Elijah Newren | a64acf7 | 2023-03-21 06:26:02 +0000 | [diff] [blame] | 1 | #include "git-compat-util.h" |
brian m. carlson | 9b27b49 | 2021-02-11 02:08:06 +0000 | [diff] [blame] | 2 | #include "commit.h" |
Brandon Williams | b2141fc | 2017-06-14 11:07:36 -0700 | [diff] [blame] | 3 | #include "config.h" |
Elijah Newren | d4a4f92 | 2023-04-22 20:17:26 +0000 | [diff] [blame] | 4 | #include "date.h" |
Elijah Newren | f394e09 | 2023-03-21 06:25:54 +0000 | [diff] [blame] | 5 | #include "gettext.h" |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 6 | #include "run-command.h" |
| 7 | #include "strbuf.h" |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 8 | #include "dir.h" |
Elijah Newren | b5fa608 | 2023-02-24 00:09:29 +0000 | [diff] [blame] | 9 | #include "ident.h" |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 10 | #include "gpg-interface.h" |
Elijah Newren | d1cbe1e | 2023-04-22 20:17:20 +0000 | [diff] [blame] | 11 | #include "path.h" |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 12 | #include "sigchain.h" |
Jeff King | 4322353 | 2016-06-17 19:38:43 -0400 | [diff] [blame] | 13 | #include "tempfile.h" |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 14 | #include "alias.h" |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 15 | |
Glen Choo | a4e7e31 | 2023-06-28 19:26:22 +0000 | [diff] [blame] | 16 | static int git_gpg_config(const char *, const char *, |
| 17 | const struct config_context *, void *); |
Junio C Hamano | fd2d4c1 | 2023-02-09 12:24:14 -0800 | [diff] [blame] | 18 | |
| 19 | static void gpg_interface_lazy_init(void) |
| 20 | { |
| 21 | static int done; |
| 22 | |
| 23 | if (done) |
| 24 | return; |
| 25 | done = 1; |
| 26 | git_config(git_gpg_config, NULL); |
| 27 | } |
| 28 | |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 29 | static char *configured_signing_key; |
Patrick Steinhardt | 1b261c2 | 2024-05-27 13:46:39 +0200 | [diff] [blame] | 30 | static char *ssh_default_key_command; |
Patrick Steinhardt | 6073b3b | 2024-05-27 13:46:15 +0200 | [diff] [blame] | 31 | static char *ssh_allowed_signers; |
| 32 | static char *ssh_revocation_file; |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 33 | static enum signature_trust_level configured_min_trust_level = TRUST_UNDEFINED; |
| 34 | |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 35 | struct gpg_format { |
| 36 | const char *name; |
Patrick Steinhardt | c113c5d | 2024-06-07 08:37:43 +0200 | [diff] [blame] | 37 | const char *program; |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 38 | const char **verify_args; |
| 39 | const char **sigs; |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 40 | int (*verify_signed_buffer)(struct signature_check *sigc, |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 41 | struct gpg_format *fmt, |
| 42 | const char *signature, |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 43 | size_t signature_size); |
| 44 | int (*sign_buffer)(struct strbuf *buffer, struct strbuf *signature, |
| 45 | const char *signing_key); |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 46 | const char *(*get_default_key)(void); |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 47 | const char *(*get_key_id)(void); |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 48 | }; |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 49 | |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 50 | static const char *openpgp_verify_args[] = { |
| 51 | "--keyid-format=long", |
| 52 | NULL |
| 53 | }; |
| 54 | static const char *openpgp_sigs[] = { |
| 55 | "-----BEGIN PGP SIGNATURE-----", |
| 56 | "-----BEGIN PGP MESSAGE-----", |
| 57 | NULL |
| 58 | }; |
| 59 | |
Henning Schild | 1e7adb9 | 2018-07-17 14:50:12 +0200 | [diff] [blame] | 60 | static const char *x509_verify_args[] = { |
| 61 | NULL |
| 62 | }; |
| 63 | static const char *x509_sigs[] = { |
| 64 | "-----BEGIN SIGNED MESSAGE-----", |
| 65 | NULL |
| 66 | }; |
| 67 | |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 68 | static const char *ssh_verify_args[] = { NULL }; |
| 69 | static const char *ssh_sigs[] = { |
| 70 | "-----BEGIN SSH SIGNATURE-----", |
| 71 | NULL |
| 72 | }; |
| 73 | |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 74 | static int verify_gpg_signed_buffer(struct signature_check *sigc, |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 75 | struct gpg_format *fmt, |
| 76 | const char *signature, |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 77 | size_t signature_size); |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 78 | static int verify_ssh_signed_buffer(struct signature_check *sigc, |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 79 | struct gpg_format *fmt, |
| 80 | const char *signature, |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 81 | size_t signature_size); |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 82 | static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature, |
| 83 | const char *signing_key); |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 84 | static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature, |
| 85 | const char *signing_key); |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 86 | |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 87 | static const char *get_default_ssh_signing_key(void); |
| 88 | |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 89 | static const char *get_ssh_key_id(void); |
| 90 | |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 91 | static struct gpg_format gpg_format[] = { |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 92 | { |
| 93 | .name = "openpgp", |
| 94 | .program = "gpg", |
| 95 | .verify_args = openpgp_verify_args, |
| 96 | .sigs = openpgp_sigs, |
| 97 | .verify_signed_buffer = verify_gpg_signed_buffer, |
| 98 | .sign_buffer = sign_buffer_gpg, |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 99 | .get_default_key = NULL, |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 100 | .get_key_id = NULL, |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 101 | }, |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 102 | { |
| 103 | .name = "x509", |
| 104 | .program = "gpgsm", |
| 105 | .verify_args = x509_verify_args, |
| 106 | .sigs = x509_sigs, |
| 107 | .verify_signed_buffer = verify_gpg_signed_buffer, |
| 108 | .sign_buffer = sign_buffer_gpg, |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 109 | .get_default_key = NULL, |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 110 | .get_key_id = NULL, |
Henning Schild | 1e7adb9 | 2018-07-17 14:50:12 +0200 | [diff] [blame] | 111 | }, |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 112 | { |
| 113 | .name = "ssh", |
| 114 | .program = "ssh-keygen", |
| 115 | .verify_args = ssh_verify_args, |
| 116 | .sigs = ssh_sigs, |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 117 | .verify_signed_buffer = verify_ssh_signed_buffer, |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 118 | .sign_buffer = sign_buffer_ssh, |
| 119 | .get_default_key = get_default_ssh_signing_key, |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 120 | .get_key_id = get_ssh_key_id, |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 121 | }, |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 122 | }; |
| 123 | |
| 124 | static struct gpg_format *use_format = &gpg_format[0]; |
| 125 | |
| 126 | static struct gpg_format *get_format_by_name(const char *str) |
| 127 | { |
| 128 | int i; |
| 129 | |
| 130 | for (i = 0; i < ARRAY_SIZE(gpg_format); i++) |
