Revision - aba9119 - git-tag -s must fail if gpg cannot sign the tag.

Revision aba91192ae39cd1a2f79e7ed91e966df3cfe10b7 authored by Carlos Rica on 09 September 2007, 00:39:29 UTC, committed by Junio C Hamano on 10 September 2007, 04:30:54 UTC

git-tag -s must fail if gpg cannot sign the tag.

Most of this patch code and message was written by Shawn O. Pearce.
I made some tests to know what the problem was, and then I changed
the code related with the SIGPIPE signal.

If the user has misconfigured `user.signingkey` in their .git/config
or just doesn't have any secret keys on their keyring and they ask
for a signed tag with `git tag -s` we better make sure the resulting
tag was actually signed by gpg.

Prior versions of builtin git-tag allowed this failure to slip
by without error as they were not checking the return value of
the finish_command() so they did not notice when gpg exited with
an error exit status.  They also did not fail if gpg produced an
empty output or if read_in_full received an error from the read
system call while trying to read the pipe back from gpg.

Finally, we did not actually honor any return value from the do_sign
function as it returns ssize_t but was being stored into an unsigned
long.  This caused the compiler to optimize out the die condition,
allowing git-tag to continue along and create the tag object.

However, when gpg gets a wrong username, it exits before any read was done
and then the writing process receives SIGPIPE and program is terminated.
By ignoring this signal, anyway, the function write_or_die gets EPIPE from
write_in_full and exits returning 0 to the system without a message.
Here we better call to write_in_full directly so we can fail
printing a message and return safely to the caller.

With these issues fixed `git-tag -s` will now fail to create the
tag and will report a non-zero exit status to its caller, thereby
allowing automated helper scripts to detect (and recover from)
failure if gpg is not working properly.

Proposed-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Carlos Rica <jasampler@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

1 parent 7b02b85

Files
Changes

Permalinks

builtin-write-tree.c

/*
 * GIT - The information manager from hell
 *
 * Copyright (C) Linus Torvalds, 2005
 */
#include "builtin.h"
#include "cache.h"
#include "tree.h"
#include "cache-tree.h"

static const char write_tree_usage[] =
"git-write-tree [--missing-ok] [--prefix=<prefix>/]";

int write_tree(unsigned char *sha1, int missing_ok, const char *prefix)
{
	int entries, was_valid, newfd;

	/* We can't free this memory, it becomes part of a linked list parsed atexit() */
	struct lock_file *lock_file = xcalloc(1, sizeof(struct lock_file));

	newfd = hold_locked_index(lock_file, 1);

	entries = read_cache();
	if (entries < 0)
		die("git-write-tree: error reading cache");

	if (!active_cache_tree)
		active_cache_tree = cache_tree();

	was_valid = cache_tree_fully_valid(active_cache_tree);

	if (!was_valid) {
		if (cache_tree_update(active_cache_tree,
				      active_cache, active_nr,
				      missing_ok, 0) < 0)
			die("git-write-tree: error building trees");
		if (0 <= newfd) {
			if (!write_cache(newfd, active_cache, active_nr)
					&& !close(newfd)) {
				commit_lock_file(lock_file);
				newfd = -1;
			}
		}
		/* Not being able to write is fine -- we are only interested
		 * in updating the cache-tree part, and if the next caller
		 * ends up using the old index with unupdated cache-tree part
		 * it misses the work we did here, but that is just a
		 * performance penalty and not a big deal.
		 */
	}

	if (prefix) {
		struct cache_tree *subtree =
			cache_tree_find(active_cache_tree, prefix);
		if (!subtree)
			die("git-write-tree: prefix %s not found", prefix);
		hashcpy(sha1, subtree->sha1);
	}
	else
		hashcpy(sha1, active_cache_tree->sha1);

	if (0 <= newfd)
		close(newfd);
	rollback_lock_file(lock_file);

	return 0;
}

int cmd_write_tree(int argc, const char **argv, const char *unused_prefix)
{
	int missing_ok = 0, ret;
	const char *prefix = NULL;
	unsigned char sha1[20];

	git_config(git_default_config);
	while (1 < argc) {
		const char *arg = argv[1];
		if (!strcmp(arg, "--missing-ok"))
			missing_ok = 1;
		else if (!prefixcmp(arg, "--prefix="))
			prefix = arg + 9;
		else
			usage(write_tree_usage);
		argc--; argv++;
	}

	if (argc > 2)
		die("too many options");

	ret = write_tree(sha1, missing_ok, prefix);
	printf("%s\n", sha1_to_hex(sha1));

	return ret;
}

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...