Google Git
Sign in
googlers / jrn / git / 100c2da2d3a330366588143d720f09a88926972a / . / gpg-interface.c
blob: 127aecfc2b071f9a745a871a9ea205931eeb672f [file] [log] [blame]
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]1#include "cache.h"
brian m. carlson9b27b492021-02-11 02:08:06 +0000[diff] [blame]2#include "commit.h"
Brandon Williamsb2141fc2017-06-14 11:07:36 -0700[diff] [blame]3#include "config.h"
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]4#include "run-command.h"
5#include "strbuf.h"
6#include "gpg-interface.h"
7#include "sigchain.h"
Jeff King43223532016-06-17 19:38:43 -0400[diff] [blame]8#include "tempfile.h"
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]9
10static char *configured_signing_key;
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]11static enum signature_trust_level configured_min_trust_level = TRUST_UNDEFINED;
12
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]13struct gpg_format {
14 const char *name;
15 const char *program;
16 const char **verify_args;
17 const char **sigs;
18};
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]19
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]20static const char *openpgp_verify_args[] = {
21 "--keyid-format=long",
22 NULL
23};
24static const char *openpgp_sigs[] = {
25 "-----BEGIN PGP SIGNATURE-----",
26 "-----BEGIN PGP MESSAGE-----",
27 NULL
28};
29
Henning Schild1e7adb92018-07-17 14:50:12 +0200[diff] [blame]30static const char *x509_verify_args[] = {
31 NULL
32};
33static const char *x509_sigs[] = {
34 "-----BEGIN SIGNED MESSAGE-----",
35 NULL
36};
37
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]38static struct gpg_format gpg_format[] = {
39 { .name = "openpgp", .program = "gpg",
40 .verify_args = openpgp_verify_args,
41 .sigs = openpgp_sigs
42 },
Henning Schild1e7adb92018-07-17 14:50:12 +0200[diff] [blame]43 { .name = "x509", .program = "gpgsm",
44 .verify_args = x509_verify_args,
45 .sigs = x509_sigs
46 },
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]47};
48
49static struct gpg_format *use_format = &gpg_format[0];
50
51static struct gpg_format *get_format_by_name(const char *str)
52{
53 int i;
54
55 for (i = 0; i < ARRAY_SIZE(gpg_format); i++)
56 if (!strcmp(gpg_format[i].name, str))
57 return gpg_format + i;
58 return NULL;
59}
60
61static struct gpg_format *get_format_by_sig(const char *sig)
62{
63 int i, j;
64
65 for (i = 0; i < ARRAY_SIZE(gpg_format); i++)
66 for (j = 0; gpg_format[i].sigs[j]; j++)
67 if (starts_with(sig, gpg_format[i].sigs[j]))
68 return gpg_format + i;
69 return NULL;
70}
Junio C Hamanod7c67662014-08-19 13:18:07 -0700[diff] [blame]71
Michael J Gruber01e57b52014-06-23 09:05:47 +0200[diff] [blame]72void signature_check_clear(struct signature_check *sigc)
73{
Ævar Arnfjörð Bjarmason88ce3ef2017-06-15 23:15:49 +0000[diff] [blame]74 FREE_AND_NULL(sigc->payload);
75 FREE_AND_NULL(sigc->gpg_output);
76 FREE_AND_NULL(sigc->gpg_status);
77 FREE_AND_NULL(sigc->signer);
78 FREE_AND_NULL(sigc->key);
Michał Górny3daaaab2018-10-22 18:38:20 +0200[diff] [blame]79 FREE_AND_NULL(sigc->fingerprint);
Michał Górny4de93942018-10-22 18:38:21 +0200[diff] [blame]80 FREE_AND_NULL(sigc->primary_key_fingerprint);
Michael J Gruber01e57b52014-06-23 09:05:47 +0200[diff] [blame]81}
82
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]83/* An exclusive status -- only one of them can appear in output */
84#define GPG_STATUS_EXCLUSIVE (1<<0)
Michał Górny0b11a842018-10-22 18:38:19 +0200[diff] [blame]85/* The status includes key identifier */
86#define GPG_STATUS_KEYID (1<<1)
87/* The status includes user identifier */
88#define GPG_STATUS_UID (1<<2)
Michał Górny3daaaab2018-10-22 18:38:20 +0200[diff] [blame]89/* The status includes key fingerprints */
90#define GPG_STATUS_FINGERPRINT (1<<3)
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]91/* The status includes trust level */
