Error when verifying tags signed using 1.7.3.1

Error when verifying tags signed using 1.7.3.1

[Stephan Hugel]

Hello, git list.
I seem to be unable to verify tags I create and sign using the git -s
command in 1.7.3.1
Existing tags (i.e. created with 1.7.2.x, using the same key and GnuPG
version) can be verified, but attempts to verify created tags result
in the following:

object 791abd4848d86ea98071f35bbce4d4b274ef0788
type commit
tag v1.4
tagger name <name@host.com> 1286228562 +0100

Better header detection and regex
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (Darwin)

iD8DBQBMqkph8Y2TgZsQ1pARAgxrAJ40ATxZw219CWI6FCaDAtbY8UHdoACePF6Q
PyNkf67w7AA8hkQqLAYGcyI=
=VLWl
-----END PGP MESSAGE-----
gpg: Signature made Mon  4 Oct 22:42:57 2010 IST using DSA key ID 9B10D690
gpg: BAD signature from "name <name@host.com>"
error: could not verify the tag 'v1.4'


I have confirmed that my key is valid (have
signed/encrypted/decrypted/verified using it after this error
occurred). I have also tried to create a tag using a newly-created
key, with the same result. I have attempted to created signed tags in
multiple repos. Is this a known bug?

Re: Error when verifying tags signed using 1.7.3.1

[Daniel Johnson]

[-- Attachment #1: Type: Text/Plain, Size: 1734 bytes --]

On Monday 04 October 2010 18:13:21 Stephan Hugel wrote:
> Hello, git list.
> I seem to be unable to verify tags I create and sign using the git -s
> command in 1.7.3.1
> Existing tags (i.e. created with 1.7.2.x, using the same key and GnuPG
> version) can be verified, but attempts to verify created tags result
> in the following:
> 
> object 791abd4848d86ea98071f35bbce4d4b274ef0788
> type commit
> tag v1.4
> tagger name <name@host.com> 1286228562 +0100
> 
> Better header detection and regex
> -----BEGIN PGP MESSAGE-----
> Version: GnuPG v1.4.9 (Darwin)
> 
> iD8DBQBMqkph8Y2TgZsQ1pARAgxrAJ40ATxZw219CWI6FCaDAtbY8UHdoACePF6Q
> PyNkf67w7AA8hkQqLAYGcyI=
> =VLWl
> -----END PGP MESSAGE-----
> gpg: Signature made Mon  4 Oct 22:42:57 2010 IST using DSA key ID 9B10D690
> gpg: BAD signature from "name <name@host.com>"
> error: could not verify the tag 'v1.4'
> 
> 
> I have confirmed that my key is valid (have
> signed/encrypted/decrypted/verified using it after this error
> occurred). I have also tried to create a tag using a newly-created
> key, with the same result. I have attempted to created signed tags in
> multiple repos. Is this a known bug?

I can't reproduce this:

$ git --version
git version 1.7.3.1
$ git tag -s test_tag -m "test_message"
$ git tag -v test_tag
object dbc2fa2a8507f258a353238cde2d9ba5894a8296
type commit
tag test_tag
tagger Daniel Johnson <ComputerDruid@gmail.com> 1286231912 -0400

test_message
gpg: Signature made Mon 04 Oct 2010 06:38:38 PM EDT using DSA key ID 4A094EDC
gpg: Good signature from "Daniel Johnson <ComputerDruid@gmail.com>"

Is this not what you are doing? do you have any more info about what you are 
doing to cause this failure?

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: Error when verifying tags signed using 1.7.3.1

[Stephan Hugel]

On 4 October 2010 23:51, Daniel Johnson <computerdruid@gmail.com> wrote:
> On Monday 04 October 2010 18:13:21 Stephan Hugel wrote:
>> Hello, git list.
>> I seem to be unable to verify tags I create and sign using the git -s
>> command in 1.7.3.1
>> Existing tags (i.e. created with 1.7.2.x, using the same key and GnuPG
>> version) can be verified, but attempts to verify created tags result
>> in the following:
>>
>> object 791abd4848d86ea98071f35bbce4d4b274ef0788
>> type commit
>> tag v1.4
>> tagger name <name@host.com> 1286228562 +0100
>>
>> Better header detection and regex
>> -----BEGIN PGP MESSAGE-----
>> Version: GnuPG v1.4.9 (Darwin)
>>
>> iD8DBQBMqkph8Y2TgZsQ1pARAgxrAJ40ATxZw219CWI6FCaDAtbY8UHdoACePF6Q
>> PyNkf67w7AA8hkQqLAYGcyI=
>> =VLWl
>> -----END PGP MESSAGE-----
>> gpg: Signature made Mon  4 Oct 22:42:57 2010 IST using DSA key ID 9B10D690
>> gpg: BAD signature from "name <name@host.com>"
>> error: could not verify the tag 'v1.4'
>>
>>
>> I have confirmed that my key is valid (have
>> signed/encrypted/decrypted/verified using it after this error
>> occurred). I have also tried to create a tag using a newly-created
>> key, with the same result. I have attempted to created signed tags in
>> multiple repos. Is this a known bug?
>
> I can't reproduce this:
>
> $ git --version
> git version 1.7.3.1
> $ git tag -s test_tag -m "test_message"
> $ git tag -v test_tag
> object dbc2fa2a8507f258a353238cde2d9ba5894a8296
> type commit
> tag test_tag
> tagger Daniel Johnson <ComputerDruid@gmail.com> 1286231912 -0400
>
> test_message
> gpg: Signature made Mon 04 Oct 2010 06:38:38 PM EDT using DSA key ID 4A094EDC
> gpg: Good signature from "Daniel Johnson <ComputerDruid@gmail.com>"
>
> Is this not what you are doing? do you have any more info about what you are
> doing to cause this failure?
>

Daniel,
Those are the exact steps I'm using.

When I run tag -v on existing tags, I don't see the

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (Darwin)

iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
yZeXw/EddYrfdad/VvOrL1o=
=/0PJ
-----END PGP MESSAGE——

block. It's only present on tags created using the current version.
I've also just upgraded to GnuPG 1.4.10, but the result is the same.
I'm not sure how else I can determine where the problem arises; I'm
using the git and GnuPG versions for OS X built by homebrew, and GnuPG
is happy to use the same key for en/decryption and signing. I've also
verified that none of the subkeys are expired, and that the trust db
is OK.

