From 5c53b3e04bc06f16d77a6fac741ca64826c2eb03 Mon Sep 17 00:00:00 2001 From: Antoine GIRARD Date: Mon, 23 May 2016 14:29:23 +0200 Subject: [PATCH 1/4] Add verification representation --- verification.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 verification.go diff --git a/verification.go b/verification.go new file mode 100644 index 000000000..5bcd28656 --- /dev/null +++ b/verification.go @@ -0,0 +1,14 @@ +// Copyright 2015 The Gogs Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package git + +// Verification represents the PGP payload information of a signed commit. +type Verification struct { + Verified bool + Reason string + Signature string + Payload string +} + From 5e18fc401ea4c81d024f5772849c1fefd04814bb Mon Sep 17 00:00:00 2001 From: Antoine GIRARD Date: Mon, 23 May 2016 14:30:34 +0200 Subject: [PATCH 2/4] Add verification to commit representation --- commit.go | 1 + 1 file changed, 1 insertion(+) diff --git a/commit.go b/commit.go index e16246f98..a7a97fa1c 100644 --- a/commit.go +++ b/commit.go @@ -22,6 +22,7 @@ type Commit struct { Author *Signature Committer *Signature CommitMessage string + Verification *Verification parents []sha1 // SHA1 strings submoduleCache *objectCache From 39a4452068139f1fae419f1b5ec95814d275ba3d Mon Sep 17 00:00:00 2001 From: Antoine GIRARD Date: Mon, 23 May 2016 20:29:02 +0200 Subject: [PATCH 3/4] Find GPG payload in commit data --- repo_commit.go | 6 ++++++ verification.go | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/repo_commit.go b/repo_commit.go index 1e7e51a8f..7ad7a274c 100644 --- a/repo_commit.go +++ b/repo_commit.go @@ -78,6 +78,12 @@ l: return nil, err } commit.Committer = sig + case "gpgsig": + verif, err := newVerificationFromCommitline(data[nextline+spacepos+1:]) + if err != nil { + return nil, err + } + commit.Verification = verif } nextline += eol + 1 case eol == 0: diff --git a/verification.go b/verification.go index 5bcd28656..ee959a328 100644 --- a/verification.go +++ b/verification.go @@ -4,6 +4,10 @@ package git +import ( + "bytes" +) + // Verification represents the PGP payload information of a signed commit. type Verification struct { Verified bool @@ -12,3 +16,31 @@ type Verification struct { Payload string } +// Helper to get verification data from the commit inforamtion, which looks like these: +//gpgsig -----BEGIN PGP SIGNATURE----- +// Version: GnuPG v2 +// +// iQIcBAABCAAGBQJXD4OAAAoJEFYV4RsDRH59URsP/1on/dZKWKQQeogZVe1F1Yi/ +// vvmvhEkOIaGhFREi7GA5LLyOonKbTmYoH5/xCuZvOJIp5/KbR5qpdahhfT1J/9fh +// iJAIm6MDSXAAiRMASLQVcwBmJTweOwm5LaKZxdY70s8WWqnN4hQt1irodzxpikLl +// EQ2rfbvfOP4/MDYkQUI1Yvb3e+cNK2o0R1DjFbfSE5xX9X+miqnOjIvmBZ7vL3Hp +// GhxJ9dtGyhM7vsGiWk42dCbOnJshCeJnCZIeXKH6Xlo6EJnwiGAvFUy4UQP7bhzO +// ZgE+leWrUiyPs7P1OYIMV6sXPpMZmKh/UVOjEmxzbC8P6/ye5pURYZpkB70P7d2w +// bbxnLmVDK+pIedAdY3VWOhrAg26Jmq/i51un+OsYet3rpPOPC9Q9WzRg/s9aMg+S +// hLle77kjzAqK2m38qIJjVRZFFRM00WW4GnbmSu1xJw125jEfNnqjS5CfioQ+MyYN +// 9ARfLk4hTe5gZ/jgJ8AFQWygEruQxzUAkZLgeFt6TbOm5HSmTh2OpSJCupwJjwNu +// iMXQ0gLF99rUs5vtEXqDs5xfEYxdb1H/dDe++Of+NDcXcoJE4LtdK9kP8/ilYiBu +// MlShuryaeNtdNB6javCBA1mXwI7WIOhYlFzaNQ3KW2+vTA3VjiGJLB5jjYGmgrpz +// 0SuOoRPfFT3QY4xrOXIR +// =aEJU +// -----END PGP SIGNATURE----- +// but without the "gpgsig " at the beginning +// +func newVerificationFromCommitline(line []byte) (_ *Verification, err error) { + verif := new(Verification) + + signatureEnd := bytes.LastIndex(line, []byte("-----END PGP SIGNATURE-----")) + verif.Signature = string(line[:signatureEnd+27]) + + return verif, nil +} From 6862a1f0cde301a794d590cf4298882d32db2966 Mon Sep 17 00:00:00 2001 From: Antoine GIRARD Date: Mon, 23 May 2016 21:22:39 +0200 Subject: [PATCH 4/4] Add commit payload --- repo_commit.go | 2 +- verification.go | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/repo_commit.go b/repo_commit.go index 7ad7a274c..86a0b70a7 100644 --- a/repo_commit.go +++ b/repo_commit.go @@ -79,7 +79,7 @@ l: } commit.Committer = sig case "gpgsig": - verif, err := newVerificationFromCommitline(data[nextline+spacepos+1:]) + verif, err := newVerificationFromCommitline(data, nextline+spacepos+1) if err != nil { return nil, err } diff --git a/verification.go b/verification.go index ee959a328..246aeafdf 100644 --- a/verification.go +++ b/verification.go @@ -36,11 +36,11 @@ type Verification struct { // -----END PGP SIGNATURE----- // but without the "gpgsig " at the beginning // -func newVerificationFromCommitline(line []byte) (_ *Verification, err error) { +func newVerificationFromCommitline(data []byte, signatureStart int) (_ *Verification, err error) { verif := new(Verification) - - signatureEnd := bytes.LastIndex(line, []byte("-----END PGP SIGNATURE-----")) - verif.Signature = string(line[:signatureEnd+27]) + verif.Payload = string(data[:signatureStart-8]) + signatureEnd := bytes.LastIndex(data, []byte("-----END PGP SIGNATURE-----")) + verif.Signature = string(data[signatureStart : signatureEnd+27]) return verif, nil }