| 131 | if (!strcmp(gpg_format[i].name, str)) |
| 132 | return gpg_format + i; |
| 133 | return NULL; |
| 134 | } |
| 135 | |
| 136 | static struct gpg_format *get_format_by_sig(const char *sig) |
| 137 | { |
| 138 | int i, j; |
| 139 | |
| 140 | for (i = 0; i < ARRAY_SIZE(gpg_format); i++) |
| 141 | for (j = 0; gpg_format[i].sigs[j]; j++) |
| 142 | if (starts_with(sig, gpg_format[i].sigs[j])) |
| 143 | return gpg_format + i; |
| 144 | return NULL; |
| 145 | } |
Junio C Hamano | d7c6766 | 2014-08-19 13:18:07 -0700 | [diff] [blame] | 146 | |
Michael J Gruber | 01e57b5 | 2014-06-23 09:05:47 +0200 | [diff] [blame] | 147 | void signature_check_clear(struct signature_check *sigc) |
| 148 | { |
Ævar Arnfjörð Bjarmason | 88ce3ef | 2017-06-15 23:15:49 +0000 | [diff] [blame] | 149 | FREE_AND_NULL(sigc->payload); |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 150 | FREE_AND_NULL(sigc->output); |
Ævar Arnfjörð Bjarmason | 88ce3ef | 2017-06-15 23:15:49 +0000 | [diff] [blame] | 151 | FREE_AND_NULL(sigc->gpg_status); |
| 152 | FREE_AND_NULL(sigc->signer); |
| 153 | FREE_AND_NULL(sigc->key); |
Michał Górny | 3daaaab | 2018-10-22 18:38:20 +0200 | [diff] [blame] | 154 | FREE_AND_NULL(sigc->fingerprint); |
Michał Górny | 4de9394 | 2018-10-22 18:38:21 +0200 | [diff] [blame] | 155 | FREE_AND_NULL(sigc->primary_key_fingerprint); |
Michael J Gruber | 01e57b5 | 2014-06-23 09:05:47 +0200 | [diff] [blame] | 156 | } |
| 157 | |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 158 | /* An exclusive status -- only one of them can appear in output */ |
| 159 | #define GPG_STATUS_EXCLUSIVE (1<<0) |
Michał Górny | 0b11a84 | 2018-10-22 18:38:19 +0200 | [diff] [blame] | 160 | /* The status includes key identifier */ |
| 161 | #define GPG_STATUS_KEYID (1<<1) |
| 162 | /* The status includes user identifier */ |
| 163 | #define GPG_STATUS_UID (1<<2) |
Michał Górny | 3daaaab | 2018-10-22 18:38:20 +0200 | [diff] [blame] | 164 | /* The status includes key fingerprints */ |
| 165 | #define GPG_STATUS_FINGERPRINT (1<<3) |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 166 | /* The status includes trust level */ |
| 167 | #define GPG_STATUS_TRUST_LEVEL (1<<4) |
Michał Górny | 0b11a84 | 2018-10-22 18:38:19 +0200 | [diff] [blame] | 168 | |
| 169 | /* Short-hand for standard exclusive *SIG status with keyid & UID */ |
| 170 | #define GPG_STATUS_STDSIG (GPG_STATUS_EXCLUSIVE|GPG_STATUS_KEYID|GPG_STATUS_UID) |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 171 | |
Junio C Hamano | a50e7ca | 2014-08-14 15:31:13 -0700 | [diff] [blame] | 172 | static struct { |
| 173 | char result; |
| 174 | const char *check; |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 175 | unsigned int flags; |
Junio C Hamano | a50e7ca | 2014-08-14 15:31:13 -0700 | [diff] [blame] | 176 | } sigcheck_gpg_status[] = { |
Michał Górny | 0b11a84 | 2018-10-22 18:38:19 +0200 | [diff] [blame] | 177 | { 'G', "GOODSIG ", GPG_STATUS_STDSIG }, |
| 178 | { 'B', "BADSIG ", GPG_STATUS_STDSIG }, |
Michał Górny | 0b11a84 | 2018-10-22 18:38:19 +0200 | [diff] [blame] | 179 | { 'E', "ERRSIG ", GPG_STATUS_EXCLUSIVE|GPG_STATUS_KEYID }, |
| 180 | { 'X', "EXPSIG ", GPG_STATUS_STDSIG }, |
| 181 | { 'Y', "EXPKEYSIG ", GPG_STATUS_STDSIG }, |
| 182 | { 'R', "REVKEYSIG ", GPG_STATUS_STDSIG }, |
Michał Górny | 3daaaab | 2018-10-22 18:38:20 +0200 | [diff] [blame] | 183 | { 0, "VALIDSIG ", GPG_STATUS_FINGERPRINT }, |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 184 | { 0, "TRUST_", GPG_STATUS_TRUST_LEVEL }, |
| 185 | }; |
| 186 | |
Jaydeep Das | 803978d | 2022-07-11 05:00:50 +0000 | [diff] [blame] | 187 | /* Keep the order same as enum signature_trust_level */ |
| 188 | static struct sigcheck_gpg_trust_level { |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 189 | const char *key; |
Jaydeep Das | 803978d | 2022-07-11 05:00:50 +0000 | [diff] [blame] | 190 | const char *display_key; |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 191 | enum signature_trust_level value; |
| 192 | } sigcheck_gpg_trust_level[] = { |
Jaydeep Das | 803978d | 2022-07-11 05:00:50 +0000 | [diff] [blame] | 193 | { "UNDEFINED", "undefined", TRUST_UNDEFINED }, |
| 194 | { "NEVER", "never", TRUST_NEVER }, |
| 195 | { "MARGINAL", "marginal", TRUST_MARGINAL }, |
| 196 | { "FULLY", "fully", TRUST_FULLY }, |
| 197 | { "ULTIMATE", "ultimate", TRUST_ULTIMATE }, |
Junio C Hamano | a50e7ca | 2014-08-14 15:31:13 -0700 | [diff] [blame] | 198 | }; |
| 199 | |
Hans Jerry Illikainen | 392b862 | 2019-11-21 23:43:35 +0000 | [diff] [blame] | 200 | static void replace_cstring(char **field, const char *line, const char *next) |
| 201 | { |
| 202 | free(*field); |
| 203 | |
| 204 | if (line && next) |
| 205 | *field = xmemdupz(line, next - line); |
| 206 | else |
| 207 | *field = NULL; |
| 208 | } |
| 209 | |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 210 | static int parse_gpg_trust_level(const char *level, |
| 211 | enum signature_trust_level *res) |
| 212 | { |
| 213 | size_t i; |
| 214 | |
| 215 | for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_trust_level); i++) { |
| 216 | if (!strcmp(sigcheck_gpg_trust_level[i].key, level)) { |
| 217 | *res = sigcheck_gpg_trust_level[i].value; |
| 218 | return 0; |
| 219 | } |
| 220 | } |
| 221 | return 1; |
| 222 | } |
| 223 | |
Henning Schild | fbd0f16 | 2018-07-11 10:38:25 +0200 | [diff] [blame] | 224 | static void parse_gpg_output(struct signature_check *sigc) |
Junio C Hamano | a50e7ca | 2014-08-14 15:31:13 -0700 | [diff] [blame] | 225 | { |
| 226 | const char *buf = sigc->gpg_status; |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 227 | const char *line, *next; |
Michał Górny | 4de9394 | 2018-10-22 18:38:21 +0200 | [diff] [blame] | 228 | int i, j; |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 229 | int seen_exclusive_status = 0; |
Junio C Hamano | a50e7ca | 2014-08-14 15:31:13 -0700 | [diff] [blame] | 230 | |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 231 | /* Iterate over all lines */ |
| 232 | for (line = buf; *line; line = strchrnul(line+1, '\n')) { |
| 233 | while (*line == '\n') |
| 234 | line++; |
Steven Roberts | 64c45dc | 2019-07-16 11:47:37 -0700 | [diff] [blame] | 235 | if (!*line) |
| 236 | break; |
| 237 | |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 238 | /* Skip lines that don't start with GNUPG status */ |
| 239 | if (!skip_prefix(line, "[GNUPG:] ", &line)) |
| 240 | continue; |
Junio C Hamano | a50e7ca | 2014-08-14 15:31:13 -0700 | [diff] [blame] | 241 | |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 242 | /* Iterate over all search strings */ |
| 243 | for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) { |
| 244 | if (skip_prefix(line, sigcheck_gpg_status[i].check, &line)) { |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 245 | /* |
| 246 | * GOODSIG, BADSIG etc. can occur only once for |
| 247 | * each signature. Therefore, if we had more |
| 248 | * than one then we're dealing with multiple |
| 249 | * signatures. We don't support them |
| 250 | * currently, and they're rather hard to |
| 251 | * create, so something is likely fishy and we |
| 252 | * should reject them altogether. |
| 253 | */ |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 254 | if (sigcheck_gpg_status[i].flags & GPG_STATUS_EXCLUSIVE) { |
Junio C Hamano | 0256189 | 2018-11-03 00:53:57 +0900 | [diff] [blame] | 255 | if (seen_exclusive_status++) |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 256 | goto error; |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 257 | } |
| 258 | |
Michał Górny | 3daaaab | 2018-10-22 18:38:20 +0200 | [diff] [blame] | 259 | if (sigcheck_gpg_status[i].result) |
| 260 | sigc->result = sigcheck_gpg_status[i].result; |
Michał Górny | 0b11a84 | 2018-10-22 18:38:19 +0200 | [diff] [blame] | 261 | /* Do we have key information? */ |
| 262 | if (sigcheck_gpg_status[i].flags & GPG_STATUS_KEYID) { |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 263 | next = strchrnul(line, ' '); |
Hans Jerry Illikainen | 392b862 | 2019-11-21 23:43:35 +0000 | [diff] [blame] | 264 | replace_cstring(&sigc->key, line, next); |
Michał Górny | 0b11a84 | 2018-10-22 18:38:19 +0200 | [diff] [blame] | 265 | /* Do we have signer information? */ |
| 266 | if (*next && (sigcheck_gpg_status[i].flags & GPG_STATUS_UID)) { |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 267 | line = next + 1; |
| 268 | next = strchrnul(line, '\n'); |
Hans Jerry Illikainen | 392b862 | 2019-11-21 23:43:35 +0000 | [diff] [blame] | 269 | replace_cstring(&sigc->signer, line, next); |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 270 | } |
| 271 | } |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 272 | |
| 273 | /* Do we have trust level? */ |
| 274 | if (sigcheck_gpg_status[i].flags & GPG_STATUS_TRUST_LEVEL) { |
| 275 | /* |
| 276 | * GPG v1 and v2 differs in how the |
| 277 | * TRUST_ lines are written. Some |
| 278 | * trust lines contain no additional |
| 279 | * space-separated information for v1. |
| 280 | */ |
| 281 | size_t trust_size = strcspn(line, " \n"); |
| 282 | char *trust = xmemdupz(line, trust_size); |
| 283 | |
| 284 | if (parse_gpg_trust_level(trust, &sigc->trust_level)) { |
| 285 | free(trust); |
| 286 | goto error; |
| 287 | } |
| 288 | free(trust); |
| 289 | } |
| 290 | |
Michał Górny | 3daaaab | 2018-10-22 18:38:20 +0200 | [diff] [blame] | 291 | /* Do we have fingerprint? */ |
| 292 | if (sigcheck_gpg_status[i].flags & GPG_STATUS_FINGERPRINT) { |
Hans Jerry Illikainen | 67a6ea6 | 2019-11-22 20:23:12 +0000 | [diff] [blame] | 293 | const char *limit; |
| 294 | char **field; |
| 295 | |
Michał Górny | 3daaaab | 2018-10-22 18:38:20 +0200 | [diff] [blame] | 296 | next = strchrnul(line, ' '); |
Hans Jerry Illikainen | 392b862 | 2019-11-21 23:43:35 +0000 | [diff] [blame] | 297 | replace_cstring(&sigc->fingerprint, line, next); |
Michał Górny | 4de9394 | 2018-10-22 18:38:21 +0200 | [diff] [blame] | 298 | |
Hans Jerry Illikainen | 67a6ea6 | 2019-11-22 20:23:12 +0000 | [diff] [blame] | 299 | /* |
| 300 | * Skip interim fields. The search is |
| 301 | * limited to the same line since only |
| 302 | * OpenPGP signatures has a field with |
| 303 | * the primary fingerprint. |
| 304 | */ |
| 305 | limit = strchrnul(line, '\n'); |
Michał Górny | 4de9394 | 2018-10-22 18:38:21 +0200 | [diff] [blame] | 306 | for (j = 9; j > 0; j--) { |
Hans Jerry Illikainen | 67a6ea6 | 2019-11-22 20:23:12 +0000 | [diff] [blame] | 307 | if (!*next || limit <= next) |
Michał Górny | 4de9394 | 2018-10-22 18:38:21 +0200 | [diff] [blame] | 308 | break; |
| 309 | line = next + 1; |
| 310 | next = strchrnul(line, ' '); |
| 311 | } |
| 312 | |
Hans Jerry Illikainen | 67a6ea6 | 2019-11-22 20:23:12 +0000 | [diff] [blame] | 313 | field = &sigc->primary_key_fingerprint; |
| 314 | if (!j) { |
| 315 | next = strchrnul(line, '\n'); |
| 316 | replace_cstring(field, line, next); |
| 317 | } else { |
| 318 | replace_cstring(field, NULL, NULL); |
| 319 | } |
Michał Górny | 3daaaab | 2018-10-22 18:38:20 +0200 | [diff] [blame] | 320 | } |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 321 | |
| 322 | break; |
Michael J Gruber | 661a180 | 2016-10-12 15:04:15 +0200 | [diff] [blame] | 323 | } |
Junio C Hamano | a50e7ca | 2014-08-14 15:31:13 -0700 | [diff] [blame] | 324 | } |
| 325 | } |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 326 | return; |
| 327 | |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 328 | error: |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 329 | sigc->result = 'E'; |
| 330 | /* Clear partial data to avoid confusion */ |
Michał Górny | 4de9394 | 2018-10-22 18:38:21 +0200 | [diff] [blame] | 331 | FREE_AND_NULL(sigc->primary_key_fingerprint); |
Michał Górny | 3daaaab | 2018-10-22 18:38:20 +0200 | [diff] [blame] | 332 | FREE_AND_NULL(sigc->fingerprint); |
Michał Górny | da6cf1b | 2018-10-20 21:30:20 +0200 | [diff] [blame] | 333 | FREE_AND_NULL(sigc->signer); |
| 334 | FREE_AND_NULL(sigc->key); |
Junio C Hamano | a50e7ca | 2014-08-14 15:31:13 -0700 | [diff] [blame] | 335 | } |
| 336 | |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 337 | static int verify_gpg_signed_buffer(struct signature_check *sigc, |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 338 | struct gpg_format *fmt, |
| 339 | const char *signature, |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 340 | size_t signature_size) |
Hans Jerry Illikainen | 6794898 | 2020-03-04 11:48:04 +0000 | [diff] [blame] | 341 | { |
| 342 | struct child_process gpg = CHILD_PROCESS_INIT; |
Hans Jerry Illikainen | 6794898 | 2020-03-04 11:48:04 +0000 | [diff] [blame] | 343 | struct tempfile *temp; |
| 344 | int ret; |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 345 | struct strbuf gpg_stdout = STRBUF_INIT; |
| 346 | struct strbuf gpg_stderr = STRBUF_INIT; |
Hans Jerry Illikainen | 6794898 | 2020-03-04 11:48:04 +0000 | [diff] [blame] | 347 | |
| 348 | temp = mks_tempfile_t(".git_vtag_tmpXXXXXX"); |
| 349 | if (!temp) |
| 350 | return error_errno(_("could not create temporary file")); |
| 351 | if (write_in_full(temp->fd, signature, signature_size) < 0 || |
| 352 | close_tempfile_gently(temp) < 0) { |
| 353 | error_errno(_("failed writing detached signature to '%s'"), |
| 354 | temp->filename.buf); |
| 355 | delete_tempfile(&temp); |
| 356 | return -1; |
| 357 | } |
| 358 | |
Jeff King | ef8d7ac | 2020-07-28 16:24:53 -0400 | [diff] [blame] | 359 | strvec_push(&gpg.args, fmt->program); |
| 360 | strvec_pushv(&gpg.args, fmt->verify_args); |
| 361 | strvec_pushl(&gpg.args, |
Jeff King | f6d8942 | 2020-07-28 16:26:31 -0400 | [diff] [blame] | 362 | "--status-fd=1", |
| 363 | "--verify", temp->filename.buf, "-", |
| 364 | NULL); |
Hans Jerry Illikainen | 6794898 | 2020-03-04 11:48:04 +0000 | [diff] [blame] | 365 | |
Hans Jerry Illikainen | 6794898 | 2020-03-04 11:48:04 +0000 | [diff] [blame] | 366 | sigchain_push(SIGPIPE, SIG_IGN); |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 367 | ret = pipe_command(&gpg, sigc->payload, sigc->payload_len, &gpg_stdout, 0, |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 368 | &gpg_stderr, 0); |
Hans Jerry Illikainen | 6794898 | 2020-03-04 11:48:04 +0000 | [diff] [blame] | 369 | sigchain_pop(SIGPIPE); |
| 370 | |
| 371 | delete_tempfile(&temp); |
| 372 | |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 373 | ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG "); |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 374 | sigc->output = strbuf_detach(&gpg_stderr, NULL); |
| 375 | sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL); |
| 376 | |
| 377 | parse_gpg_output(sigc); |
| 378 | |
| 379 | strbuf_release(&gpg_stdout); |
| 380 | strbuf_release(&gpg_stderr); |
Hans Jerry Illikainen | 6794898 | 2020-03-04 11:48:04 +0000 | [diff] [blame] | 381 | |
| 382 | return ret; |
| 383 | } |
| 384 | |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 385 | static void parse_ssh_output(struct signature_check *sigc) |
| 386 | { |
| 387 | const char *line, *principal, *search; |
Jeff King | 78d468f | 2021-10-18 13:15:00 -0400 | [diff] [blame] | 388 | char *to_free; |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 389 | char *key = NULL; |
| 390 | |
| 391 | /* |
| 392 | * ssh-keygen output should be: |
| 393 | * Good "git" signature for PRINCIPAL with RSA key SHA256:FINGERPRINT |
| 394 | * |
| 395 | * or for valid but unknown keys: |
| 396 | * Good "git" signature with RSA key SHA256:FINGERPRINT |
| 397 | * |
| 398 | * Note that "PRINCIPAL" can contain whitespace, "RSA" and |
| 399 | * "SHA256" part could be a different token that names of |
| 400 | * the algorithms used, and "FINGERPRINT" is a hexadecimal |
| 401 | * string. By finding the last occurence of " with ", we can |
| 402 | * reliably parse out the PRINCIPAL. |
| 403 | */ |
| 404 | sigc->result = 'B'; |
| 405 | sigc->trust_level = TRUST_NEVER; |
| 406 | |
Jeff King | 78d468f | 2021-10-18 13:15:00 -0400 | [diff] [blame] | 407 | line = to_free = xmemdupz(sigc->output, strcspn(sigc->output, "\n")); |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 408 | |
| 409 | if (skip_prefix(line, "Good \"git\" signature for ", &line)) { |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 410 | /* Search for the last "with" to get the full principal */ |
| 411 | principal = line; |
| 412 | do { |
| 413 | search = strstr(line, " with "); |
| 414 | if (search) |
| 415 | line = search + 1; |
| 416 | } while (search != NULL); |
René Scharfe | 18b1850 | 2021-10-30 19:04:56 +0200 | [diff] [blame] | 417 | if (line == principal) |
| 418 | goto cleanup; |
| 419 | |
| 420 | /* Valid signature and known principal */ |
| 421 | sigc->result = 'G'; |
| 422 | sigc->trust_level = TRUST_FULLY; |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 423 | sigc->signer = xmemdupz(principal, line - principal - 1); |
| 424 | } else if (skip_prefix(line, "Good \"git\" signature with ", &line)) { |
| 425 | /* Valid signature, but key unknown */ |
| 426 | sigc->result = 'G'; |
| 427 | sigc->trust_level = TRUST_UNDEFINED; |
| 428 | } else { |
Jeff King | 78d468f | 2021-10-18 13:15:00 -0400 | [diff] [blame] | 429 | goto cleanup; |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 430 | } |
| 431 | |
René Scharfe | 65db97b | 2021-10-30 19:07:38 +0200 | [diff] [blame] | 432 | key = strstr(line, "key "); |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 433 | if (key) { |
René Scharfe | 65db97b | 2021-10-30 19:07:38 +0200 | [diff] [blame] | 434 | sigc->fingerprint = xstrdup(strstr(line, "key ") + 4); |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 435 | sigc->key = xstrdup(sigc->fingerprint); |
| 436 | } else { |
| 437 | /* |
| 438 | * Output did not match what we expected |
| 439 | * Treat the signature as bad |
| 440 | */ |
| 441 | sigc->result = 'B'; |
| 442 | } |
Jeff King | 78d468f | 2021-10-18 13:15:00 -0400 | [diff] [blame] | 443 | |
| 444 | cleanup: |
| 445 | free(to_free); |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 446 | } |
| 447 | |
| 448 | static int verify_ssh_signed_buffer(struct signature_check *sigc, |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 449 | struct gpg_format *fmt, |
| 450 | const char *signature, |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 451 | size_t signature_size) |
| 452 | { |
| 453 | struct child_process ssh_keygen = CHILD_PROCESS_INIT; |
| 454 | struct tempfile *buffer_file; |
| 455 | int ret = -1; |
| 456 | const char *line; |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 457 | char *principal; |
| 458 | struct strbuf ssh_principals_out = STRBUF_INIT; |
| 459 | struct strbuf ssh_principals_err = STRBUF_INIT; |
| 460 | struct strbuf ssh_keygen_out = STRBUF_INIT; |
| 461 | struct strbuf ssh_keygen_err = STRBUF_INIT; |
Fabian Stelzer | 6393c95 | 2021-12-09 09:52:45 +0100 | [diff] [blame] | 462 | struct strbuf verify_time = STRBUF_INIT; |
| 463 | const struct date_mode verify_date_mode = { |
| 464 | .type = DATE_STRFTIME, |
| 465 | .strftime_fmt = "%Y%m%d%H%M%S", |
| 466 | /* SSH signing key validity has no timezone information - Use the local timezone */ |
| 467 | .local = 1, |
| 468 | }; |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 469 | |
| 470 | if (!ssh_allowed_signers) { |
| 471 | error(_("gpg.ssh.allowedSignersFile needs to be configured and exist for ssh signature verification")); |
| 472 | return -1; |
| 473 | } |
| 474 | |
| 475 | buffer_file = mks_tempfile_t(".git_vtag_tmpXXXXXX"); |
| 476 | if (!buffer_file) |
| 477 | return error_errno(_("could not create temporary file")); |
| 478 | if (write_in_full(buffer_file->fd, signature, signature_size) < 0 || |
| 479 | close_tempfile_gently(buffer_file) < 0) { |
| 480 | error_errno(_("failed writing detached signature to '%s'"), |
| 481 | buffer_file->filename.buf); |
| 482 | delete_tempfile(&buffer_file); |
| 483 | return -1; |
| 484 | } |
| 485 | |
Fabian Stelzer | 6393c95 | 2021-12-09 09:52:45 +0100 | [diff] [blame] | 486 | if (sigc->payload_timestamp) |
| 487 | strbuf_addf(&verify_time, "-Overify-time=%s", |
René Scharfe | 9720d23 | 2024-04-05 19:44:59 +0200 | [diff] [blame] | 488 | show_date(sigc->payload_timestamp, 0, verify_date_mode)); |
Fabian Stelzer | 6393c95 | 2021-12-09 09:52:45 +0100 | [diff] [blame] | 489 | |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 490 | /* Find the principal from the signers */ |
| 491 | strvec_pushl(&ssh_keygen.args, fmt->program, |
| 492 | "-Y", "find-principals", |
| 493 | "-f", ssh_allowed_signers, |
| 494 | "-s", buffer_file->filename.buf, |
Fabian Stelzer | 6393c95 | 2021-12-09 09:52:45 +0100 | [diff] [blame] | 495 | verify_time.buf, |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 496 | NULL); |
| 497 | ret = pipe_command(&ssh_keygen, NULL, 0, &ssh_principals_out, 0, |
| 498 | &ssh_principals_err, 0); |
| 499 | if (ret && strstr(ssh_principals_err.buf, "usage:")) { |
| 500 | error(_("ssh-keygen -Y find-principals/verify is needed for ssh signature verification (available in openssh version 8.2p1+)")); |
| 501 | goto out; |
| 502 | } |
| 503 | if (ret || !ssh_principals_out.len) { |
| 504 | /* |
| 505 | * We did not find a matching principal in the allowedSigners |
| 506 | * Check without validation |
| 507 | */ |
| 508 | child_process_init(&ssh_keygen); |
| 509 | strvec_pushl(&ssh_keygen.args, fmt->program, |
| 510 | "-Y", "check-novalidate", |
| 511 | "-n", "git", |
| 512 | "-s", buffer_file->filename.buf, |
Fabian Stelzer | 6393c95 | 2021-12-09 09:52:45 +0100 | [diff] [blame] | 513 | verify_time.buf, |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 514 | NULL); |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 515 | pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len, |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 516 | &ssh_keygen_out, 0, &ssh_keygen_err, 0); |
| 517 | |
| 518 | /* |
| 519 | * Fail on unknown keys |
| 520 | * we still call check-novalidate to display the signature info |
| 521 | */ |
| 522 | ret = -1; |
| 523 | } else { |
| 524 | /* Check every principal we found (one per line) */ |
Fabian Stelzer | caeef01 | 2022-01-07 10:07:35 +0100 | [diff] [blame] | 525 | const char *next; |
| 526 | for (line = ssh_principals_out.buf; |
| 527 | *line; |
| 528 | line = next) { |
| 529 | const char *end_of_text; |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 530 | |
Fabian Stelzer | caeef01 | 2022-01-07 10:07:35 +0100 | [diff] [blame] | 531 | next = end_of_text = strchrnul(line, '\n'); |
| 532 | |
| 533 | /* Did we find a LF, and did we have CR before it? */ |
| 534 | if (*end_of_text && |
| 535 | line < end_of_text && |
| 536 | end_of_text[-1] == '\r') |
