From: Christian Couder <christian.couder@gmail•com>
To: git@vger•kernel.org
Cc: Junio C Hamano <gitster@pobox•com>,
Patrick Steinhardt <ps@pks•im>, Elijah Newren <newren@gmail•com>,
Jeff King <peff@peff•net>,
"brian m . carlson" <sandals@crustytoothpaste•net>,
Johannes Schindelin <Johannes.Schindelin@gmx•de>,
Todd Zullinger <tmz@pobox•com>,
Collin Funk <collin.funk1@gmail•com>,
Christian Couder <christian.couder@gmail•com>,
Christian Couder <chriscool@tuxfamily•org>
Subject: [PATCH v2 4/5] fast-export: handle all kinds of tag signatures
Date: Thu, 9 Oct 2025 14:24:56 +0200 [thread overview]
Message-ID: <20251009122457.1273701-5-christian.couder@gmail.com> (raw)
In-Reply-To: <20251009122457.1273701-1-christian.couder@gmail.com>
Currently the handle_tag() function in "builtin/fast-export.c" searches
only for "\n-----BEGIN PGP SIGNATURE-----\n" in the tag message to find
a tag signature.
This doesn't handle all kinds of OpenPGP signatures as some can start
with "-----BEGIN PGP MESSAGE-----" too, and this doesn't handle SSH and
X.509 signatures either as they use "-----BEGIN SSH SIGNATURE-----" and
"-----BEGIN SIGNED MESSAGE-----" respectively.
To handle all these kinds of tag signatures supported by Git, let's use
the parse_signed_buffer() function to properly find signatures in tag
messages.
Signed-off-by: Christian Couder <chriscool@tuxfamily•org>
---
builtin/fast-export.c | 7 +++----
t/t9350-fast-export.sh | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/builtin/fast-export.c b/builtin/fast-export.c
index dc2486f9a8..7adbc55f0d 100644
--- a/builtin/fast-export.c
+++ b/builtin/fast-export.c
@@ -931,9 +931,8 @@ static void handle_tag(const char *name, struct tag *tag)
/* handle signed tags */
if (message) {
- const char *signature = strstr(message,
- "\n-----BEGIN PGP SIGNATURE-----\n");
- if (signature)
+ size_t sig_offset = parse_signed_buffer(message, message_size);
+ if (sig_offset < message_size)
switch (signed_tag_mode) {
case SIGN_ABORT:
die("encountered signed tag %s; use "
@@ -950,7 +949,7 @@ static void handle_tag(const char *name, struct tag *tag)
oid_to_hex(&tag->object.oid));
/* fallthru */
case SIGN_STRIP:
- message_size = signature + 1 - message;
+ message_size = sig_offset;
break;
}
}
diff --git a/t/t9350-fast-export.sh b/t/t9350-fast-export.sh
index 21ff26939c..3d153a4805 100755
--- a/t/t9350-fast-export.sh
+++ b/t/t9350-fast-export.sh
@@ -279,6 +279,42 @@ test_expect_success 'signed-tags=warn-strip' '
test -s err
'
+test_expect_success GPGSM 'setup X.509 signed tag' '
+ test_config gpg.format x509 &&
+ test_config user.signingkey $GIT_COMMITTER_EMAIL &&
+
+ git tag -s -m "X.509 signed tag" x509-signed $(git rev-parse HEAD) &&
+ ANNOTATED_TAG_COUNT=$((ANNOTATED_TAG_COUNT + 1))
+'
+
+test_expect_success GPGSM 'signed-tags=verbatim with X.509' '
+ git fast-export --signed-tags=verbatim x509-signed > output &&
+ test_grep "SIGNED MESSAGE" output
+'
+
+test_expect_success GPGSM 'signed-tags=strip with X.509' '
+ git fast-export --signed-tags=strip x509-signed > output &&
+ test_grep ! "SIGNED MESSAGE" output
+'
+
+test_expect_success GPGSSH 'setup SSH signed tag' '
+ test_config gpg.format ssh &&
+ test_config user.signingkey "${GPGSSH_KEY_PRIMARY}" &&
+
+ git tag -s -m "SSH signed tag" ssh-signed $(git rev-parse HEAD) &&
+ ANNOTATED_TAG_COUNT=$((ANNOTATED_TAG_COUNT + 1))
+'
+
+test_expect_success GPGSSH 'signed-tags=verbatim with SSH' '
+ git fast-export --signed-tags=verbatim ssh-signed > output &&
+ test_grep "SSH SIGNATURE" output
+'
+
+test_expect_success GPGSSH 'signed-tags=strip with SSH' '
+ git fast-export --signed-tags=strip ssh-signed > output &&
+ test_grep ! "SSH SIGNATURE" output
+'
+
test_expect_success GPG 'set up signed commit' '
