commit: refactor verify_commit_buffer()
In a following commit, we are going to check commit signatures, but we
won't have a commit yet, only a commit buffer, and we are going to
discard this commit buffer if the signature is invalid. So it would be
wasteful to create a commit that we might discard, just to be able to
check a commit signature.
It would be simpler instead to be able to check commit signatures
using only a commit buffer instead of a commit.
To be able to do that, let's extract some code from the
check_commit_signature() function into a new verify_commit_buffer()
function, and then let's make check_commit_signature() call
verify_commit_buffer().
Note that this doesn't fundamentally change how
check_commit_signature() works. It used to call parse_signed_commit()
which calls repo_get_commit_buffer(), parse_buffer_signed_by_header()
and repo_unuse_commit_buffer(). Now these 3 functions are called
directly by verify_commit_buffer().
Signed-off-by: Christian Couder <chriscool@tuxfamily.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
diff --git a/commit.c b/commit.c
index 16d91b2..709c9ee 100644
--- a/commit.c
+++ b/commit.c
@@ -1315,7 +1315,8 @@ static void handle_signed_tag(const struct commit *parent, struct commit_extra_h
free(buf);
}
-int check_commit_signature(const struct commit *commit, struct signature_check *sigc)
+int verify_commit_buffer(const char *buffer, size_t size,
+ struct signature_check *sigc)
{
struct strbuf payload = STRBUF_INIT;
struct strbuf signature = STRBUF_INIT;
@@ -1323,7 +1324,8 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
sigc->result = 'N';
- if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
+ if (parse_buffer_signed_by_header(buffer, size, &payload,
+ &signature, the_hash_algo) <= 0)
goto out;
sigc->payload_type = SIGNATURE_PAYLOAD_COMMIT;
@@ -1337,6 +1339,17 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
return ret;
}
+int check_commit_signature(const struct commit *commit, struct signature_check *sigc)
+{
+ unsigned long size;
+ const char *buffer = repo_get_commit_buffer(the_repository, commit, &size);
+ int ret = verify_commit_buffer(buffer, size, sigc);
+
+ repo_unuse_commit_buffer(the_repository, commit, buffer);
+
+ return ret;
+}
+
void verify_merge_signature(struct commit *commit, int verbosity,
int check_trust)
{
diff --git a/commit.h b/commit.h
index 1d6e0c7..5406dd2 100644
--- a/commit.h
+++ b/commit.h
@@ -333,6 +333,13 @@ int remove_signature(struct strbuf *buf);
*/
int check_commit_signature(const struct commit *commit, struct signature_check *sigc);
+/*
+ * Same as check_commit_signature() but accepts a commit buffer and
+ * its size, instead of a `struct commit *`.
+ */
+int verify_commit_buffer(const char *buffer, size_t size,
+ struct signature_check *sigc);
+
/* record author-date for each commit object */
struct author_date_slab;
void record_author_date(struct author_date_slab *author_date,