-- 

steph

Re: Error when verifying tags signed using 1.7.3.1

[Daniel Johnson]

[-- Attachment #1: Type: Text/Plain, Size: 917 bytes --]

On Monday 04 October 2010 19:04:51 Stephan Hugel wrote: 
> Daniel,
> Those are the exact steps I'm using.
> 
> When I run tag -v on existing tags, I don't see the
> 
> -----BEGIN PGP MESSAGE-----
> Version: GnuPG v1.4.9 (Darwin)
> 
> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
> yZeXw/EddYrfdad/VvOrL1o=
> =/0PJ
> -----END PGP MESSAGE——
> 
> block. It's only present on tags created using the current version.
> I've also just upgraded to GnuPG 1.4.10, but the result is the same.
> I'm not sure how else I can determine where the problem arises; I'm
> using the git and GnuPG versions for OS X built by homebrew, and GnuPG
> is happy to use the same key for en/decryption and signing. I've also
> verified that none of the subkeys are expired, and that the trust db
> is OK.

If you have the tests available, can you try running t7004 to see if it fails 
there too?

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: Error when verifying tags signed using 1.7.3.1

[Stephan Hugel]

On 5 October 2010 00:59, Daniel Johnson <computerdruid@gmail.com> wrote:
> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote:
>> Daniel,
>> Those are the exact steps I'm using.
>>
>> When I run tag -v on existing tags, I don't see the
>>
>> -----BEGIN PGP MESSAGE-----
>> Version: GnuPG v1.4.9 (Darwin)
>>
>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
>> yZeXw/EddYrfdad/VvOrL1o=
>> =/0PJ
>> -----END PGP MESSAGE——
>>
>> block. It's only present on tags created using the current version.
>> I've also just upgraded to GnuPG 1.4.10, but the result is the same.
>> I'm not sure how else I can determine where the problem arises; I'm
>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG
>> is happy to use the same key for en/decryption and signing. I've also
>> verified that none of the subkeys are expired, and that the trust db
>> is OK.
>
> If you have the tests available, can you try running t7004 to see if it fails
> there too?
>
I rebuilt and installed from source
Passed all 105 tests in t7004-tag.sh
Problem remains with tags I create

This would seem to imply a problem with my key, even though nothing
else is complaining about it.
-- 

steph

Re: Error when verifying tags signed using 1.7.3.1

[Michael J Gruber]

Stephan Hugel venit, vidit, dixit 05.10.2010 02:17:
> On 5 October 2010 00:59, Daniel Johnson <computerdruid@gmail.com> wrote:
>> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote:
>>> Daniel,
>>> Those are the exact steps I'm using.
>>>
>>> When I run tag -v on existing tags, I don't see the
>>>
>>> -----BEGIN PGP MESSAGE-----
>>> Version: GnuPG v1.4.9 (Darwin)
>>>
>>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
>>> yZeXw/EddYrfdad/VvOrL1o=
>>> =/0PJ
>>> -----END PGP MESSAGE——
>>>
>>> block. It's only present on tags created using the current version.
>>> I've also just upgraded to GnuPG 1.4.10, but the result is the same.
>>> I'm not sure how else I can determine where the problem arises; I'm
>>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG
>>> is happy to use the same key for en/decryption and signing. I've also
>>> verified that none of the subkeys are expired, and that the trust db
>>> is OK.
>>
>> If you have the tests available, can you try running t7004 to see if it fails
>> there too?
>>
> I rebuilt and installed from source
> Passed all 105 tests in t7004-tag.sh
> Problem remains with tags I create
> 
> This would seem to imply a problem with my key, even though nothing
> else is complaining about it.

Here's a very basic way to check: If foo is your tag, do

git cat-file tag foo > a
git cat-file tag foo > a.sig

From the file "a", delete the signature (everything lines between and
including "-----BEGIN/END PGP SIGNATURE-----"), invoking an editor or
your favorite sed/awk/perl magic.

a is the data on which git invoked gpg for signing the tag. (I'm not
sure why gpg can't notice the inline sig directly but that doesn't
matter; maybe because it is none ;))

Now, gpg --verify a.sig should check the signature a.sig for a. Doing
that, maybe with --verbose, you may find out whether the tag object is
bogus or git misunderstands gpg's response. If your key is on a key
server you can also share the file a.sig with us so that we can check.

Michael

Re: Error when verifying tags signed using 1.7.3.1

[Pat Thoyts]

>On Monday 04 October 2010 19:04:51 Stephan Hugel wrote: 
>> Daniel,
>> Those are the exact steps I'm using.
>> 
>> When I run tag -v on existing tags, I don't see the
>> 
>> -----BEGIN PGP MESSAGE-----
>> Version: GnuPG v1.4.9 (Darwin)
>> 
>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
>> yZeXw/EddYrfdad/VvOrL1o=
>> =/0PJ
>> -----END PGP MESSAGE——
>> 
>> block. It's only present on tags created using the current version.
>> I've also just upgraded to GnuPG 1.4.10, but the result is the same.
>> I'm not sure how else I can determine where the problem arises; I'm
>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG
>> is happy to use the same key for en/decryption and signing. I've also
>> verified that none of the subkeys are expired, and that the trust db
>> is OK.

When I try this using 1.7.3.1 the tag signature header says "PGP
SIGNATURE" and not "PGP MESSAGE". I wonder if you just have some odd
gpg settings.

C:\src\git-gui>git version
git version 1.7.2.3.msysgit.0

C:\src\git-gui>git tag -s -a -m "test" test1

You need a passphrase to unlock the secret key for
user: "Pat Thoyts <patthoyts@googlemail.com>"
1024-bit RSA key, ID F084E489, created 1995-04-11


C:\src\git-gui>git cat-file tag test1
object 00e9de72c8f9b7c048bb56a59be9567d69dc1e01
type commit
tag test1
tagger Pat Thoyts <patthoyts@users.sourceforge.net> 1286268190 +0100

test
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iQCVAwUATKrlHmB90JXwhOSJAQJx2QP+OVRpcPyGgi2HF3OyOQ7immsMHpXb4ySx
nhvt7iWEfMlzm/8/+LlW6NnYkcTkAW3g3pgECXTAzXgUqhj9ectrprLg5XFT717O
SHJ4qyai08stlC86kHVLyYhdi2C96rgtN9+63CQUl4R7Ofv/l+IRE22IYES5942Z
LZgpbtPyp7w=
=Oydf
-----END PGP SIGNATURE-----

C:\src\git-gui>git verify-tag test1
gpg: Signature made 10/05/10 09:43:10 using RSA key ID F084E489
gpg: Good signature from "Pat Thoyts <patthoyts@googlemail.com>"
gpg:                 aka "Pat Thoyts <patthoyts@users.sourceforge.net>"

-- 
Pat Thoyts                            http://www.patthoyts.tk/
PGP fingerprint 2C 6E 98 07 2C 59 C8 97  10 CE 11 E6 04 E0 B9 DD

Re: Error when verifying tags signed using 1.7.3.1

[Stephan Hugel]

On 5 October 2010 09:00, Michael J Gruber <git@drmicha.warpmail.net> wrote:
> Stephan Hugel venit, vidit, dixit 05.10.2010 02:17:
>> On 5 October 2010 00:59, Daniel Johnson <computerdruid@gmail.com> wrote:
>>> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote:
>>>> Daniel,
>>>> Those are the exact steps I'm using.
>>>>
>>>> When I run tag -v on existing tags, I don't see the
>>>>
>>>> -----BEGIN PGP MESSAGE-----
>>>> Version: GnuPG v1.4.9 (Darwin)
>>>>
>>>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
>>>> yZeXw/EddYrfdad/VvOrL1o=
>>>> =/0PJ
>>>> -----END PGP MESSAGE——
>>>>
>>>> block. It's only present on tags created using the current version.
>>>> I've also just upgraded to GnuPG 1.4.10, but the result is the same.
>>>> I'm not sure how else I can determine where the problem arises; I'm
>>>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG
>>>> is happy to use the same key for en/decryption and signing. I've also
>>>> verified that none of the subkeys are expired, and that the trust db
>>>> is OK.
>>>
>>> If you have the tests available, can you try running t7004 to see if it fails
>>> there too?
>>>
>> I rebuilt and installed from source
>> Passed all 105 tests in t7004-tag.sh
>> Problem remains with tags I create
>>
>> This would seem to imply a problem with my key, even though nothing
>> else is complaining about it.
>
> Here's a very basic way to check: If foo is your tag, do
>
> git cat-file tag foo > a
> git cat-file tag foo > a.sig
>
> From the file "a", delete the signature (everything lines between and
> including "-----BEGIN/END PGP SIGNATURE-----"), invoking an editor or
> your favorite sed/awk/perl magic.
>
> a is the data on which git invoked gpg for signing the tag. (I'm not
> sure why gpg can't notice the inline sig directly but that doesn't
> matter; maybe because it is none ;))
>
> Now, gpg --verify a.sig should check the signature a.sig for a. Doing
> that, maybe with --verbose, you may find out whether the tag object is
> bogus or git misunderstands gpg's response. If your key is on a key
> server you can also share the file a.sig with us so that we can check.
>
> Michael
>
Michael,
When I do this, gpg is able to verify the signature. So does this mean
that gnupg is failing to ignore the PGP block (possibly because it
expects "SIGNATURE", not "MESSAGE"?)


-- 

steph

Re: Error when verifying tags signed using 1.7.3.1

[Michael J Gruber]

Stephan Hugel venit, vidit, dixit 05.10.2010 15:28:
> On 5 October 2010 09:00, Michael J Gruber <git@drmicha.warpmail.net> wrote:
>> Stephan Hugel venit, vidit, dixit 05.10.2010 02:17:
>>> On 5 October 2010 00:59, Daniel Johnson <computerdruid@gmail.com> wrote:
>>>> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote:
>>>>> Daniel,
>>>>> Those are the exact steps I'm using.
>>>>>
>>>>> When I run tag -v on existing tags, I don't see the
>>>>>
>>>>> -----BEGIN PGP MESSAGE-----
>>>>> Version: GnuPG v1.4.9 (Darwin)
>>>>>
>>>>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
>>>>> yZeXw/EddYrfdad/VvOrL1o=
>>>>> =/0PJ
>>>>> -----END PGP MESSAGE——
>>>>>
>>>>> block. It's only present on tags created using the current version.
>>>>> I've also just upgraded to GnuPG 1.4.10, but the result is the same.
>>>>> I'm not sure how else I can determine where the problem arises; I'm
>>>>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG
>>>>> is happy to use the same key for en/decryption and signing. I've also
>>>>> verified that none of the subkeys are expired, and that the trust db
>>>>> is OK.
>>>>
>>>> If you have the tests available, can you try running t7004 to see if it fails
>>>> there too?
>>>>
>>> I rebuilt and installed from source
>>> Passed all 105 tests in t7004-tag.sh
>>> Problem remains with tags I create
>>>
>>> This would seem to imply a problem with my key, even though nothing
>>> else is complaining about it.
>>
>> Here's a very basic way to check: If foo is your tag, do
>>
>> git cat-file tag foo > a
>> git cat-file tag foo > a.sig
>>
>> From the file "a", delete the signature (everything lines between and
>> including "-----BEGIN/END PGP SIGNATURE-----"), invoking an editor or
>> your favorite sed/awk/perl magic.
>>
>> a is the data on which git invoked gpg for signing the tag. (I'm not
>> sure why gpg can't notice the inline sig directly but that doesn't
>> matter; maybe because it is none ;))
>>
>> Now, gpg --verify a.sig should check the signature a.sig for a. Doing
>> that, maybe with --verbose, you may find out whether the tag object is
>> bogus or git misunderstands gpg's response. If your key is on a key
>> server you can also share the file a.sig with us so that we can check.
>>
>> Michael
>>
> Michael,
> When I do this, gpg is able to verify the signature. So does this mean
> that gnupg is failing to ignore the PGP block (possibly because it
> expects "SIGNATURE", not "MESSAGE"?)

Do you have "MESSAGE" in there???

Can you share the output of "git verify-tag --verbose yourtag" with us?
In any case, this command should give the same as the edited "a" above
on stdout, and gpg's repsonse on stderr. It should not contain any
"----BEGIN/END...".

You haven't tinkered with your gpg options lately, have you? ;)

Michael

Re: Error when verifying tags signed using 1.7.3.1

[Stephan Hugel]