# Generate a commit with both "gpgsig" and "encoding" set, so
--
2.51.0.438.g6987fc0bae
next prev parent reply other threads:[~2025-10-09 12:25 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-07 12:29 [PATCH 0/5] fast-import: start controlling how tag signatures are handled Christian Couder
2025-10-07 12:29 ` [PATCH 1/5] doc: git-tag: stop focussing on GPG signed tags Christian Couder
2025-10-08 7:14 ` Patrick Steinhardt
2025-10-08 9:52 ` Christian Couder
2025-10-08 11:48 ` Patrick Steinhardt
2025-10-07 12:29 ` [PATCH 2/5] lib-gpg: allow tests with the GPGSM prereq first Christian Couder
2025-10-08 7:14 ` Patrick Steinhardt
2025-10-08 9:42 ` Christian Couder
2025-10-09 1:29 ` Collin Funk
2025-10-09 2:37 ` Todd Zullinger
2025-10-09 12:29 ` Christian Couder
2025-10-09 18:18 ` Junio C Hamano
2025-10-09 12:30 ` Christian Couder
2025-10-07 12:29 ` [PATCH 3/5] t9350: properly count annotated tags Christian Couder
2025-10-08 7:14 ` Patrick Steinhardt
2025-10-08 10:00 ` Christian Couder
2025-10-07 12:29 ` [PATCH 4/5] fast-export: handle all kinds of tag signatures Christian Couder
2025-10-08 7:14 ` Patrick Steinhardt
2025-10-08 10:02 ` Christian Couder
2025-10-09 12:33 ` Christian Couder
2025-10-07 12:29 ` [PATCH 5/5] fast-import: add '--signed-tags=<mode>' option Christian Couder
2025-10-08 7:14 ` Patrick Steinhardt
2025-10-08 10:50 ` Christian Couder
2025-10-08 11:53 ` Patrick Steinhardt
2025-10-09 12:24 ` [PATCH v2 0/5] fast-import: start controlling how tag signatures are handled Christian Couder
2025-10-09 12:24 ` [PATCH v2 1/5] doc: git-tag: stop focusing on GPG signed tags Christian Couder
2025-10-10 1:19 ` Junio C Hamano
2025-10-10 7:06 ` Christian Couder
2025-10-09 12:24 ` [PATCH v2 2/5] lib-gpg: allow tests with GPGSM or GPGSSH prereq first Christian Couder
2025-10-10 6:49 ` Patrick Steinhardt
2025-10-10 14:09 ` Todd Zullinger
2025-10-10 16:22 ` Junio C Hamano
2025-10-11 2:14 ` Todd Zullinger
2025-10-12 0:15 ` Junio C Hamano
2025-10-09 12:24 ` [PATCH v2 3/5] t9350: properly count annotated tags Christian Couder
2025-10-09 12:24 ` Christian Couder [this message]
2025-10-09 12:24 ` [PATCH v2 5/5] fast-import: add '--signed-tags=<mode>' option Christian Couder
2025-10-09 21:35 ` [PATCH v2 0/5] fast-import: start controlling how tag signatures are handled Junio C Hamano
2025-10-13 8:48 ` [PATCH v3 " Christian Couder
2025-10-13 8:48 ` [PATCH v3 1/5] doc: git-tag: stop focusing on GPG signed tags Christian Couder
2025-10-24 2:03 ` Elijah Newren
2025-10-13 8:48 ` [PATCH v3 2/5] lib-gpg: allow tests with GPGSM or GPGSSH prereq first Christian Couder
2025-10-13 8:48 ` [PATCH v3 3/5] t9350: properly count annotated tags Christian Couder
2025-10-24 2:03 ` Elijah Newren
2025-10-13 8:48 ` [PATCH v3 4/5] fast-export: handle all kinds of tag signatures Christian Couder
2025-10-24 2:03 ` Elijah Newren
2025-10-13 8:48 ` [PATCH v3 5/5] fast-import: add '--signed-tags=<mode>' option Christian Couder
2025-10-24 2:03 ` Elijah Newren
2025-10-24 9:27 ` Christian Couder
2025-10-24 15:03 ` Junio C Hamano
2025-10-13 9:09 ` [PATCH v3 0/5] fast-import: start controlling how tag signatures are handled Christian Couder
2025-10-24 2:06 ` Elijah Newren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251009122457.1273701-5-christian.couder@gmail.com \
--to=christian.couder@gmail$(echo .)com \
--cc=Johannes.Schindelin@gmx$(echo .)de \
--cc=chriscool@tuxfamily$(echo .)org \
--cc=collin.funk1@gmail$(echo .)com \
--cc=git@vger$(echo .)kernel.org \
--cc=gitster@pobox$(echo .)com \
--cc=newren@gmail$(echo .)com \
--cc=peff@peff$(echo .)net \
--cc=ps@pks$(echo .)im \
--cc=sandals@crustytoothpaste$(echo .)net \
--cc=tmz@pobox$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox