Revision - aba9119 - git-tag -s must fail if gpg cannot sign the tag.

Revision aba91192ae39cd1a2f79e7ed91e966df3cfe10b7 authored by Carlos Rica on 09 September 2007, 00:39:29 UTC, committed by Junio C Hamano on 10 September 2007, 04:30:54 UTC

git-tag -s must fail if gpg cannot sign the tag.

Most of this patch code and message was written by Shawn O. Pearce.
I made some tests to know what the problem was, and then I changed
the code related with the SIGPIPE signal.

If the user has misconfigured `user.signingkey` in their .git/config
or just doesn't have any secret keys on their keyring and they ask
for a signed tag with `git tag -s` we better make sure the resulting
tag was actually signed by gpg.

Prior versions of builtin git-tag allowed this failure to slip
by without error as they were not checking the return value of
the finish_command() so they did not notice when gpg exited with
an error exit status.  They also did not fail if gpg produced an
empty output or if read_in_full received an error from the read
system call while trying to read the pipe back from gpg.

Finally, we did not actually honor any return value from the do_sign
function as it returns ssize_t but was being stored into an unsigned
long.  This caused the compiler to optimize out the die condition,
allowing git-tag to continue along and create the tag object.

However, when gpg gets a wrong username, it exits before any read was done
and then the writing process receives SIGPIPE and program is terminated.
By ignoring this signal, anyway, the function write_or_die gets EPIPE from
write_in_full and exits returning 0 to the system without a message.
Here we better call to write_in_full directly so we can fail
printing a message and return safely to the caller.

With these issues fixed `git-tag -s` will now fail to create the
tag and will report a non-zero exit status to its caller, thereby
allowing automated helper scripts to detect (and recover from)
failure if gpg is not working properly.

Proposed-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Carlos Rica <jasampler@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

1 parent 7b02b85

Files
Changes

Permalinks

RelNotes-1.5.2.1.txt

GIT v1.5.2.1 Release Notes
==========================

Fixes since v1.5.2
------------------

* Bugfixes

  - Temporary files that are used when invoking external diff
    programs did not tolerate a long TMPDIR.

  - git-daemon did not notice when it could not write into its
    pid file.

  - git-status did not honor core.excludesFile configuration like
    git-add did.

  - git-annotate did not work from a subdirectory while
    git-blame did.

  - git-cvsserver should have disabled access to a repository
    with "gitcvs.pserver.enabled = false" set even when
    "gitcvs.enabled = true" was set at the same time.  It
    didn't.

  - git-cvsimport did not work correctly in a repository with
    its branch heads were packed with pack-refs.

  - ident unexpansion to squash "$Id: xxx $" that is in the
    repository copy removed incorrect number of bytes.

  - git-svn misbehaved when the subversion repository did not
    provide MD5 checksums for files.

  - git rebase (and git am) misbehaved on commits that have '\n'
    (literally backslash and en, not a linefeed) in the title.

  - code to decode base85 used in binary patches had one error
    return codepath wrong.

  - RFC2047 Q encoding output by git-format-patch used '_' for a
    space, which is not understood by some programs.  It uses =20
    which is safer.

  - git-fastimport --import-marks was broken; fixed.

  - A lot of documentation updates, clarifications and fixes.

--
exec >/var/tmp/1
O=v1.5.2-65-g996e2d6
echo O=`git describe refs/heads/maint`
git shortlog --no-merges $O..refs/heads/maint

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...