On 5 October 2010 16:07, Michael J Gruber <git@drmicha.warpmail.net> wrote:
> Stephan Hugel venit, vidit, dixit 05.10.2010 15:28:
>> On 5 October 2010 09:00, Michael J Gruber <git@drmicha.warpmail.net> wrote:
>>> Stephan Hugel venit, vidit, dixit 05.10.2010 02:17:
>>>> On 5 October 2010 00:59, Daniel Johnson <computerdruid@gmail.com> wrote:
>>>>> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote:
>>>>>> Daniel,
>>>>>> Those are the exact steps I'm using.
>>>>>>
>>>>>> When I run tag -v on existing tags, I don't see the
>>>>>>
>>>>>> -----BEGIN PGP MESSAGE-----
>>>>>> Version: GnuPG v1.4.9 (Darwin)
>>>>>>
>>>>>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
>>>>>> yZeXw/EddYrfdad/VvOrL1o=
>>>>>> =/0PJ
>>>>>> -----END PGP MESSAGE——
>>>>>>
>>>>>> block. It's only present on tags created using the current version.
>>>>>> I've also just upgraded to GnuPG 1.4.10, but the result is the same.
>>>>>> I'm not sure how else I can determine where the problem arises; I'm
>>>>>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG
>>>>>> is happy to use the same key for en/decryption and signing. I've also
>>>>>> verified that none of the subkeys are expired, and that the trust db
>>>>>> is OK.
>>>>>
>>>>> If you have the tests available, can you try running t7004 to see if it fails
>>>>> there too?
>>>>>
>>>> I rebuilt and installed from source
>>>> Passed all 105 tests in t7004-tag.sh
>>>> Problem remains with tags I create
>>>>
>>>> This would seem to imply a problem with my key, even though nothing
>>>> else is complaining about it.
>>>
>>> Here's a very basic way to check: If foo is your tag, do
>>>
>>> git cat-file tag foo > a
>>> git cat-file tag foo > a.sig
>>>
>>> From the file "a", delete the signature (everything lines between and
>>> including "-----BEGIN/END PGP SIGNATURE-----"), invoking an editor or
>>> your favorite sed/awk/perl magic.
>>>
>>> a is the data on which git invoked gpg for signing the tag. (I'm not
>>> sure why gpg can't notice the inline sig directly but that doesn't
>>> matter; maybe because it is none ;))
>>>
>>> Now, gpg --verify a.sig should check the signature a.sig for a. Doing
>>> that, maybe with --verbose, you may find out whether the tag object is
>>> bogus or git misunderstands gpg's response. If your key is on a key
>>> server you can also share the file a.sig with us so that we can check.
>>>
>>> Michael
>>>
>> Michael,
>> When I do this, gpg is able to verify the signature. So does this mean
>> that gnupg is failing to ignore the PGP block (possibly because it
>> expects "SIGNATURE", not "MESSAGE"?)
>
> Do you have "MESSAGE" in there???
>
> Can you share the output of "git verify-tag --verbose yourtag" with us?
> In any case, this command should give the same as the edited "a" above
> on stdout, and gpg's repsonse on stderr. It should not contain any
> "----BEGIN/END...".
>
> You haven't tinkered with your gpg options lately, have you? ;)
>
> Michael
>

Michael,
Yes, it's "MESSAGE".
Here's the complete process:

$ git --version
git version 1.7.3.1

$ git tag -s test_tag

[editor opens, I enter message, save, close]

You need a passphrase to unlock the secret key for
user: "Stephan Hugel <urschrei@gmail.com>"
1024-bit DSA key, ID 9B10D690, created 2008-09-06

[I enter passphrase]

[process completes]

$ git verify-tag --verbose test_tag
object 791abd4848d86ea98071f35bbce4d4b274ef0788
type commit
tag test_tag
tagger Stephan Hügel <urschrei@gmail.com> 1286291263 +0100

Test tag
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (Darwin)

iD8DBQBMqz9G8Y2TgZsQ1pARAh2bAJ0WuNWsNa+eJq3aYMlwvOFX5eRUngCfZAcM
hnt1Aomaz5SY0yofv9BwGWg=
=+AKs
-----END PGP MESSAGE-----
gpg: Signature made Tue  5 Oct 16:07:50 2010 IST using DSA key ID 9B10D690
gpg: BAD signature from "Stephan Hugel <urschrei@gmail.com>"


Now, if I manually append the tag contents to a file:

$ git cat-file tag test_tag > a
$ git cat-file tag test_tag > a.sig
$ less a.sig

object 791abd4848d86ea98071f35bbce4d4b274ef0788
type commit
tag test_tag
tagger Stephan Hügel <urschrei@gmail.com> 1286291263 +0100

Test tag
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (Darwin)

iD8DBQBMqz9G8Y2TgZsQ1pARAh2bAJ0WuNWsNa+eJq3aYMlwvOFX5eRUngCfZAcM
hnt1Aomaz5SY0yofv9BwGWg=
=+AKs
-----END PGP MESSAGE——

[remove PGP block (identical to the above block) from a]

$ gpg --verify a.sig
gpg: Signature made Tue  5 Oct 16:07:50 2010 IST using DSA key ID 9B10D690
gpg: Good signature from "Stephan Hugel <urschrei@gmail.com>"

I've also just had a look at my gnupg.conf: the only options in it are:
default-key 9B10D690
charset utf8
keyserver hkp://keyserver.ubuntu.com
auto-key-locate hkp://keyserver.ubuntu.com
utf8-strings
rfc1991

Nothing else.
-- 

steph

Re: Error when verifying tags signed using 1.7.3.1

[Michael J Gruber]

Stephan Hugel venit, vidit, dixit 05.10.2010 17:19:
> On 5 October 2010 16:07, Michael J Gruber <git@drmicha.warpmail.net> wrote:
>> Stephan Hugel venit, vidit, dixit 05.10.2010 15:28:
>>> On 5 October 2010 09:00, Michael J Gruber <git@drmicha.warpmail.net> wrote:
>>>> Stephan Hugel venit, vidit, dixit 05.10.2010 02:17:
>>>>> On 5 October 2010 00:59, Daniel Johnson <computerdruid@gmail.com> wrote:
>>>>>> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote:
>>>>>>> Daniel,
>>>>>>> Those are the exact steps I'm using.
>>>>>>>
>>>>>>> When I run tag -v on existing tags, I don't see the
>>>>>>>
>>>>>>> -----BEGIN PGP MESSAGE-----
>>>>>>> Version: GnuPG v1.4.9 (Darwin)
>>>>>>>
>>>>>>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
>>>>>>> yZeXw/EddYrfdad/VvOrL1o=
>>>>>>> =/0PJ
>>>>>>> -----END PGP MESSAGE——
>>>>>>>
>>>>>>> block. It's only present on tags created using the current version.
>>>>>>> I've also just upgraded to GnuPG 1.4.10, but the result is the same.
>>>>>>> I'm not sure how else I can determine where the problem arises; I'm
>>>>>>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG
>>>>>>> is happy to use the same key for en/decryption and signing. I've also
>>>>>>> verified that none of the subkeys are expired, and that the trust db
>>>>>>> is OK.
>>>>>>
>>>>>> If you have the tests available, can you try running t7004 to see if it fails
>>>>>> there too?
>>>>>>
>>>>> I rebuilt and installed from source
>>>>> Passed all 105 tests in t7004-tag.sh
>>>>> Problem remains with tags I create
>>>>>
>>>>> This would seem to imply a problem with my key, even though nothing
>>>>> else is complaining about it.
>>>>
>>>> Here's a very basic way to check: If foo is your tag, do
>>>>
>>>> git cat-file tag foo > a
>>>> git cat-file tag foo > a.sig
>>>>
>>>> From the file "a", delete the signature (everything lines between and
>>>> including "-----BEGIN/END PGP SIGNATURE-----"), invoking an editor or
>>>> your favorite sed/awk/perl magic.
>>>>
>>>> a is the data on which git invoked gpg for signing the tag. (I'm not
>>>> sure why gpg can't notice the inline sig directly but that doesn't
>>>> matter; maybe because it is none ;))
>>>>
>>>> Now, gpg --verify a.sig should check the signature a.sig for a. Doing
>>>> that, maybe with --verbose, you may find out whether the tag object is
>>>> bogus or git misunderstands gpg's response. If your key is on a key
>>>> server you can also share the file a.sig with us so that we can check.
>>>>
>>>> Michael
>>>>
>>> Michael,
>>> When I do this, gpg is able to verify the signature. So does this mean
>>> that gnupg is failing to ignore the PGP block (possibly because it
>>> expects "SIGNATURE", not "MESSAGE"?)
>>
>> Do you have "MESSAGE" in there???
>>
>> Can you share the output of "git verify-tag --verbose yourtag" with us?
>> In any case, this command should give the same as the edited "a" above
>> on stdout, and gpg's repsonse on stderr. It should not contain any
>> "----BEGIN/END...".
>>
>> You haven't tinkered with your gpg options lately, have you? ;)
>>
>> Michael
>>
> 
> Michael,
> Yes, it's "MESSAGE".
> Here's the complete process:
> 
> $ git --version
> git version 1.7.3.1
> 
> $ git tag -s test_tag
> 
> [editor opens, I enter message, save, close]
> 
> You need a passphrase to unlock the secret key for
> user: "Stephan Hugel <urschrei@gmail.com>"
> 1024-bit DSA key, ID 9B10D690, created 2008-09-06
> 
> [I enter passphrase]
> 
> [process completes]
> 
> $ git verify-tag --verbose test_tag
> object 791abd4848d86ea98071f35bbce4d4b274ef0788
> type commit
> tag test_tag
> tagger Stephan Hügel <urschrei@gmail.com> 1286291263 +0100
> 
> Test tag
> -----BEGIN PGP MESSAGE-----
> Version: GnuPG v1.4.10 (Darwin)
> 
> iD8DBQBMqz9G8Y2TgZsQ1pARAh2bAJ0WuNWsNa+eJq3aYMlwvOFX5eRUngCfZAcM
> hnt1Aomaz5SY0yofv9BwGWg=
> =+AKs
> -----END PGP MESSAGE-----
> gpg: Signature made Tue  5 Oct 16:07:50 2010 IST using DSA key ID 9B10D690
> gpg: BAD signature from "Stephan Hugel <urschrei@gmail.com>"
> 
> 
> Now, if I manually append the tag contents to a file:
> 
> $ git cat-file tag test_tag > a
> $ git cat-file tag test_tag > a.sig
> $ less a.sig
> 
> object 791abd4848d86ea98071f35bbce4d4b274ef0788
> type commit
> tag test_tag
> tagger Stephan Hügel <urschrei@gmail.com> 1286291263 +0100
> 
> Test tag
> -----BEGIN PGP MESSAGE-----
> Version: GnuPG v1.4.10 (Darwin)
> 
> iD8DBQBMqz9G8Y2TgZsQ1pARAh2bAJ0WuNWsNa+eJq3aYMlwvOFX5eRUngCfZAcM
> hnt1Aomaz5SY0yofv9BwGWg=
> =+AKs
> -----END PGP MESSAGE——
> 
> [remove PGP block (identical to the above block) from a]
> 
> $ gpg --verify a.sig
> gpg: Signature made Tue  5 Oct 16:07:50 2010 IST using DSA key ID 9B10D690
> gpg: Good signature from "Stephan Hugel <urschrei@gmail.com>"
> 
> I've also just had a look at my gnupg.conf: the only options in it are:
> default-key 9B10D690
> charset utf8
> keyserver hkp://keyserver.ubuntu.com
> auto-key-locate hkp://keyserver.ubuntu.com
> utf8-strings
> rfc1991
> 
> Nothing else.

The last one is the trouble maker, and you must have added it around the
time of upgrading git...

Now, git should be able to cope with that, of course.

Michael

[PATCH] tag,verify-tag: do not trip over rfc1991 signatures

[Michael J Gruber]

Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
the "rfc1991" option. This leads to git's faling to verify it's own
signed tags.

Be more lenient and take "-----BEGIN PGP " as the indicator.

Reported-by: Stephan Hugel <urschrei@gmail.com>
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 builtin/tag.c        |    6 +++---
 builtin/verify-tag.c |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/builtin/tag.c b/builtin/tag.c
index d311491..04bec17 100644
--- a/builtin/tag.c
+++ b/builtin/tag.c
@@ -29,7 +29,7 @@ struct tag_filter {
 	struct commit_list *with_commit;
 };
 
-#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
+#define PGP_SIGNATURE "-----BEGIN PGP "
 
 static int show_reference(const char *refname, const unsigned char *sha1,
 			  int flag, void *cb_data)
@@ -72,7 +72,7 @@ static int show_reference(const char *refname, const unsigned char *sha1,
 		/* only take up to "lines" lines, and strip the signature */
 		for (i = 0, sp += 2;
 				i < filter->lines && sp < buf + size &&
-				prefixcmp(sp, PGP_SIGNATURE "\n");
+				prefixcmp(sp, PGP_SIGNATURE);
 				i++) {
 			if (i)
 				printf("\n    ");
@@ -256,7 +256,7 @@ static void write_tag_body(int fd, const unsigned char *sha1)
 		return;
 	}
 	sp += 2; /* skip the 2 LFs */
-	eob = strstr(sp, "\n" PGP_SIGNATURE "\n");
+	eob = strstr(sp, "\n" PGP_SIGNATURE);
 	if (eob)
 		len = eob - sp;
 	else
diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c
index 9f482c2..3c85d0a 100644
--- a/builtin/verify-tag.c
+++ b/builtin/verify-tag.c
@@ -17,7 +17,7 @@ static const char * const verify_tag_usage[] = {
 		NULL
 };
 
-#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
+#define PGP_SIGNATURE "-----BEGIN PGP "
 
 static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
 {
-- 
1.7.3.98.g5ad7d

Re: Error when verifying tags signed using 1.7.3.1

[Stephan Hugel]