| 537 | end_of_text--; |
| 538 | |
| 539 | /* Unless we hit NUL, skip over the LF we found */ |
| 540 | if (*next) |
| 541 | next++; |
| 542 | |
| 543 | /* Not all lines are data. Skip empty ones */ |
| 544 | if (line == end_of_text) |
| 545 | continue; |
| 546 | |
| 547 | /* We now know we have an non-empty line. Process it */ |
| 548 | principal = xmemdupz(line, end_of_text - line); |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 549 | |
| 550 | child_process_init(&ssh_keygen); |
| 551 | strbuf_release(&ssh_keygen_out); |
| 552 | strbuf_release(&ssh_keygen_err); |
| 553 | strvec_push(&ssh_keygen.args, fmt->program); |
| 554 | /* |
| 555 | * We found principals |
| 556 | * Try with each until we find a match |
| 557 | */ |
| 558 | strvec_pushl(&ssh_keygen.args, "-Y", "verify", |
| 559 | "-n", "git", |
| 560 | "-f", ssh_allowed_signers, |
| 561 | "-I", principal, |
| 562 | "-s", buffer_file->filename.buf, |
Fabian Stelzer | 6393c95 | 2021-12-09 09:52:45 +0100 | [diff] [blame] | 563 | verify_time.buf, |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 564 | NULL); |
| 565 | |
| 566 | if (ssh_revocation_file) { |
| 567 | if (file_exists(ssh_revocation_file)) { |
| 568 | strvec_pushl(&ssh_keygen.args, "-r", |
| 569 | ssh_revocation_file, NULL); |
| 570 | } else { |
| 571 | warning(_("ssh signing revocation file configured but not found: %s"), |
| 572 | ssh_revocation_file); |
| 573 | } |
| 574 | } |
| 575 | |
| 576 | sigchain_push(SIGPIPE, SIG_IGN); |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 577 | ret = pipe_command(&ssh_keygen, sigc->payload, sigc->payload_len, |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 578 | &ssh_keygen_out, 0, &ssh_keygen_err, 0); |
| 579 | sigchain_pop(SIGPIPE); |
| 580 | |
| 581 | FREE_AND_NULL(principal); |
| 582 | |
| 583 | if (!ret) |
| 584 | ret = !starts_with(ssh_keygen_out.buf, "Good"); |
| 585 | |
| 586 | if (!ret) |
| 587 | break; |
| 588 | } |
| 589 | } |
| 590 | |
Jeff King | 2982b65 | 2024-03-12 05:17:27 -0400 | [diff] [blame] | 591 | strbuf_stripspace(&ssh_keygen_out, NULL); |
| 592 | strbuf_stripspace(&ssh_keygen_err, NULL); |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 593 | /* Add stderr outputs to show the user actual ssh-keygen errors */ |
| 594 | strbuf_add(&ssh_keygen_out, ssh_principals_err.buf, ssh_principals_err.len); |
| 595 | strbuf_add(&ssh_keygen_out, ssh_keygen_err.buf, ssh_keygen_err.len); |
| 596 | sigc->output = strbuf_detach(&ssh_keygen_out, NULL); |
| 597 | sigc->gpg_status = xstrdup(sigc->output); |
| 598 | |
| 599 | parse_ssh_output(sigc); |
| 600 | |
| 601 | out: |
| 602 | if (buffer_file) |
| 603 | delete_tempfile(&buffer_file); |
| 604 | strbuf_release(&ssh_principals_out); |
| 605 | strbuf_release(&ssh_principals_err); |
| 606 | strbuf_release(&ssh_keygen_out); |
| 607 | strbuf_release(&ssh_keygen_err); |
Fabian Stelzer | 6393c95 | 2021-12-09 09:52:45 +0100 | [diff] [blame] | 608 | strbuf_release(&verify_time); |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 609 | |
| 610 | return ret; |
| 611 | } |
| 612 | |
Fabian Stelzer | 6393c95 | 2021-12-09 09:52:45 +0100 | [diff] [blame] | 613 | static int parse_payload_metadata(struct signature_check *sigc) |
| 614 | { |
| 615 | const char *ident_line = NULL; |
| 616 | size_t ident_len; |
| 617 | struct ident_split ident; |
| 618 | const char *signer_header; |
| 619 | |
| 620 | switch (sigc->payload_type) { |
| 621 | case SIGNATURE_PAYLOAD_COMMIT: |
| 622 | signer_header = "committer"; |
| 623 | break; |
| 624 | case SIGNATURE_PAYLOAD_TAG: |
| 625 | signer_header = "tagger"; |
| 626 | break; |
| 627 | case SIGNATURE_PAYLOAD_UNDEFINED: |
| 628 | case SIGNATURE_PAYLOAD_PUSH_CERT: |
| 629 | /* Ignore payloads we don't want to parse */ |
| 630 | return 0; |
| 631 | default: |
| 632 | BUG("invalid value for sigc->payload_type"); |
| 633 | } |
| 634 | |
| 635 | ident_line = find_commit_header(sigc->payload, signer_header, &ident_len); |
| 636 | if (!ident_line || !ident_len) |
| 637 | return 1; |
| 638 | |
| 639 | if (split_ident_line(&ident, ident_line, ident_len)) |
| 640 | return 1; |
| 641 | |
| 642 | if (!sigc->payload_timestamp && ident.date_begin && ident.date_end) |
| 643 | sigc->payload_timestamp = parse_timestamp(ident.date_begin, NULL, 10); |
| 644 | |
| 645 | return 0; |
| 646 | } |
| 647 | |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 648 | int check_signature(struct signature_check *sigc, |
| 649 | const char *signature, size_t slen) |
brian m. carlson | a4cc18f | 2015-06-21 23:14:38 +0000 | [diff] [blame] | 650 | { |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 651 | struct gpg_format *fmt; |
brian m. carlson | a4cc18f | 2015-06-21 23:14:38 +0000 | [diff] [blame] | 652 | int status; |
| 653 | |
Junio C Hamano | fd2d4c1 | 2023-02-09 12:24:14 -0800 | [diff] [blame] | 654 | gpg_interface_lazy_init(); |
| 655 | |
brian m. carlson | a4cc18f | 2015-06-21 23:14:38 +0000 | [diff] [blame] | 656 | sigc->result = 'N'; |
Jeff King | 7891e46 | 2023-04-18 21:29:57 -0400 | [diff] [blame] | 657 | sigc->trust_level = TRUST_UNDEFINED; |
brian m. carlson | a4cc18f | 2015-06-21 23:14:38 +0000 | [diff] [blame] | 658 | |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 659 | fmt = get_format_by_sig(signature); |
| 660 | if (!fmt) |
| 661 | die(_("bad/incompatible signature '%s'"), signature); |
| 662 | |
Fabian Stelzer | 6393c95 | 2021-12-09 09:52:45 +0100 | [diff] [blame] | 663 | if (parse_payload_metadata(sigc)) |
| 664 | return 1; |
| 665 | |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 666 | status = fmt->verify_signed_buffer(sigc, fmt, signature, slen); |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 667 | |
| 668 | if (status && !sigc->output) |
| 669 | return !!status; |
| 670 | |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 671 | status |= sigc->result != 'G'; |
| 672 | status |= sigc->trust_level < configured_min_trust_level; |
brian m. carlson | a4cc18f | 2015-06-21 23:14:38 +0000 | [diff] [blame] | 673 | |
Junio C Hamano | 4e5dc9c | 2018-08-09 11:40:27 -0700 | [diff] [blame] | 674 | return !!status; |
brian m. carlson | a4cc18f | 2015-06-21 23:14:38 +0000 | [diff] [blame] | 675 | } |
| 676 | |
brian m. carlson | ca194d5 | 2015-06-21 23:14:41 +0000 | [diff] [blame] | 677 | void print_signature_buffer(const struct signature_check *sigc, unsigned flags) |
| 678 | { |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 679 | const char *output = flags & GPG_VERIFY_RAW ? sigc->gpg_status : |
| 680 | sigc->output; |
brian m. carlson | aeff29d | 2015-06-21 23:14:42 +0000 | [diff] [blame] | 681 | |
brian m. carlson | ca194d5 | 2015-06-21 23:14:41 +0000 | [diff] [blame] | 682 | if (flags & GPG_VERIFY_VERBOSE && sigc->payload) |
Fabian Stelzer | 0276943 | 2021-12-09 09:52:43 +0100 | [diff] [blame] | 683 | fwrite(sigc->payload, 1, sigc->payload_len, stdout); |
brian m. carlson | ca194d5 | 2015-06-21 23:14:41 +0000 | [diff] [blame] | 684 | |
brian m. carlson | aeff29d | 2015-06-21 23:14:42 +0000 | [diff] [blame] | 685 | if (output) |
| 686 | fputs(output, stderr); |
brian m. carlson | ca194d5 | 2015-06-21 23:14:41 +0000 | [diff] [blame] | 687 | } |
| 688 | |
brian m. carlson | 482c119 | 2021-02-11 02:08:03 +0000 | [diff] [blame] | 689 | size_t parse_signed_buffer(const char *buf, size_t size) |
Junio C Hamano | d7c6766 | 2014-08-19 13:18:07 -0700 | [diff] [blame] | 690 | { |
Junio C Hamano | d7c6766 | 2014-08-19 13:18:07 -0700 | [diff] [blame] | 691 | size_t len = 0; |