92#define GPG_STATUS_TRUST_LEVEL (1<<4)
Michał Górny0b11a842018-10-22 18:38:19 +0200[diff] [blame]93
94/* Short-hand for standard exclusive *SIG status with keyid & UID */
95#define GPG_STATUS_STDSIG (GPG_STATUS_EXCLUSIVE|GPG_STATUS_KEYID|GPG_STATUS_UID)
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]96
Junio C Hamanoa50e7ca2014-08-14 15:31:13 -0700[diff] [blame]97static struct {
98 char result;
99 const char *check;
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]100 unsigned int flags;
Junio C Hamanoa50e7ca2014-08-14 15:31:13 -0700[diff] [blame]101} sigcheck_gpg_status[] = {
Michał Górny0b11a842018-10-22 18:38:19 +0200[diff] [blame]102 { 'G', "GOODSIG ", GPG_STATUS_STDSIG },
103 { 'B', "BADSIG ", GPG_STATUS_STDSIG },
Michał Górny0b11a842018-10-22 18:38:19 +0200[diff] [blame]104 { 'E', "ERRSIG ", GPG_STATUS_EXCLUSIVE|GPG_STATUS_KEYID },
105 { 'X', "EXPSIG ", GPG_STATUS_STDSIG },
106 { 'Y', "EXPKEYSIG ", GPG_STATUS_STDSIG },
107 { 'R', "REVKEYSIG ", GPG_STATUS_STDSIG },
Michał Górny3daaaab2018-10-22 18:38:20 +0200[diff] [blame]108 { 0, "VALIDSIG ", GPG_STATUS_FINGERPRINT },
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]109 { 0, "TRUST_", GPG_STATUS_TRUST_LEVEL },
110};
111
112static struct {
113 const char *key;
114 enum signature_trust_level value;
115} sigcheck_gpg_trust_level[] = {
116 { "UNDEFINED", TRUST_UNDEFINED },
117 { "NEVER", TRUST_NEVER },
118 { "MARGINAL", TRUST_MARGINAL },
119 { "FULLY", TRUST_FULLY },
120 { "ULTIMATE", TRUST_ULTIMATE },
Junio C Hamanoa50e7ca2014-08-14 15:31:13 -0700[diff] [blame]121};
122
Hans Jerry Illikainen392b8622019-11-21 23:43:35 +0000[diff] [blame]123static void replace_cstring(char **field, const char *line, const char *next)
124{
125 free(*field);
126
127 if (line && next)
128 *field = xmemdupz(line, next - line);
129 else
130 *field = NULL;
131}
132
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]133static int parse_gpg_trust_level(const char *level,
134 enum signature_trust_level *res)
135{
136 size_t i;
137
138 for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_trust_level); i++) {
139 if (!strcmp(sigcheck_gpg_trust_level[i].key, level)) {
140 *res = sigcheck_gpg_trust_level[i].value;
141 return 0;
142 }
143 }
144 return 1;
145}
146
Henning Schildfbd0f162018-07-11 10:38:25 +0200[diff] [blame]147static void parse_gpg_output(struct signature_check *sigc)
Junio C Hamanoa50e7ca2014-08-14 15:31:13 -0700[diff] [blame]148{
149 const char *buf = sigc->gpg_status;
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]150 const char *line, *next;
Michał Górny4de93942018-10-22 18:38:21 +0200[diff] [blame]151 int i, j;
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]152 int seen_exclusive_status = 0;
Junio C Hamanoa50e7ca2014-08-14 15:31:13 -0700[diff] [blame]153
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]154 /* Iterate over all lines */
155 for (line = buf; *line; line = strchrnul(line+1, '\n')) {
156 while (*line == '\n')
157 line++;
Steven Roberts64c45dc2019-07-16 11:47:37 -0700[diff] [blame]158 if (!*line)
159 break;
160
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]161 /* Skip lines that don't start with GNUPG status */
162 if (!skip_prefix(line, "[GNUPG:] ", &line))
163 continue;
Junio C Hamanoa50e7ca2014-08-14 15:31:13 -0700[diff] [blame]164
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]165 /* Iterate over all search strings */
166 for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) {
167 if (skip_prefix(line, sigcheck_gpg_status[i].check, &line)) {
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]168 /*
169 * GOODSIG, BADSIG etc. can occur only once for
170 * each signature. Therefore, if we had more
171 * than one then we're dealing with multiple
172 * signatures. We don't support them
173 * currently, and they're rather hard to
174 * create, so something is likely fishy and we
175 * should reject them altogether.