On 5 October 2010 16:39, Michael J Gruber <git@drmicha.warpmail.net> wrote:
> Stephan Hugel venit, vidit, dixit 05.10.2010 17:19:
>> On 5 October 2010 16:07, Michael J Gruber <git@drmicha.warpmail.net> wrote:
>>> Stephan Hugel venit, vidit, dixit 05.10.2010 15:28:
>>>> On 5 October 2010 09:00, Michael J Gruber <git@drmicha.warpmail.net> wrote:
>>>>> Stephan Hugel venit, vidit, dixit 05.10.2010 02:17:
>>>>>> On 5 October 2010 00:59, Daniel Johnson <computerdruid@gmail.com> wrote:
>>>>>>> On Monday 04 October 2010 19:04:51 Stephan Hugel wrote:
>>>>>>>> Daniel,
>>>>>>>> Those are the exact steps I'm using.
>>>>>>>>
>>>>>>>> When I run tag -v on existing tags, I don't see the
>>>>>>>>
>>>>>>>> -----BEGIN PGP MESSAGE-----
>>>>>>>> Version: GnuPG v1.4.9 (Darwin)
>>>>>>>>
>>>>>>>> iD8DBQBMqlpo8Y2TgZsQ1pARAmBQAJ9NV0IX7jlzeB8ogddlutFKAjyWJwCfSI5A
>>>>>>>> yZeXw/EddYrfdad/VvOrL1o=
>>>>>>>> =/0PJ
>>>>>>>> -----END PGP MESSAGE——
>>>>>>>>
>>>>>>>> block. It's only present on tags created using the current version.
>>>>>>>> I've also just upgraded to GnuPG 1.4.10, but the result is the same.
>>>>>>>> I'm not sure how else I can determine where the problem arises; I'm
>>>>>>>> using the git and GnuPG versions for OS X built by homebrew, and GnuPG
>>>>>>>> is happy to use the same key for en/decryption and signing. I've also
>>>>>>>> verified that none of the subkeys are expired, and that the trust db
>>>>>>>> is OK.
>>>>>>>
>>>>>>> If you have the tests available, can you try running t7004 to see if it fails
>>>>>>> there too?
>>>>>>>
>>>>>> I rebuilt and installed from source
>>>>>> Passed all 105 tests in t7004-tag.sh
>>>>>> Problem remains with tags I create
>>>>>>
>>>>>> This would seem to imply a problem with my key, even though nothing
>>>>>> else is complaining about it.
>>>>>
>>>>> Here's a very basic way to check: If foo is your tag, do
>>>>>
>>>>> git cat-file tag foo > a
>>>>> git cat-file tag foo > a.sig
>>>>>
>>>>> From the file "a", delete the signature (everything lines between and
>>>>> including "-----BEGIN/END PGP SIGNATURE-----"), invoking an editor or
>>>>> your favorite sed/awk/perl magic.
>>>>>
>>>>> a is the data on which git invoked gpg for signing the tag. (I'm not
>>>>> sure why gpg can't notice the inline sig directly but that doesn't
>>>>> matter; maybe because it is none ;))
>>>>>
>>>>> Now, gpg --verify a.sig should check the signature a.sig for a. Doing
>>>>> that, maybe with --verbose, you may find out whether the tag object is
>>>>> bogus or git misunderstands gpg's response. If your key is on a key
>>>>> server you can also share the file a.sig with us so that we can check.
>>>>>
>>>>> Michael
>>>>>
>>>> Michael,
>>>> When I do this, gpg is able to verify the signature. So does this mean
>>>> that gnupg is failing to ignore the PGP block (possibly because it
>>>> expects "SIGNATURE", not "MESSAGE"?)
>>>
>>> Do you have "MESSAGE" in there???
>>>
>>> Can you share the output of "git verify-tag --verbose yourtag" with us?
>>> In any case, this command should give the same as the edited "a" above
>>> on stdout, and gpg's repsonse on stderr. It should not contain any
>>> "----BEGIN/END...".
>>>
>>> You haven't tinkered with your gpg options lately, have you? ;)
>>>
>>> Michael
>>>
>>
>> Michael,
>> Yes, it's "MESSAGE".
>> Here's the complete process:
>>
>> $ git --version
>> git version 1.7.3.1
>>
>> $ git tag -s test_tag
>>
>> [editor opens, I enter message, save, close]
>>
>> You need a passphrase to unlock the secret key for
>> user: "Stephan Hugel <urschrei@gmail.com>"
>> 1024-bit DSA key, ID 9B10D690, created 2008-09-06
>>
>> [I enter passphrase]
>>
>> [process completes]
>>
>> $ git verify-tag --verbose test_tag
>> object 791abd4848d86ea98071f35bbce4d4b274ef0788
>> type commit
>> tag test_tag
>> tagger Stephan Hügel <urschrei@gmail.com> 1286291263 +0100
>>
>> Test tag
>> -----BEGIN PGP MESSAGE-----
>> Version: GnuPG v1.4.10 (Darwin)
>>
>> iD8DBQBMqz9G8Y2TgZsQ1pARAh2bAJ0WuNWsNa+eJq3aYMlwvOFX5eRUngCfZAcM
>> hnt1Aomaz5SY0yofv9BwGWg=
>> =+AKs
>> -----END PGP MESSAGE-----
>> gpg: Signature made Tue  5 Oct 16:07:50 2010 IST using DSA key ID 9B10D690
>> gpg: BAD signature from "Stephan Hugel <urschrei@gmail.com>"
>>
>>
>> Now, if I manually append the tag contents to a file:
>>
>> $ git cat-file tag test_tag > a
>> $ git cat-file tag test_tag > a.sig
>> $ less a.sig
>>
>> object 791abd4848d86ea98071f35bbce4d4b274ef0788
>> type commit
>> tag test_tag
>> tagger Stephan Hügel <urschrei@gmail.com> 1286291263 +0100
>>
>> Test tag
>> -----BEGIN PGP MESSAGE-----
>> Version: GnuPG v1.4.10 (Darwin)
>>
>> iD8DBQBMqz9G8Y2TgZsQ1pARAh2bAJ0WuNWsNa+eJq3aYMlwvOFX5eRUngCfZAcM
>> hnt1Aomaz5SY0yofv9BwGWg=
>> =+AKs
>> -----END PGP MESSAGE——
>>
>> [remove PGP block (identical to the above block) from a]
>>
>> $ gpg --verify a.sig
>> gpg: Signature made Tue  5 Oct 16:07:50 2010 IST using DSA key ID 9B10D690
>> gpg: Good signature from "Stephan Hugel <urschrei@gmail.com>"
>>
>> I've also just had a look at my gnupg.conf: the only options in it are:
>> default-key 9B10D690
>> charset utf8
>> keyserver hkp://keyserver.ubuntu.com
>> auto-key-locate hkp://keyserver.ubuntu.com
>> utf8-strings
>> rfc1991
>>
>> Nothing else.
>
> The last one is the trouble maker, and you must have added it around the
> time of upgrading git...
>
> Now, git should be able to cope with that, of course.
>
> Michael
>
I can confirm that disabling that option in gpg.conf results in a tag
using "SIGNATURE" being written, which can be subsequently verified.


-- 

steph

Re: [PATCH] tag,verify-tag: do not trip over rfc1991 signatures

[Junio C Hamano]

Michael J Gruber <git@drmicha.warpmail.net> writes:

> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
> the "rfc1991" option. This leads to git's faling to verify it's own
> signed tags.
>
> Be more lenient and take "-----BEGIN PGP " as the indicator.

Thanks, but it bothers me that the patch is a bit inconsistently lenient.

How many variants of PGP implementations are there?  For example, I'd ask
these without doing my own research because I am lazy:

 1. Does everybody place five dashes at the beginning (IOW, is there an
    odd variant that puts four or six)?

 2. Does everybody follow the dashes immediately with "BEGIN" (IOW, is
    there an odd variant that puts a SP between them)?

 3. Does everybody spell "BEGIN PGP " the same way, in all uppercase?

 4. Does everybody place five dashes at the end (IOW, is there an odd
    variant that puts four or six)?

 5. Does everybody follow the "BEGIN PGP SOMETHING" immediately with
    dashes without SP?

Your patch seem to answer <yes, yes, yes, no, no> to the above question.
I'd find it saner if the patched code at least checked that the line ends
with 5 dashes.

Re: [PATCH] tag,verify-tag: do not trip over rfc1991 signatures

[Todd Zullinger]

[-- Attachment #1: Type: text/plain, Size: 1024 bytes --]

Michael J Gruber wrote:
> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
> the "rfc1991" option. This leads to git's faling to verify it's own
> signed tags.
>
> Be more lenient and take "-----BEGIN PGP " as the indicator.

Another way to go might be to add --gnupg (or --openpgp) to the gpg
options used for tagging.  That overrides an option like rfc1991 in
the gnupg config file.

Whether that's preferable to accepting these older-style messages is
debatable.  Using rfc1991 implies pgp-2.x compatibility, which means
using md5 as the algorithm.  It could be seen as a weakness to accept
such signatures.

(Oh, and you probably saw this already, but s/faling/failing. ;)

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The best cure for insomnia is to get a lot of sleep.
    -- W.C. Fields


[-- Attachment #2: Type: application/pgp-signature, Size: 542 bytes --]

Re: [PATCH] tag,verify-tag: do not trip over rfc1991 signatures

[Michael J Gruber]

Junio C Hamano venit, vidit, dixit 05.10.2010 22:28:
> Michael J Gruber <git@drmicha.warpmail.net> writes:
> 
>> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
>> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
>> the "rfc1991" option. This leads to git's faling to verify it's own
>> signed tags.
>>
>> Be more lenient and take "-----BEGIN PGP " as the indicator.
> 
> Thanks, but it bothers me that the patch is a bit inconsistently lenient.
> 
> How many variants of PGP implementations are there?  For example, I'd ask
> these without doing my own research because I am lazy:
> 
>  1. Does everybody place five dashes at the beginning (IOW, is there an
>     odd variant that puts four or six)?
> 
>  2. Does everybody follow the dashes immediately with "BEGIN" (IOW, is
>     there an odd variant that puts a SP between them)?
> 
>  3. Does everybody spell "BEGIN PGP " the same way, in all uppercase?
> 
>  4. Does everybody place five dashes at the end (IOW, is there an odd
>     variant that puts four or six)?
> 
>  5. Does everybody follow the "BEGIN PGP SOMETHING" immediately with
>     dashes without SP?
> 
> Your patch seem to answer <yes, yes, yes, no, no> to the above question.

On 4,5, my patch only implies that I (suggest we) don't care.

> I'd find it saner if the patched code at least checked that the line ends
> with 5 dashes.

Alternatively, we can just say we support gnupg/openpg but not pgp 2.0,
and running gpg with pgp 2.0 options is discouraged even by gpg's man page.

The main issue here is that we create a detached signature (rather than
a clear text signature) but then lump it together with the content (the
tag object sans sig). The boundary mark between the two is not
controlled by us but by gpg (and its options).

In order to verify the sig, *we* have to split the lump again but we
don't really know the boundary mark. It's insane by design. We should
have used a non-volatile boundary mark.

I'll check whether we can somehow feed the whole lump to gpg and make it
recognize the attached-detached signature. That way we'd be as
compatible as gpg.

Michael

Re: [PATCH] tag,verify-tag: do not trip over rfc1991 signatures

[Michael J Gruber]

Todd Zullinger venit, vidit, dixit 05.10.2010 22:42:
> Michael J Gruber wrote:
>> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
>> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
>> the "rfc1991" option. This leads to git's faling to verify it's own
>> signed tags.
>>
>> Be more lenient and take "-----BEGIN PGP " as the indicator.
> 
> Another way to go might be to add --gnupg (or --openpgp) to the gpg
> options used for tagging.  That overrides an option like rfc1991 in
> the gnupg config file.
> 
> Whether that's preferable to accepting these older-style messages is
> debatable.  Using rfc1991 implies pgp-2.x compatibility, which means
> using md5 as the algorithm.  It could be seen as a weakness to accept
> such signatures.

The problem is that we never did this, i.e. we always allowed people to
create such signatures. They never verified, though, even though they
were valid. If that's reason enough to discount the usual compatibility
argument then adding --gnupg would be best.

> (Oh, and you probably saw this already, but s/faling/failing. ;)

:|

Michael

Re: [PATCH] tag,verify-tag: do not trip over rfc1991 signatures

[Stephan Hugel]

On 5 October 2010 21:42, Michael J Gruber <git@drmicha.warpmail.net> wrote:
> Junio C Hamano venit, vidit, dixit 05.10.2010 22:28:
>> Michael J Gruber <git@drmicha.warpmail.net> writes:
>>
>>> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
>>> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
>>> the "rfc1991" option. This leads to git's faling to verify it's own
>>> signed tags.
>>>
>>> Be more lenient and take "-----BEGIN PGP " as the indicator.
>>
>> Thanks, but it bothers me that the patch is a bit inconsistently lenient.
>>
>> How many variants of PGP implementations are there?  For example, I'd ask
>> these without doing my own research because I am lazy:
>>
>>  1. Does everybody place five dashes at the beginning (IOW, is there an
>>     odd variant that puts four or six)?
>>
>>  2. Does everybody follow the dashes immediately with "BEGIN" (IOW, is
>>     there an odd variant that puts a SP between them)?
>>
>>  3. Does everybody spell "BEGIN PGP " the same way, in all uppercase?
>>
>>  4. Does everybody place five dashes at the end (IOW, is there an odd
>>     variant that puts four or six)?
>>
>>  5. Does everybody follow the "BEGIN PGP SOMETHING" immediately with
>>     dashes without SP?
>>
>> Your patch seem to answer <yes, yes, yes, no, no> to the above question.
>
> On 4,5, my patch only implies that I (suggest we) don't care.
>
>> I'd find it saner if the patched code at least checked that the line ends
>> with 5 dashes.
>
> Alternatively, we can just say we support gnupg/openpg but not pgp 2.0,
> and running gpg with pgp 2.0 options is discouraged even by gpg's man page.
>
> The main issue here is that we create a detached signature (rather than
> a clear text signature) but then lump it together with the content (the
> tag object sans sig). The boundary mark between the two is not
> controlled by us but by gpg (and its options).
>
> In order to verify the sig, *we* have to split the lump again but we
> don't really know the boundary mark. It's insane by design. We should
> have used a non-volatile boundary mark.
>
> I'll check whether we can somehow feed the whole lump to gpg and make it
> recognize the attached-detached signature. That way we'd be as
> compatible as gpg.
>
> Michael
>
5 dashes + BEGIN [other stuff] and
5 dashes + END
was part of RFC1991:
http://tools.ietf.org/html/rfc1991#section-2.4.1

