From: Christian Couder <christian.couder@gmail•com>
To: git@vger•kernel.org
Cc: Junio C Hamano <gitster@pobox•com>,
Patrick Steinhardt <ps@pks•im>, Elijah Newren <newren@gmail•com>,
Jeff King <peff@peff•net>,
"brian m . carlson" <sandals@crustytoothpaste•net>,
Johannes Schindelin <Johannes.Schindelin@gmx•de>,
Christian Couder <christian.couder@gmail•com>,
Christian Couder <chriscool@tuxfamily•org>
Subject: [PATCH 2/3] commit: refactor verify_commit_buffer()
Date: Wed, 5 Nov 2025 07:19:17 +0100 [thread overview]
Message-ID: <20251105061918.3688870-3-christian.couder@gmail.com> (raw)
In-Reply-To: <20251105061918.3688870-1-christian.couder@gmail.com>
In a following commit, we are going to check commit signatures, but we
won't have a commit yet, only a commit buffer, and we are going to
discard this commit buffer if the signature is invalid. So it would be
wasteful to create a commit that we might discard, just to be able to
check a commit signature.
It would be simpler instead to be able to check commit signatures
using only a commit buffer instead of a commit.
To be able to do that, let's extract some code from the
check_commit_signature() function into a new verify_commit_buffer()
function, and then let's make check_commit_signature() call
verify_commit_buffer().
Note that this doesn't fundamentally change how
check_commit_signature() works. It used to call parse_signed_commit()
which calls repo_get_commit_buffer(), parse_buffer_signed_by_header()
and repo_unuse_commit_buffer(). Now these 3 functions are called
directly by verify_commit_buffer().
Signed-off-by: Christian Couder <chriscool@tuxfamily•org>
---
commit.c | 17 +++++++++++++++--
commit.h | 7 +++++++
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/commit.c b/commit.c
index 16d91b2bfc..709c9eed58 100644
--- a/commit.c
+++ b/commit.c
@@ -1315,7 +1315,8 @@ static void handle_signed_tag(const struct commit *parent, struct commit_extra_h
free(buf);
}
-int check_commit_signature(const struct commit *commit, struct signature_check *sigc)
+int verify_commit_buffer(const char *buffer, size_t size,
+ struct signature_check *sigc)
{
struct strbuf payload = STRBUF_INIT;
struct strbuf signature = STRBUF_INIT;
@@ -1323,7 +1324,8 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
sigc->result = 'N';
- if (parse_signed_commit(commit, &payload, &signature, the_hash_algo) <= 0)
+ if (parse_buffer_signed_by_header(buffer, size, &payload,
+ &signature, the_hash_algo) <= 0)
goto out;
sigc->payload_type = SIGNATURE_PAYLOAD_COMMIT;
@@ -1337,6 +1339,17 @@ int check_commit_signature(const struct commit *commit, struct signature_check *
return ret;
}
+int check_commit_signature(const struct commit *commit, struct signature_check *sigc)
+{
+ unsigned long size;
+ const char *buffer = repo_get_commit_buffer(the_repository, commit, &size);
+ int ret = verify_commit_buffer(buffer, size, sigc);
+
+ repo_unuse_commit_buffer(the_repository, commit, buffer);
+
+ return ret;
+}
+
void verify_merge_signature(struct commit *commit, int verbosity,
int check_trust)
{
diff --git a/commit.h b/commit.h
index 1d6e0c7518..5406dd2663 100644
--- a/commit.h
+++ b/commit.h
@@ -333,6 +333,13 @@ int remove_signature(struct strbuf *buf);
*/
int check_commit_signature(const struct commit *commit, struct signature_check *sigc);
+/*
+ * Same as check_commit_signature() but accepts a commit buffer and
+ * its size, instead of a `struct commit *`.
+ */
+int verify_commit_buffer(const char *buffer, size_t size,
+ struct signature_check *sigc);
+
/* record author-date for each commit object */
struct author_date_slab;
void record_author_date(struct author_date_slab *author_date,
--
2.52.0.rc0.3.gf264cd25e5
next prev parent reply other threads:[~2025-11-05 6:19 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-05 6:19 [PATCH 0/3] fast-import: add 'strip-if-invalid' mode to --signed-commits=<mode> Christian Couder
2025-11-05 6:19 ` [PATCH 1/3] fast-import: refactor finalize_commit_buffer() Christian Couder
2025-11-05 6:19 ` Christian Couder [this message]
2025-11-05 6:19 ` [PATCH 3/3] fast-import: add 'strip-if-invalid' mode to --signed-commits=<mode> Christian Couder
2025-11-08 18:32 ` Junio C Hamano
2025-11-12 7:25 ` Christian Couder
2025-11-12 16:51 ` Junio C Hamano
2025-11-05 14:40 ` [PATCH 0/3] " Junio C Hamano
2025-11-08 0:34 ` Elijah Newren
2025-11-12 7:22 ` Christian Couder
2025-11-12 7:19 ` Christian Couder
2025-11-12 16:51 ` Junio C Hamano
2025-11-17 4:34 ` [PATCH v2 " Christian Couder
2025-11-17 4:34 ` [PATCH v2 1/3] fast-import: refactor finalize_commit_buffer() Christian Couder
2025-11-17 4:34 ` [PATCH v2 2/3] commit: refactor verify_commit_buffer() Christian Couder
2025-11-17 4:34 ` [PATCH v2 3/3] fast-import: add 'strip-if-invalid' mode to --signed-commits=<mode> Christian Couder
2025-11-17 19:52 ` [PATCH v2 0/3] " Elijah Newren
2025-11-18 18:29 ` Christian Couder
2025-11-18 19:03 ` Junio C Hamano
2025-11-18 19:04 ` Elijah Newren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251105061918.3688870-3-christian.couder@gmail.com \
--to=christian.couder@gmail$(echo .)com \
--cc=Johannes.Schindelin@gmx$(echo .)de \
--cc=chriscool@tuxfamily$(echo .)org \
--cc=git@vger$(echo .)kernel.org \
--cc=gitster@pobox$(echo .)com \
--cc=newren@gmail$(echo .)com \
--cc=peff@peff$(echo .)net \
--cc=ps@pks$(echo .)im \
--cc=sandals@crustytoothpaste$(echo .)net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox