From: Junio C Hamano <gitster@pobox.com>
To: santiago@nyu.edu
Cc: git@vger.kernel.org, Jeff King <peff@peff.net>,
Eric Sunshine <sunshine@sunshineco.com>,
Colin Walters <walters@verbum.org>
Subject: Re: [RFC/PATCH] verify-tag: add --check-name flag
Date: Tue, 07 Jun 2016 14:05:20 -0700 [thread overview]
Message-ID: <xmqq7fe0pv5b.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <20160607195608.16643-1-santiago@nyu.edu> (santiago@nyu.edu's message of "Tue, 7 Jun 2016 15:56:08 -0400")
santiago@nyu.edu writes:
> 1.- Using a tag ref as a check-out mechanism is pretty common by package
> managers and other tools. Verifying the tag signature provides
> authentication guarantees, but there is no feedback that the
> signature being verified belongs to the intended tag.
Very true.
The above means that the existing package managers and other tools
need to be updated with some new code that lets them learn how to
tell if the tagname (in their refs/tags/ namespace) matches the
intended "real" tag name, and your --check-name option could be
that.
But if you are adding new code to the existing package managers and
other tools _anyway_, wouldn't it be a more direct solution to let
them learn how to tell what the intended "real" tag name is with
that new code?
It is true that "git cat-file tag v1.4.11" lets you examine all
lines of a given tag object, but the calling program needs to pick
pieces apart with something like:
git cat-file tag v1.4.11 | sed -e '/^$/q' -e 's/^tag //p'
which may be cumbersome. Perhaps, just like "git tag -v v1.4.11" is
a way to see if the contents of the tag is signed properly, if you
add "git tag --show-tagname v1.4.11" that does the above pipeline,
these package managers and other tools can be updated to
tag="$1"
- if ! git tag -v "$tag"
+ if ! git tag -v "$tag" ||
+ test "$tag" != "$(git tag --show-tagname $tag)"
then
echo >&2 "Bad tag."
exit 1
fi
make dest=/usr/local/$package/$tag install
Or it could even do this:
tag="$1"
if ! git tag -v "$tag"
if ! git tag -v "$tag"
then
echo >&2 "Bad tag."
exit 1
fi
+ tag=$(git tag --show-tagname $tag)
make dest=/usr/local/$package/$tag install
i.e. ignore the refname entirely and use the "real" tagname it reads
after validating the signature as the name of the resulting version
getting installed, distributed and/or used.
next prev parent reply other threads:[~2016-06-07 21:05 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-07 19:56 [RFC/PATCH] verify-tag: add --check-name flag santiago
2016-06-07 21:05 ` Junio C Hamano [this message]
2016-06-07 21:17 ` Jeff King
2016-06-07 21:30 ` Santiago Torres
2016-06-07 21:50 ` Junio C Hamano
2016-06-07 21:55 ` Jeff King
2016-06-07 22:05 ` Junio C Hamano
2016-06-07 22:07 ` Jeff King
2016-06-07 22:11 ` Junio C Hamano
2016-06-07 22:13 ` Jeff King
2016-06-07 22:16 ` Santiago Torres
2016-06-07 22:21 ` Junio C Hamano
2016-06-07 22:29 ` Jeff King
2016-06-07 22:35 ` Junio C Hamano
2016-06-08 14:21 ` Santiago Torres
2016-06-08 18:43 ` Junio C Hamano
2016-06-09 11:48 ` Michael J Gruber
2016-06-07 21:20 ` Santiago Torres
2016-06-07 21:08 ` Jeff King
2016-06-07 21:13 ` Santiago Torres
2016-06-07 21:18 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqq7fe0pv5b.fsf@gitster.mtv.corp.google.com \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
--cc=santiago@nyu.edu \
--cc=sunshine@sunshineco.com \
--cc=walters@verbum.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).