builtin/verify-tag: add --format to verify-tag

Callers of verify-tag may want to cross-check the tagname from refs/tags
with the tagname from the tag object header upon GPG verification. This
is to avoid tag refs that point to an incorrect object.

Add a --format parameter to git verify-tag to print the formatted tag
object header in addition to or instead of the --verbose or --raw GPG
verification output.

Signed-off-by: Santiago Torres <santiago@nyu.edu>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Santiago Torres 2017-01-17 18:37:20 -05:00 committed by Junio C Hamano
parent 2111aa794b
commit ff3c8c8f12
2 changed files with 20 additions and 4 deletions

View file

@ -8,7 +8,7 @@ git-verify-tag - Check the GPG signature of tags
SYNOPSIS
--------
[verse]
'git verify-tag' <tag>...
'git verify-tag' [--format=<format>] <tag>...
DESCRIPTION
-----------

View file

@ -12,9 +12,10 @@
#include <signal.h>
#include "parse-options.h"
#include "gpg-interface.h"
#include "ref-filter.h"
static const char * const verify_tag_usage[] = {
N_("git verify-tag [-v | --verbose] <tag>..."),
N_("git verify-tag [-v | --verbose] [--format=<format>] <tag>..."),
NULL
};
@ -30,9 +31,11 @@ int cmd_verify_tag(int argc, const char **argv, const char *prefix)
{
int i = 1, verbose = 0, had_error = 0;
unsigned flags = 0;
char *fmt_pretty = NULL;
const struct option verify_tag_options[] = {
OPT__VERBOSE(&verbose, N_("print tag contents")),
OPT_BIT(0, "raw", &flags, N_("print raw gpg status output"), GPG_VERIFY_RAW),
OPT_STRING( 0 , "format", &fmt_pretty, N_("format"), N_("format to use for the output")),
OPT_END()
};
@ -46,13 +49,26 @@ int cmd_verify_tag(int argc, const char **argv, const char *prefix)
if (verbose)
flags |= GPG_VERIFY_VERBOSE;
if (fmt_pretty) {
verify_ref_format(fmt_pretty);
flags |= GPG_VERIFY_OMIT_STATUS;
}
while (i < argc) {
unsigned char sha1[20];
const char *name = argv[i++];
if (get_sha1(name, sha1))
if (get_sha1(name, sha1)) {
had_error = !!error("tag '%s' not found.", name);
else if (gpg_verify_tag(sha1, name, flags))
continue;
}
if (gpg_verify_tag(sha1, name, flags)) {
had_error = 1;
continue;
}
if (fmt_pretty)
pretty_print_ref(name, sha1, fmt_pretty);
}
return had_error;
}