176 */
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]177 if (sigcheck_gpg_status[i].flags & GPG_STATUS_EXCLUSIVE) {
Junio C Hamano02561892018-11-03 00:53:57 +0900[diff] [blame]178 if (seen_exclusive_status++)
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]179 goto error;
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]180 }
181
Michał Górny3daaaab2018-10-22 18:38:20 +0200[diff] [blame]182 if (sigcheck_gpg_status[i].result)
183 sigc->result = sigcheck_gpg_status[i].result;
Michał Górny0b11a842018-10-22 18:38:19 +0200[diff] [blame]184 /* Do we have key information? */
185 if (sigcheck_gpg_status[i].flags & GPG_STATUS_KEYID) {
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]186 next = strchrnul(line, ' ');
Hans Jerry Illikainen392b8622019-11-21 23:43:35 +0000[diff] [blame]187 replace_cstring(&sigc->key, line, next);
Michał Górny0b11a842018-10-22 18:38:19 +0200[diff] [blame]188 /* Do we have signer information? */
189 if (*next && (sigcheck_gpg_status[i].flags & GPG_STATUS_UID)) {
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]190 line = next + 1;
191 next = strchrnul(line, '\n');
Hans Jerry Illikainen392b8622019-11-21 23:43:35 +0000[diff] [blame]192 replace_cstring(&sigc->signer, line, next);
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]193 }
194 }
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]195
196 /* Do we have trust level? */
197 if (sigcheck_gpg_status[i].flags & GPG_STATUS_TRUST_LEVEL) {
198 /*
199 * GPG v1 and v2 differs in how the
200 * TRUST_ lines are written. Some
201 * trust lines contain no additional
202 * space-separated information for v1.
203 */
204 size_t trust_size = strcspn(line, " \n");
205 char *trust = xmemdupz(line, trust_size);
206
207 if (parse_gpg_trust_level(trust, &sigc->trust_level)) {
208 free(trust);
209 goto error;
210 }
211 free(trust);
212 }
213
Michał Górny3daaaab2018-10-22 18:38:20 +0200[diff] [blame]214 /* Do we have fingerprint? */
215 if (sigcheck_gpg_status[i].flags & GPG_STATUS_FINGERPRINT) {
Hans Jerry Illikainen67a6ea62019-11-22 20:23:12 +0000[diff] [blame]216 const char *limit;
217 char **field;
218
Michał Górny3daaaab2018-10-22 18:38:20 +0200[diff] [blame]219 next = strchrnul(line, ' ');
Hans Jerry Illikainen392b8622019-11-21 23:43:35 +0000[diff] [blame]220 replace_cstring(&sigc->fingerprint, line, next);
Michał Górny4de93942018-10-22 18:38:21 +0200[diff] [blame]221
Hans Jerry Illikainen67a6ea62019-11-22 20:23:12 +0000[diff] [blame]222 /*
223 * Skip interim fields. The search is
224 * limited to the same line since only
225 * OpenPGP signatures has a field with
226 * the primary fingerprint.