Jeff King | 8b44b2b | 2018-04-13 15:18:35 -0600 | [diff] [blame] | 692 | size_t match = size; |
| 693 | while (len < size) { |
| 694 | const char *eol; |
| 695 | |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 696 | if (get_format_by_sig(buf + len)) |
Jeff King | 8b44b2b | 2018-04-13 15:18:35 -0600 | [diff] [blame] | 697 | match = len; |
| 698 | |
| 699 | eol = memchr(buf + len, '\n', size - len); |
Junio C Hamano | d7c6766 | 2014-08-19 13:18:07 -0700 | [diff] [blame] | 700 | len += eol ? eol - (buf + len) + 1 : size - len; |
| 701 | } |
Jeff King | 8b44b2b | 2018-04-13 15:18:35 -0600 | [diff] [blame] | 702 | return match; |
Junio C Hamano | d7c6766 | 2014-08-19 13:18:07 -0700 | [diff] [blame] | 703 | } |
| 704 | |
brian m. carlson | 482c119 | 2021-02-11 02:08:03 +0000 | [diff] [blame] | 705 | int parse_signature(const char *buf, size_t size, struct strbuf *payload, struct strbuf *signature) |
| 706 | { |
| 707 | size_t match = parse_signed_buffer(buf, size); |
| 708 | if (match != size) { |
| 709 | strbuf_add(payload, buf, match); |
brian m. carlson | 9b27b49 | 2021-02-11 02:08:06 +0000 | [diff] [blame] | 710 | remove_signature(payload); |
brian m. carlson | 482c119 | 2021-02-11 02:08:03 +0000 | [diff] [blame] | 711 | strbuf_add(signature, buf + match, size - match); |
| 712 | return 1; |
| 713 | } |
| 714 | return 0; |
| 715 | } |
| 716 | |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 717 | void set_signing_key(const char *key) |
| 718 | { |
Junio C Hamano | fd2d4c1 | 2023-02-09 12:24:14 -0800 | [diff] [blame] | 719 | gpg_interface_lazy_init(); |
| 720 | |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 721 | free(configured_signing_key); |
| 722 | configured_signing_key = xstrdup(key); |
| 723 | } |
| 724 | |
Glen Choo | a4e7e31 | 2023-06-28 19:26:22 +0000 | [diff] [blame] | 725 | static int git_gpg_config(const char *var, const char *value, |
| 726 | const struct config_context *ctx UNUSED, |
| 727 | void *cb UNUSED) |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 728 | { |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 729 | struct gpg_format *fmt = NULL; |
Patrick Steinhardt | b567004 | 2024-06-07 08:37:39 +0200 | [diff] [blame] | 730 | const char *fmtname = NULL; |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 731 | char *trust; |
| 732 | int ret; |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 733 | |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 734 | if (!strcmp(var, "user.signingkey")) { |
Jeff King | 1b0eeec | 2018-04-13 15:18:30 -0600 | [diff] [blame] | 735 | if (!value) |
| 736 | return config_error_nonbool(var); |
Junio C Hamano | 0c5e70f | 2011-11-29 12:29:48 -0800 | [diff] [blame] | 737 | set_signing_key(value); |
Jeff King | 1b0eeec | 2018-04-13 15:18:30 -0600 | [diff] [blame] | 738 | return 0; |
Junio C Hamano | 0c5e70f | 2011-11-29 12:29:48 -0800 | [diff] [blame] | 739 | } |
Jeff King | 1b0eeec | 2018-04-13 15:18:30 -0600 | [diff] [blame] | 740 | |
Henning Schild | 57a8dd7 | 2018-07-17 14:50:07 +0200 | [diff] [blame] | 741 | if (!strcmp(var, "gpg.format")) { |
| 742 | if (!value) |
| 743 | return config_error_nonbool(var); |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 744 | fmt = get_format_by_name(value); |
| 745 | if (!fmt) |
Jean-Noël Avila | 1a8aea8 | 2022-01-31 22:07:47 +0000 | [diff] [blame] | 746 | return error(_("invalid value for '%s': '%s'"), |
Henning Schild | 57a8dd7 | 2018-07-17 14:50:07 +0200 | [diff] [blame] | 747 | var, value); |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 748 | use_format = fmt; |
| 749 | return 0; |
Henning Schild | 57a8dd7 | 2018-07-17 14:50:07 +0200 | [diff] [blame] | 750 | } |
| 751 | |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 752 | if (!strcmp(var, "gpg.mintrustlevel")) { |
| 753 | if (!value) |
| 754 | return config_error_nonbool(var); |
| 755 | |
| 756 | trust = xstrdup_toupper(value); |
| 757 | ret = parse_gpg_trust_level(trust, &configured_min_trust_level); |
| 758 | free(trust); |
| 759 | |
| 760 | if (ret) |
Jean-Noël Avila | 1a8aea8 | 2022-01-31 22:07:47 +0000 | [diff] [blame] | 761 | return error(_("invalid value for '%s': '%s'"), |
| 762 | var, value); |
Hans Jerry Illikainen | 54887b4 | 2019-12-27 13:55:57 +0000 | [diff] [blame] | 763 | return 0; |
| 764 | } |
| 765 | |
Jeff King | 004c943 | 2023-12-07 02:26:31 -0500 | [diff] [blame] | 766 | if (!strcmp(var, "gpg.ssh.defaultkeycommand")) |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 767 | return git_config_string(&ssh_default_key_command, var, value); |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 768 | |
Jeff King | 004c943 | 2023-12-07 02:26:31 -0500 | [diff] [blame] | 769 | if (!strcmp(var, "gpg.ssh.allowedsignersfile")) |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 770 | return git_config_pathname(&ssh_allowed_signers, var, value); |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 771 | |
Jeff King | 004c943 | 2023-12-07 02:26:31 -0500 | [diff] [blame] | 772 | if (!strcmp(var, "gpg.ssh.revocationfile")) |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 773 | return git_config_pathname(&ssh_revocation_file, var, value); |
Fabian Stelzer | facca53 | 2021-09-10 20:07:39 +0000 | [diff] [blame] | 774 | |
Henning Schild | b02f51b | 2018-07-17 14:50:11 +0200 | [diff] [blame] | 775 | if (!strcmp(var, "gpg.program") || !strcmp(var, "gpg.openpgp.program")) |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 776 | fmtname = "openpgp"; |
| 777 | |
Henning Schild | 1e7adb9 | 2018-07-17 14:50:12 +0200 | [diff] [blame] | 778 | if (!strcmp(var, "gpg.x509.program")) |
| 779 | fmtname = "x509"; |
| 780 | |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 781 | if (!strcmp(var, "gpg.ssh.program")) |
| 782 | fmtname = "ssh"; |
| 783 | |
Henning Schild | 58af57e | 2018-07-17 14:50:09 +0200 | [diff] [blame] | 784 | if (fmtname) { |
| 785 | fmt = get_format_by_name(fmtname); |
Patrick Steinhardt | c113c5d | 2024-06-07 08:37:43 +0200 | [diff] [blame] | 786 | return git_config_string((char **) &fmt->program, var, value); |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 787 | } |
Jeff King | 1b0eeec | 2018-04-13 15:18:30 -0600 | [diff] [blame] | 788 | |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 789 | return 0; |
| 790 | } |
| 791 | |
Fabian Stelzer | 350a251 | 2021-11-19 16:07:06 +0100 | [diff] [blame] | 792 | /* |
| 793 | * Returns 1 if `string` contains a literal ssh key, 0 otherwise |
| 794 | * `key` will be set to the start of the actual key if a prefix is present. |
| 795 | */ |
| 796 | static int is_literal_ssh_key(const char *string, const char **key) |
| 797 | { |
| 798 | if (skip_prefix(string, "key::", key)) |
| 799 | return 1; |
| 800 | if (starts_with(string, "ssh-")) { |
| 801 | *key = string; |
| 802 | return 1; |
| 803 | } |
| 804 | return 0; |
| 805 | } |
| 806 | |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 807 | static char *get_ssh_key_fingerprint(const char *signing_key) |
| 808 | { |
| 809 | struct child_process ssh_keygen = CHILD_PROCESS_INIT; |
| 810 | int ret = -1; |
| 811 | struct strbuf fingerprint_stdout = STRBUF_INIT; |
| 812 | struct strbuf **fingerprint; |
Jeff King | f3af71c | 2021-10-18 13:15:37 -0400 | [diff] [blame] | 813 | char *fingerprint_ret; |
Fabian Stelzer | 350a251 | 2021-11-19 16:07:06 +0100 | [diff] [blame] | 814 | const char *literal_key = NULL; |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 815 | |
| 816 | /* |
| 817 | * With SSH Signing this can contain a filename or a public key |
| 818 | * For textual representation we usually want a fingerprint |
