sigc->key = xmemdupz(found, 16);
-		found += 17;
-		next = strchrnul(found, '\n');
-		sigc->signer = xmemdupz(found, next - found);
-		break;
+		/* The trust messages are not followed by key/signer information */
+		if (sigc->result != 'U') {
+			sigc->key = xmemdupz(found, 16);
+			found += 17;
+			next = strchrnul(found, '\n');
+			sigc->signer = xmemdupz(found, next - found);
+		}
 	}
 }
commit	eb307ae7bb78ccde4e2ac69f302ccf8834883628	[log] [tgz]
author	Sebastian Götte <jaseg@physik.tu-berlin.de>	Sun Mar 31 18:02:46 2013 +0200
committer	Junio C Hamano <gitster@pobox.com>	Sun Mar 31 22:38:49 2013 -0700
tree	40bed8e400a5208b7c81ff94752133818014da6b
parent	efed0022492b81bf59d29193c4ffe96492dd9e9b [diff] [blame]