227 */
228 limit = strchrnul(line, '\n');
Michał Górny4de93942018-10-22 18:38:21 +0200[diff] [blame]229 for (j = 9; j > 0; j--) {
Hans Jerry Illikainen67a6ea62019-11-22 20:23:12 +0000[diff] [blame]230 if (!*next || limit <= next)
Michał Górny4de93942018-10-22 18:38:21 +0200[diff] [blame]231 break;
232 line = next + 1;
233 next = strchrnul(line, ' ');
234 }
235
Hans Jerry Illikainen67a6ea62019-11-22 20:23:12 +0000[diff] [blame]236 field = &sigc->primary_key_fingerprint;
237 if (!j) {
238 next = strchrnul(line, '\n');
239 replace_cstring(field, line, next);
240 } else {
241 replace_cstring(field, NULL, NULL);
242 }
Michał Górny3daaaab2018-10-22 18:38:20 +0200[diff] [blame]243 }
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]244
245 break;
Michael J Gruber661a1802016-10-12 15:04:15 +0200[diff] [blame]246 }
Junio C Hamanoa50e7ca2014-08-14 15:31:13 -0700[diff] [blame]247 }
248 }
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]249 return;
250
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]251error:
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]252 sigc->result = 'E';
253 /* Clear partial data to avoid confusion */
Michał Górny4de93942018-10-22 18:38:21 +0200[diff] [blame]254 FREE_AND_NULL(sigc->primary_key_fingerprint);
Michał Górny3daaaab2018-10-22 18:38:20 +0200[diff] [blame]255 FREE_AND_NULL(sigc->fingerprint);
Michał Górnyda6cf1b2018-10-20 21:30:20 +0200[diff] [blame]256 FREE_AND_NULL(sigc->signer);
257 FREE_AND_NULL(sigc->key);
Junio C Hamanoa50e7ca2014-08-14 15:31:13 -0700[diff] [blame]258}
259
Hans Jerry Illikainen67948982020-03-04 11:48:04 +0000[diff] [blame]260static int verify_signed_buffer(const char *payload, size_t payload_size,
261 const char *signature, size_t signature_size,
262 struct strbuf *gpg_output,
263 struct strbuf *gpg_status)
264{
265 struct child_process gpg = CHILD_PROCESS_INIT;
266 struct gpg_format *fmt;
267 struct tempfile *temp;
268 int ret;
269 struct strbuf buf = STRBUF_INIT;
270
271 temp = mks_tempfile_t(".git_vtag_tmpXXXXXX");
272 if (!temp)
273 return error_errno(_("could not create temporary file"));
274 if (write_in_full(temp->fd, signature, signature_size) < 0 ||
275 close_tempfile_gently(temp) < 0) {
276 error_errno(_("failed writing detached signature to '%s'"),
277 temp->filename.buf);
278 delete_tempfile(&temp);
279 return -1;
280 }
281
282 fmt = get_format_by_sig(signature);
283 if (!fmt)
284 BUG("bad signature '%s'", signature);
285
Jeff Kingef8d7ac2020-07-28 16:24:53 -0400[diff] [blame]286 strvec_push(&gpg.args, fmt->program);
287 strvec_pushv(&gpg.args, fmt->verify_args);
288 strvec_pushl(&gpg.args,
Jeff Kingf6d89422020-07-28 16:26:31 -0400[diff] [blame]289 "--status-fd=1",
290 "--verify", temp->filename.buf, "-",
291 NULL);
Hans Jerry Illikainen67948982020-03-04 11:48:04 +0000[diff] [blame]292
293 if (!gpg_status)
294 gpg_status = &buf;
295
296 sigchain_push(SIGPIPE, SIG_IGN);
297 ret = pipe_command(&gpg, payload, payload_size,
298 gpg_status, 0, gpg_output, 0);
299 sigchain_pop(SIGPIPE);
300
301 delete_tempfile(&temp);
302
303 ret |= !strstr(gpg_status->buf, "\n[GNUPG:] GOODSIG ");
304 strbuf_release(&buf); /* no matter it was used or not */
305
306 return ret;
307}
308
brian m. carlson434060e2015-06-21 23:14:40 +0000[diff] [blame]309int check_signature(const char *payload, size_t plen, const char *signature,
brian m. carlsona4cc18f2015-06-21 23:14:38 +0000[diff] [blame]310 size_t slen, struct signature_check *sigc)
311{
312 struct strbuf gpg_output = STRBUF_INIT;
313 struct strbuf gpg_status = STRBUF_INIT;
314 int status;
315
316 sigc->result = 'N';
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]317 sigc->trust_level = -1;
brian m. carlsona4cc18f2015-06-21 23:14:38 +0000[diff] [blame]318
319 status = verify_signed_buffer(payload, plen, signature, slen,
320 &gpg_output, &gpg_status);
321 if (status && !gpg_output.len)
322 goto out;
323 sigc->payload = xmemdupz(payload, plen);
324 sigc->gpg_output = strbuf_detach(&gpg_output, NULL);
325 sigc->gpg_status = strbuf_detach(&gpg_status, NULL);
326 parse_gpg_output(sigc);
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]327 status |= sigc->result != 'G';
328 status |= sigc->trust_level < configured_min_trust_level;
brian m. carlsona4cc18f2015-06-21 23:14:38 +0000[diff] [blame]329
330 out:
331 strbuf_release(&gpg_status);
332 strbuf_release(&gpg_output);
brian m. carlson434060e2015-06-21 23:14:40 +0000[diff] [blame]333
Junio C Hamano4e5dc9c2018-08-09 11:40:27 -0700[diff] [blame]334 return !!status;
brian m. carlsona4cc18f2015-06-21 23:14:38 +0000[diff] [blame]335}
336
brian m. carlsonca194d52015-06-21 23:14:41 +0000[diff] [blame]337void print_signature_buffer(const struct signature_check *sigc, unsigned flags)
338{
brian m. carlsonaeff29d2015-06-21 23:14:42 +0000[diff] [blame]339 const char *output = flags & GPG_VERIFY_RAW ?