| 819 | */ |
Fabian Stelzer | 350a251 | 2021-11-19 16:07:06 +0100 | [diff] [blame] | 820 | if (is_literal_ssh_key(signing_key, &literal_key)) { |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 821 | strvec_pushl(&ssh_keygen.args, "ssh-keygen", "-lf", "-", NULL); |
Fabian Stelzer | 350a251 | 2021-11-19 16:07:06 +0100 | [diff] [blame] | 822 | ret = pipe_command(&ssh_keygen, literal_key, |
| 823 | strlen(literal_key), &fingerprint_stdout, 0, |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 824 | NULL, 0); |
| 825 | } else { |
| 826 | strvec_pushl(&ssh_keygen.args, "ssh-keygen", "-lf", |
| 827 | configured_signing_key, NULL); |
| 828 | ret = pipe_command(&ssh_keygen, NULL, 0, &fingerprint_stdout, 0, |
| 829 | NULL, 0); |
| 830 | } |
| 831 | |
| 832 | if (!!ret) |
| 833 | die_errno(_("failed to get the ssh fingerprint for key '%s'"), |
| 834 | signing_key); |
| 835 | |
| 836 | fingerprint = strbuf_split_max(&fingerprint_stdout, ' ', 3); |
| 837 | if (!fingerprint[1]) |
| 838 | die_errno(_("failed to get the ssh fingerprint for key '%s'"), |
| 839 | signing_key); |
| 840 | |
Jeff King | f3af71c | 2021-10-18 13:15:37 -0400 | [diff] [blame] | 841 | fingerprint_ret = strbuf_detach(fingerprint[1], NULL); |
| 842 | strbuf_list_free(fingerprint); |
| 843 | strbuf_release(&fingerprint_stdout); |
| 844 | return fingerprint_ret; |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 845 | } |
| 846 | |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 847 | /* Returns the first public key from an ssh-agent to use for signing */ |
| 848 | static const char *get_default_ssh_signing_key(void) |
| 849 | { |
| 850 | struct child_process ssh_default_key = CHILD_PROCESS_INIT; |
| 851 | int ret = -1; |
| 852 | struct strbuf key_stdout = STRBUF_INIT, key_stderr = STRBUF_INIT; |
| 853 | struct strbuf **keys; |
| 854 | char *key_command = NULL; |
| 855 | const char **argv; |
| 856 | int n; |
| 857 | char *default_key = NULL; |
Fabian Stelzer | 350a251 | 2021-11-19 16:07:06 +0100 | [diff] [blame] | 858 | const char *literal_key = NULL; |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 859 | |
| 860 | if (!ssh_default_key_command) |
| 861 | die(_("either user.signingkey or gpg.ssh.defaultKeyCommand needs to be configured")); |
| 862 | |
| 863 | key_command = xstrdup(ssh_default_key_command); |
| 864 | n = split_cmdline(key_command, &argv); |
| 865 | |
| 866 | if (n < 0) |
| 867 | die("malformed build-time gpg.ssh.defaultKeyCommand: %s", |
| 868 | split_cmdline_strerror(n)); |
| 869 | |
| 870 | strvec_pushv(&ssh_default_key.args, argv); |
| 871 | ret = pipe_command(&ssh_default_key, NULL, 0, &key_stdout, 0, |
| 872 | &key_stderr, 0); |
| 873 | |
| 874 | if (!ret) { |
| 875 | keys = strbuf_split_max(&key_stdout, '\n', 2); |
Fabian Stelzer | 350a251 | 2021-11-19 16:07:06 +0100 | [diff] [blame] | 876 | if (keys[0] && is_literal_ssh_key(keys[0]->buf, &literal_key)) { |
| 877 | /* |
| 878 | * We only use `is_literal_ssh_key` here to check validity |
| 879 | * The prefix will be stripped when the key is used. |
| 880 | */ |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 881 | default_key = strbuf_detach(keys[0], NULL); |
| 882 | } else { |
Jiang Xin | f733719 | 2021-11-01 10:14:17 +0800 | [diff] [blame] | 883 | warning(_("gpg.ssh.defaultKeyCommand succeeded but returned no keys: %s %s"), |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 884 | key_stderr.buf, key_stdout.buf); |
| 885 | } |
| 886 | |
| 887 | strbuf_list_free(keys); |
| 888 | } else { |
| 889 | warning(_("gpg.ssh.defaultKeyCommand failed: %s %s"), |
| 890 | key_stderr.buf, key_stdout.buf); |
| 891 | } |
| 892 | |
| 893 | free(key_command); |
| 894 | free(argv); |
| 895 | strbuf_release(&key_stdout); |
| 896 | |
| 897 | return default_key; |
| 898 | } |
| 899 | |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 900 | static const char *get_ssh_key_id(void) { |
| 901 | return get_ssh_key_fingerprint(get_signing_key()); |
| 902 | } |
| 903 | |
| 904 | /* Returns a textual but unique representation of the signing key */ |
| 905 | const char *get_signing_key_id(void) |
| 906 | { |
Junio C Hamano | fd2d4c1 | 2023-02-09 12:24:14 -0800 | [diff] [blame] | 907 | gpg_interface_lazy_init(); |
| 908 | |
Fabian Stelzer | 4838f62 | 2021-09-10 20:07:38 +0000 | [diff] [blame] | 909 | if (use_format->get_key_id) { |
| 910 | return use_format->get_key_id(); |
| 911 | } |
| 912 | |
| 913 | /* GPG/GPGSM only store a key id on this variable */ |
| 914 | return get_signing_key(); |
| 915 | } |
| 916 | |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 917 | const char *get_signing_key(void) |
| 918 | { |
Junio C Hamano | fd2d4c1 | 2023-02-09 12:24:14 -0800 | [diff] [blame] | 919 | gpg_interface_lazy_init(); |
| 920 | |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 921 | if (configured_signing_key) |
| 922 | return configured_signing_key; |
Fabian Stelzer | fd9e226 | 2021-09-10 20:07:37 +0000 | [diff] [blame] | 923 | if (use_format->get_default_key) { |
| 924 | return use_format->get_default_key(); |
| 925 | } |
| 926 | |
| 927 | return git_committer_info(IDENT_STRICT | IDENT_NO_DATE); |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 928 | } |
| 929 | |
Jaydeep Das | 803978d | 2022-07-11 05:00:50 +0000 | [diff] [blame] | 930 | const char *gpg_trust_level_to_str(enum signature_trust_level level) |
| 931 | { |
| 932 | struct sigcheck_gpg_trust_level *trust; |
| 933 | |
| 934 | if (level < 0 || level >= ARRAY_SIZE(sigcheck_gpg_trust_level)) |
| 935 | BUG("invalid trust level requested %d", level); |
| 936 | |
| 937 | trust = &sigcheck_gpg_trust_level[level]; |
| 938 | if (trust->value != level) |
| 939 | BUG("sigcheck_gpg_trust_level[] unsorted"); |
| 940 | |
| 941 | return sigcheck_gpg_trust_level[level].display_key; |
| 942 | } |
| 943 | |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 944 | int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key) |
| 945 | { |
Junio C Hamano | fd2d4c1 | 2023-02-09 12:24:14 -0800 | [diff] [blame] | 946 | gpg_interface_lazy_init(); |
| 947 | |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 948 | return use_format->sign_buffer(buffer, signature, signing_key); |
| 949 | } |
| 950 | |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 951 | /* |
| 952 | * Strip CR from the line endings, in case we are on Windows. |
| 953 | * NEEDSWORK: make it trim only CRs before LFs and rename |
| 954 | */ |
| 955 | static void remove_cr_after(struct strbuf *buffer, size_t offset) |
| 956 | { |
| 957 | size_t i, j; |
| 958 | |
| 959 | for (i = j = offset; i < buffer->len; i++) { |
| 960 | if (buffer->buf[i] != '\r') { |
| 961 | if (i != j) |
| 962 | buffer->buf[j] = buffer->buf[i]; |
| 963 | j++; |
| 964 | } |
| 965 | } |
| 966 | strbuf_setlen(buffer, j); |
| 967 | } |
| 968 | |
Fabian Stelzer | b5726a5 | 2021-09-10 20:07:34 +0000 | [diff] [blame] | 969 | static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature, |
| 970 | const char *signing_key) |
| 971 | { |
René Scharfe | d318027 | 2014-08-19 21:09:35 +0200 | [diff] [blame] | 972 | struct child_process gpg = CHILD_PROCESS_INIT; |
Jeff King | 0581b54 | 2016-06-17 19:38:55 -0400 | [diff] [blame] | 973 | int ret; |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 974 | size_t bottom; |
Fabian Stelzer | a075e79 | 2022-03-04 11:25:17 +0100 | [diff] [blame] | 975 | const char *cp; |
Michael J Gruber | efee955 | 2016-06-17 19:38:59 -0400 | [diff] [blame] | 976 | struct strbuf gpg_status = STRBUF_INIT; |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 977 | |
Jeff King | ef8d7ac | 2020-07-28 16:24:53 -0400 | [diff] [blame] | 978 | strvec_pushl(&gpg.args, |
Jeff King | f6d8942 | 2020-07-28 16:26:31 -0400 | [diff] [blame] | 979 | use_format->program, |
| 980 | "--status-fd=2", |
| 981 | "-bsau", signing_key, |
| 982 | NULL); |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 983 | |
Jeff King | 0581b54 | 2016-06-17 19:38:55 -0400 | [diff] [blame] | 984 | bottom = signature->len; |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 985 | |
| 986 | /* |
| 987 | * When the username signingkey is bad, program could be terminated |
| 988 | * because gpg exits without reading and then write gets SIGPIPE. |
| 989 | */ |
| 990 | sigchain_push(SIGPIPE, SIG_IGN); |
Jeff King | 0581b54 | 2016-06-17 19:38:55 -0400 | [diff] [blame] | 991 | ret = pipe_command(&gpg, buffer->buf, buffer->len, |
Michael J Gruber | efee955 | 2016-06-17 19:38:59 -0400 | [diff] [blame] | 992 | signature, 1024, &gpg_status, 0); |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 993 | sigchain_pop(SIGPIPE); |
| 994 | |
Fabian Stelzer | a075e79 | 2022-03-04 11:25:17 +0100 | [diff] [blame] | 995 | for (cp = gpg_status.buf; |
| 996 | cp && (cp = strstr(cp, "[GNUPG:] SIG_CREATED ")); |
| 997 | cp++) { |
| 998 | if (cp == gpg_status.buf || cp[-1] == '\n') |
| 999 | break; /* found */ |
| 1000 | } |
| 1001 | ret |= !cp; |
Johannes Schindelin | ad6b320 | 2023-02-15 05:58:34 +0000 | [diff] [blame] | 1002 | if (ret) { |
| 1003 | error(_("gpg failed to sign the data:\n%s"), |
| 1004 | gpg_status.len ? gpg_status.buf : "(no gpg output)"); |
| 1005 | strbuf_release(&gpg_status); |
| 1006 | return -1; |
| 1007 | } |
Michael J Gruber | efee955 | 2016-06-17 19:38:59 -0400 | [diff] [blame] | 1008 | strbuf_release(&gpg_status); |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 1009 | |
| 1010 | /* Strip CR from the line endings, in case we are on Windows. */ |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1011 | remove_cr_after(signature, bottom); |
Junio C Hamano | 2f47eae | 2011-09-07 21:19:47 -0700 | [diff] [blame] | 1012 | |
| 1013 | return 0; |
| 1014 | } |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1015 | |
| 1016 | static int sign_buffer_ssh(struct strbuf *buffer, struct strbuf *signature, |
| 1017 | const char *signing_key) |
| 1018 | { |
| 1019 | struct child_process signer = CHILD_PROCESS_INIT; |
| 1020 | int ret = -1; |
| 1021 | size_t bottom, keylen; |
| 1022 | struct strbuf signer_stderr = STRBUF_INIT; |
| 1023 | struct tempfile *key_file = NULL, *buffer_file = NULL; |
| 1024 | char *ssh_signing_key_file = NULL; |
| 1025 | struct strbuf ssh_signature_filename = STRBUF_INIT; |
Fabian Stelzer | 350a251 | 2021-11-19 16:07:06 +0100 | [diff] [blame] | 1026 | const char *literal_key = NULL; |
Adam Szkoda | dce7b31 | 2023-01-25 12:40:50 +0000 | [diff] [blame] | 1027 | int literal_ssh_key = 0; |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1028 | |
| 1029 | if (!signing_key || signing_key[0] == '\0') |
| 1030 | return error( |
Jiang Xin | b4eda05 | 2022-06-17 18:03:09 +0800 | [diff] [blame] | 1031 | _("user.signingKey needs to be set for ssh signing")); |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1032 | |
Fabian Stelzer | 350a251 | 2021-11-19 16:07:06 +0100 | [diff] [blame] | 1033 | if (is_literal_ssh_key(signing_key, &literal_key)) { |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1034 | /* A literal ssh key */ |
Adam Szkoda | dce7b31 | 2023-01-25 12:40:50 +0000 | [diff] [blame] | 1035 | literal_ssh_key = 1; |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1036 | key_file = mks_tempfile_t(".git_signing_key_tmpXXXXXX"); |
| 1037 | if (!key_file) |
| 1038 | return error_errno( |
| 1039 | _("could not create temporary file")); |
Fabian Stelzer | 350a251 | 2021-11-19 16:07:06 +0100 | [diff] [blame] | 1040 | keylen = strlen(literal_key); |
| 1041 | if (write_in_full(key_file->fd, literal_key, keylen) < 0 || |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1042 | close_tempfile_gently(key_file) < 0) { |
| 1043 | error_errno(_("failed writing ssh signing key to '%s'"), |
| 1044 | key_file->filename.buf); |
| 1045 | goto out; |
| 1046 | } |
| 1047 | ssh_signing_key_file = strbuf_detach(&key_file->filename, NULL); |
| 1048 | } else { |
| 1049 | /* We assume a file */ |
Elijah Newren | f7e552d | 2023-03-21 06:25:59 +0000 | [diff] [blame] | 1050 | ssh_signing_key_file = interpolate_path(signing_key, 1); |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1051 | } |
| 1052 | |
| 1053 | buffer_file = mks_tempfile_t(".git_signing_buffer_tmpXXXXXX"); |
| 1054 | if (!buffer_file) { |
| 1055 | error_errno(_("could not create temporary file")); |
| 1056 | goto out; |
| 1057 | } |
| 1058 | |
| 1059 | if (write_in_full(buffer_file->fd, buffer->buf, buffer->len) < 0 || |
| 1060 | close_tempfile_gently(buffer_file) < 0) { |
| 1061 | error_errno(_("failed writing ssh signing key buffer to '%s'"), |
| 1062 | buffer_file->filename.buf); |
| 1063 | goto out; |
| 1064 | } |
| 1065 | |
| 1066 | strvec_pushl(&signer.args, use_format->program, |
| 1067 | "-Y", "sign", |
| 1068 | "-n", "git", |
| 1069 | "-f", ssh_signing_key_file, |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1070 | NULL); |
Adam Szkoda | dce7b31 | 2023-01-25 12:40:50 +0000 | [diff] [blame] | 1071 | if (literal_ssh_key) |
| 1072 | strvec_push(&signer.args, "-U"); |
| 1073 | strvec_push(&signer.args, buffer_file->filename.buf); |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1074 | |
| 1075 | sigchain_push(SIGPIPE, SIG_IGN); |
| 1076 | ret = pipe_command(&signer, NULL, 0, NULL, 0, &signer_stderr, 0); |
| 1077 | sigchain_pop(SIGPIPE); |
| 1078 | |
| 1079 | if (ret) { |
| 1080 | if (strstr(signer_stderr.buf, "usage:")) |
| 1081 | error(_("ssh-keygen -Y sign is needed for ssh signing (available in openssh version 8.2p1+)")); |
| 1082 | |
Junio C Hamano | 6931049 | 2024-02-07 21:29:00 -0800 | [diff] [blame] | 1083 | ret = error("%s", signer_stderr.buf); |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1084 | goto out; |
| 1085 | } |
| 1086 | |
| 1087 | bottom = signature->len; |
| 1088 | |
| 1089 | strbuf_addbuf(&ssh_signature_filename, &buffer_file->filename); |
| 1090 | strbuf_addstr(&ssh_signature_filename, ".sig"); |
| 1091 | if (strbuf_read_file(signature, ssh_signature_filename.buf, 0) < 0) { |
Phillip Wood | 36fb0d0 | 2022-10-04 10:01:34 +0000 | [diff] [blame] | 1092 | ret = error_errno( |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1093 | _("failed reading ssh signing data buffer from '%s'"), |
| 1094 | ssh_signature_filename.buf); |
Phillip Wood | 36fb0d0 | 2022-10-04 10:01:34 +0000 | [diff] [blame] | 1095 | goto out; |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1096 | } |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1097 | /* Strip CR from the line endings, in case we are on Windows. */ |
| 1098 | remove_cr_after(signature, bottom); |
| 1099 | |
| 1100 | out: |
| 1101 | if (key_file) |
| 1102 | delete_tempfile(&key_file); |
| 1103 | if (buffer_file) |
| 1104 | delete_tempfile(&buffer_file); |
Phillip Wood | 36fb0d0 | 2022-10-04 10:01:34 +0000 | [diff] [blame] | 1105 | if (ssh_signature_filename.len) |
| 1106 | unlink_or_warn(ssh_signature_filename.buf); |
Fabian Stelzer | 29b3157 | 2021-09-10 20:07:36 +0000 | [diff] [blame] | 1107 | strbuf_release(&signer_stderr); |
| 1108 | strbuf_release(&ssh_signature_filename); |
| 1109 | FREE_AND_NULL(ssh_signing_key_file); |
| 1110 | return ret; |
| 1111 | } |