Henning Schild <[email protected]> writes:
> The combination of verify_signed_buffer followed by parse_gpg_output is
> available as check_signature. Use that instead of implementing it again.
>
> Signed-off-by: Henning Schild <[email protected]>
> ---
Makes sense.
When d05b9618 ("receive-pack: GPG-validate push certificates",
2014-08-14) implemented the check, there wasn't check_signature()
available. The commit probably should have done what a4cc18f2
("verify-tag: share code with verify-commit", 2015-06-21) later did
to introduce the check_signature() function by factoring it out of
commit.c::check_commit_signature() as a preparatory step.
Will queue. Thanks.
> builtin/receive-pack.c | 17 ++---------------
> 1 file changed, 2 insertions(+), 15 deletions(-)
>
> diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c
> index 68d36e0a5..9f0583deb 100644
> --- a/builtin/receive-pack.c
> +++ b/builtin/receive-pack.c
> @@ -629,8 +629,6 @@ static void prepare_push_cert_sha1(struct child_process
> *proc)
> return;
>
> if (!already_done) {
> - struct strbuf gpg_output = STRBUF_INIT;
> - struct strbuf gpg_status = STRBUF_INIT;
> int bogs /* beginning_of_gpg_sig */;
>
> already_done = 1;
> @@ -639,22 +637,11 @@ static void prepare_push_cert_sha1(struct child_process
> *proc)
> oidclr(&push_cert_oid);
>
> memset(&sigcheck, '\0', sizeof(sigcheck));
> - sigcheck.result = 'N';
>
> bogs = parse_signature(push_cert.buf, push_cert.len);
> - if (verify_signed_buffer(push_cert.buf, bogs,
> - push_cert.buf + bogs, push_cert.len -
> bogs,
> - &gpg_output, &gpg_status) < 0) {
> - ; /* error running gpg */
> - } else {
> - sigcheck.payload = push_cert.buf;
> - sigcheck.gpg_output = gpg_output.buf;
> - sigcheck.gpg_status = gpg_status.buf;
> - parse_gpg_output(&sigcheck);
> - }
> + check_signature(push_cert.buf, bogs, push_cert.buf + bogs,
> + push_cert.len - bogs, &sigcheck);
>
> - strbuf_release(&gpg_output);
> - strbuf_release(&gpg_status);
> nonce_status = check_nonce(push_cert.buf, bogs);
> }
> if (!is_null_oid(&push_cert_oid)) {