340 sigc->gpg_status : sigc->gpg_output;
341
brian m. carlsonca194d52015-06-21 23:14:41 +0000[diff] [blame]342 if (flags & GPG_VERIFY_VERBOSE && sigc->payload)
343 fputs(sigc->payload, stdout);
344
brian m. carlsonaeff29d2015-06-21 23:14:42 +0000[diff] [blame]345 if (output)
346 fputs(output, stderr);
brian m. carlsonca194d52015-06-21 23:14:41 +0000[diff] [blame]347}
348
brian m. carlson482c1192021-02-11 02:08:03 +0000[diff] [blame]349size_t parse_signed_buffer(const char *buf, size_t size)
Junio C Hamanod7c67662014-08-19 13:18:07 -0700[diff] [blame]350{
Junio C Hamanod7c67662014-08-19 13:18:07 -0700[diff] [blame]351 size_t len = 0;
Jeff King8b44b2b2018-04-13 15:18:35 -0600[diff] [blame]352 size_t match = size;
353 while (len < size) {
354 const char *eol;
355
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]356 if (get_format_by_sig(buf + len))
Jeff King8b44b2b2018-04-13 15:18:35 -0600[diff] [blame]357 match = len;
358
359 eol = memchr(buf + len, '\n', size - len);
Junio C Hamanod7c67662014-08-19 13:18:07 -0700[diff] [blame]360 len += eol ? eol - (buf + len) + 1 : size - len;
361 }
Jeff King8b44b2b2018-04-13 15:18:35 -0600[diff] [blame]362 return match;
Junio C Hamanod7c67662014-08-19 13:18:07 -0700[diff] [blame]363}
364
brian m. carlson482c1192021-02-11 02:08:03 +0000[diff] [blame]365int parse_signature(const char *buf, size_t size, struct strbuf *payload, struct strbuf *signature)
366{
367 size_t match = parse_signed_buffer(buf, size);
368 if (match != size) {
369 strbuf_add(payload, buf, match);
brian m. carlson9b27b492021-02-11 02:08:06 +0000[diff] [blame]370 remove_signature(payload);
brian m. carlson482c1192021-02-11 02:08:03 +0000[diff] [blame]371 strbuf_add(signature, buf + match, size - match);
372 return 1;
373 }
374 return 0;
375}
376
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]377void set_signing_key(const char *key)
378{
379 free(configured_signing_key);
380 configured_signing_key = xstrdup(key);
381}
382
383int git_gpg_config(const char *var, const char *value, void *cb)
384{
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]385 struct gpg_format *fmt = NULL;
386 char *fmtname = NULL;
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]387 char *trust;
388 int ret;
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]389
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]390 if (!strcmp(var, "user.signingkey")) {
Jeff King1b0eeec2018-04-13 15:18:30 -0600[diff] [blame]391 if (!value)
392 return config_error_nonbool(var);
Junio C Hamano0c5e70f2011-11-29 12:29:48 -0800[diff] [blame]393 set_signing_key(value);
Jeff King1b0eeec2018-04-13 15:18:30 -0600[diff] [blame]394 return 0;
Junio C Hamano0c5e70f2011-11-29 12:29:48 -0800[diff] [blame]395 }
Jeff King1b0eeec2018-04-13 15:18:30 -0600[diff] [blame]396
Henning Schild57a8dd72018-07-17 14:50:07 +0200[diff] [blame]397 if (!strcmp(var, "gpg.format")) {
398 if (!value)
399 return config_error_nonbool(var);
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]400 fmt = get_format_by_name(value);
401 if (!fmt)
Henning Schild57a8dd72018-07-17 14:50:07 +0200[diff] [blame]402 return error("unsupported value for %s: %s",
403 var, value);
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]404 use_format = fmt;
405 return 0;
Henning Schild57a8dd72018-07-17 14:50:07 +0200[diff] [blame]406 }
407
