mobley

C Git HTTP server
Log | Files | Refs | Submodules | README | git clone https://git.ne02ptzero.me/git/mobley

commit 350dd9df43bddd7a84a0defa737bfdec0be689b3
parent 5ead760019f6460ab47f710d7e7b2a5cf0b571e4
Author: Louis Solofrizzo <lsolofrizzo@online.net>
Date:   Fri, 28 Dec 2018 22:47:41 +0100

Fix GPG signature check on commit list

Signed-off-by: Louis Solofrizzo <lsolofrizzo@online.net>

Diffstat:
Mconfig.yaml | 6++++++
Mrepository_log.c | 62++++++++++++++++++++++++++++++++++++++++++++++++++++----------
2 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/config.yaml b/config.yaml @@ -158,3 +158,9 @@ repositories: name : protocol description : protocol tests owner : morphux + + - dir : firmware.git + name : firmware + description : denkeep firmware + owner : denkeep + default_branch : develop diff --git a/repository_log.c b/repository_log.c @@ -19,26 +19,66 @@ typedef enum { NOT_SIGNED, SIGNATURE_OK, - SIGNATURE_WRONG + SIGNATURE_WRONG, + SIGNATURE_UNKNOWN } signature_type_t; static signature_type_t check_commit_signature(mobley_t *ctx, server_req_t *r, git_oid *oid) { - git_buf sig = { 0 }, data = { 0 }; - gpgme_data_t signature; - gpgme_data_t commit_data; - signature_type_t ret = NOT_SIGNED; + git_buf sig = { 0 }, data = { 0 }; + gpgme_data_t signature = NULL; + gpgme_data_t commit_data = NULL; + gpgme_verify_result_t result; + signature_type_t ret = NOT_SIGNED; if (git_commit_extract_signature(&sig, &data, r->repo->repo, oid, NULL) != 0) return ret; - gpgme_data_new_from_mem(&signature, sig.ptr, sig.size, 0); - gpgme_data_new_from_mem(&commit_data, data.ptr, data.size, 0); + gpgme_data_new_from_mem(&signature, sig.ptr, sig.size, 1); + gpgme_data_new_from_mem(&commit_data, data.ptr, data.size, 1); - if (gpgme_op_verify(ctx->crypto.ctx, signature, NULL, commit_data) == 0) + gpgme_error_t gpgerr = gpgme_op_verify(ctx->crypto.ctx, signature, commit_data, NULL); + if (gpgerr != GPG_ERR_NO_ERROR) + return ret; + + ret = SIGNATURE_WRONG; + result = gpgme_op_verify_result(ctx->crypto.ctx); + + if (result->signatures->status == GPG_ERR_NO_ERROR) ret = SIGNATURE_OK; - else - ret = SIGNATURE_WRONG; + else if (result->signatures->summary & GPGME_SIGSUM_KEY_MISSING) + ret = SIGNATURE_UNKNOWN; + +/* if (result->signatures->summary & GPGME_SIGSUM_GREEN)*/ + /*printf("GREEN\n");*/ + /*else if (result->signatures->summary & GPGME_SIGSUM_RED)*/ + /*printf("RED\n");*/ + /*else if (result->signatures->summary & GPGME_SIGSUM_VALID)*/ + /*printf("VALID\n");*/ + /*else if (result->signatures->summary & GPGME_SIGSUM_KEY_REVOKED)*/ + /*printf("GPGME_SIGSUM_KEY_REVOKED\n");*/ + /*else if (result->signatures->summary & GPGME_SIGSUM_SIG_EXPIRED)*/ + /*printf("GPGME_SIGSUM_SIG_EXPIRED\n");*/ + /*else if (result->signatures->summary & GPGME_SIGSUM_KEY_MISSING)*/ + /*printf("GPGME_SIGSUM_KEY_MISSING\n");*/ + /*else if (result->signatures->summary & GPGME_SIGSUM_CRL_MISSING)*/ + /*printf("GPGME_SIGSUM_CRL_MISSING\n");*/ + /*else if (result->signatures->summary & GPGME_SIGSUM_CRL_TOO_OLD)*/ + /*printf("GPGME_SIGSUM_CRL_TOO_OLD\n");*/ + /*else if (result->signatures->summary & GPGME_SIGSUM_BAD_POLICY)*/ + /*printf("GPGME_SIGSUM_BAD_POLICY\n");*/ + /*else if (result->signatures->summary & GPGME_SIGSUM_SYS_ERROR)*/ + /*printf("GPGME_SIGSUM_SYS_ERROR\n");*/ + /*else if (result->signatures->summary &GPGME_SIGSUM_TOFU_CONFLICT )*/ + /*printf("GPGME_SIGSUM_TOFU_CONFLICT\n");*/ + + /*printf("Key: %s\n", result->signatures->fpr);*/ + /*printf("Next: %p\n", result->signatures->next);*/ + /*printf("Error: %s\n", gpgme_strerror(result->signatures->validity_reason));*/ + /*printf("Error: %s\n", gpgme_strerror(result->signatures->status));*/ + /*printf("'%.*s'\n", (int)sig.size, sig.ptr);*/ + /*printf("'%.*s'\n", (int)data.size, data.ptr);*/ + /*printf("------\n");*/ gpgme_data_release(commit_data); gpgme_data_release(signature); @@ -104,6 +144,8 @@ bool repository_log_list(mobley_t *ctx, server_req_t *r) html_nd("i", .class = "fa fa-fw fa-check") else if (sig == SIGNATURE_WRONG) html_nd("i", .class = "fa fa-fw fa-times") + else if (sig == SIGNATURE_UNKNOWN) + html_nd("i", .class = "fa fa-fw fa-lock") else html_nd("i", .class = "fa fa-fw fa-lock-open"); } html_close("td");