Hans Jerry Illikainen54887b42019-12-27 13:55:57 +0000[diff] [blame]408 if (!strcmp(var, "gpg.mintrustlevel")) {
409 if (!value)
410 return config_error_nonbool(var);
411
412 trust = xstrdup_toupper(value);
413 ret = parse_gpg_trust_level(trust, &configured_min_trust_level);
414 free(trust);
415
416 if (ret)
417 return error("unsupported value for %s: %s", var,
418 value);
419 return 0;
420 }
421
Henning Schildb02f51b2018-07-17 14:50:11 +0200[diff] [blame]422 if (!strcmp(var, "gpg.program") || !strcmp(var, "gpg.openpgp.program"))
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]423 fmtname = "openpgp";
424
Henning Schild1e7adb92018-07-17 14:50:12 +0200[diff] [blame]425 if (!strcmp(var, "gpg.x509.program"))
426 fmtname = "x509";
427
Henning Schild58af57e2018-07-17 14:50:09 +0200[diff] [blame]428 if (fmtname) {
429 fmt = get_format_by_name(fmtname);
430 return git_config_string(&fmt->program, var, value);
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]431 }
Jeff King1b0eeec2018-04-13 15:18:30 -0600[diff] [blame]432
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]433 return 0;
434}
435
436const char *get_signing_key(void)
437{
438 if (configured_signing_key)
439 return configured_signing_key;
Jeff Kingf9bc5732012-05-24 19:28:40 -0400[diff] [blame]440 return git_committer_info(IDENT_STRICT|IDENT_NO_DATE);
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]441}
442
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]443int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key)
444{
René Scharfed3180272014-08-19 21:09:35 +0200[diff] [blame]445 struct child_process gpg = CHILD_PROCESS_INIT;
Jeff King0581b542016-06-17 19:38:55 -0400[diff] [blame]446 int ret;
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]447 size_t i, j, bottom;
Michael J Gruberefee9552016-06-17 19:38:59 -0400[diff] [blame]448 struct strbuf gpg_status = STRBUF_INIT;
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]449
Jeff Kingef8d7ac2020-07-28 16:24:53 -0400[diff] [blame]450 strvec_pushl(&gpg.args,
Jeff Kingf6d89422020-07-28 16:26:31 -0400[diff] [blame]451 use_format->program,
452 "--status-fd=2",
453 "-bsau", signing_key,
454 NULL);
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]455
Jeff King0581b542016-06-17 19:38:55 -0400[diff] [blame]456 bottom = signature->len;
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]457
458 /*
459 * When the username signingkey is bad, program could be terminated
460 * because gpg exits without reading and then write gets SIGPIPE.
461 */
462 sigchain_push(SIGPIPE, SIG_IGN);
Jeff King0581b542016-06-17 19:38:55 -0400[diff] [blame]463 ret = pipe_command(&gpg, buffer->buf, buffer->len,
Michael J Gruberefee9552016-06-17 19:38:59 -0400[diff] [blame]464 signature, 1024, &gpg_status, 0);
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]465 sigchain_pop(SIGPIPE);
466
Michael J Gruberefee9552016-06-17 19:38:59 -0400[diff] [blame]467 ret |= !strstr(gpg_status.buf, "\n[GNUPG:] SIG_CREATED ");
468 strbuf_release(&gpg_status);
469 if (ret)
Junio C Hamano2f47eae2011-09-07 21:19:47 -0700[diff] [blame]470 return error(_("gpg failed to sign the data"));
471
472 /* Strip CR from the line endings, in case we are on Windows. */
473 for (i = j = bottom; i < signature->len; i++)
474 if (signature->buf[i] != '\r') {
475 if (i != j)
476 signature->buf[j] = signature->buf[i];
477 j++;
478 }
479 strbuf_setlen(signature, j);
480
481 return 0;
482}