Which was obsoleted by RFC4880 :
http://tools.ietf.org/html/rfc4880#section-6.2
5 dashes + BEGIN [some different stuff]
5 dashes + END

Aside from the above considerations, 5 dashes + BEGIN
would appear to conform to both the old and the current spec. Since
the current implementation of GnuPG only offers the rfc1991
compatibility options, complying with both covers all (i.e. both)
possibilties, no?
-- 

steph

Re: [PATCH] tag,verify-tag: do not trip over rfc1991 signatures

[Michael J Gruber]

Stephan Hugel venit, vidit, dixit 05.10.2010 22:51:
> On 5 October 2010 21:42, Michael J Gruber <git@drmicha.warpmail.net> wrote:
>> Junio C Hamano venit, vidit, dixit 05.10.2010 22:28:
>>> Michael J Gruber <git@drmicha.warpmail.net> writes:
>>>
>>>> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
>>>> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
>>>> the "rfc1991" option. This leads to git's faling to verify it's own
>>>> signed tags.
>>>>
>>>> Be more lenient and take "-----BEGIN PGP " as the indicator.
>>>
>>> Thanks, but it bothers me that the patch is a bit inconsistently lenient.
>>>
>>> How many variants of PGP implementations are there?  For example, I'd ask
>>> these without doing my own research because I am lazy:
>>>
>>>  1. Does everybody place five dashes at the beginning (IOW, is there an
>>>     odd variant that puts four or six)?
>>>
>>>  2. Does everybody follow the dashes immediately with "BEGIN" (IOW, is
>>>     there an odd variant that puts a SP between them)?
>>>
>>>  3. Does everybody spell "BEGIN PGP " the same way, in all uppercase?
>>>
>>>  4. Does everybody place five dashes at the end (IOW, is there an odd
>>>     variant that puts four or six)?
>>>
>>>  5. Does everybody follow the "BEGIN PGP SOMETHING" immediately with
>>>     dashes without SP?
>>>
>>> Your patch seem to answer <yes, yes, yes, no, no> to the above question.
>>
>> On 4,5, my patch only implies that I (suggest we) don't care.
>>
>>> I'd find it saner if the patched code at least checked that the line ends
>>> with 5 dashes.
>>
>> Alternatively, we can just say we support gnupg/openpg but not pgp 2.0,
>> and running gpg with pgp 2.0 options is discouraged even by gpg's man page.
>>
>> The main issue here is that we create a detached signature (rather than
>> a clear text signature) but then lump it together with the content (the
>> tag object sans sig). The boundary mark between the two is not
>> controlled by us but by gpg (and its options).
>>
>> In order to verify the sig, *we* have to split the lump again but we
>> don't really know the boundary mark. It's insane by design. We should
>> have used a non-volatile boundary mark.
>>
>> I'll check whether we can somehow feed the whole lump to gpg and make it
>> recognize the attached-detached signature. That way we'd be as
>> compatible as gpg.
>>
>> Michael
>>
> 5 dashes + BEGIN [other stuff] and
> 5 dashes + END
> was part of RFC1991:
> http://tools.ietf.org/html/rfc1991#section-2.4.1
> 
> Which was obsoleted by RFC4880 :
> http://tools.ietf.org/html/rfc4880#section-6.2
> 5 dashes + BEGIN [some different stuff]
> 5 dashes + END
> 
> Aside from the above considerations, 5 dashes + BEGIN
> would appear to conform to both the old and the current spec. Since
> the current implementation of GnuPG only offers the rfc1991
> compatibility options, complying with both covers all (i.e. both)
> possibilties, no?

So, we (c|sh)ould really check for the two variants rather than being
lenient, right? I'll bite the v2 apple.

Michael

[PATCH 0/5] Handling of rfc1991 signatures

[Michael J Gruber]

This mini-series fixes the handling of signed tags for users
with "rfc1991" in their gpg config. In fact, the refactoring
done in the middle three patches would be worthwhile even
without the side effect of having to fix the handling in
one place only rather than three...

Michael J Gruber (5):
  t/t7004-tag: test handling of rfc1991 signatures
  verify-tag: factor out signature detection
  tag: factor out sig detection for body edits
  tag: factor out sig detection for tag display
  tag: recognize rfc1991 signatures

 builtin/tag.c        |   16 ++++------------
 builtin/verify-tag.c |   10 ++--------
 t/t7004-tag.sh       |   43 +++++++++++++++++++++++++++++++++++++++++++
 tag.c                |   12 ++++++++++++
 tag.h                |    4 ++++
 5 files changed, 65 insertions(+), 20 deletions(-)

-- 
1.7.3.2.193.g78bbb

[PATCH 1/5] t/t7004-tag: test handling of rfc1991 signatures

[Michael J Gruber]

Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
the "rfc1991" option. This leads to git's failing to verify it's own
signed tags, among other problems.

Add tests for all code paths (tag -v, tag -l -n largenumber, tag -f
without -m) where signature detection matters.

Reported-by: Stephan Hugel <urschrei@gmail.com>
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 t/t7004-tag.sh |   43 +++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 43 insertions(+), 0 deletions(-)

diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index ac943f5..22dcc45 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -1030,6 +1030,49 @@ test_expect_success GPG \
 	test_cmp expect actual
 '
 
+# usage with rfc1991 signatures
+echo "rfc1991" > gpghome/gpg.conf
+get_tag_header rfc1991-signed-tag $commit commit $time >expect
+echo "RFC1991 signed tag" >>expect
+echo '-----BEGIN PGP MESSAGE-----' >>expect
+test_expect_success GPG \
+	'creating a signed tag with rfc1991' '
+	git tag -s -m "RFC1991 signed tag" rfc1991-signed-tag $commit &&
+	get_tag_msg rfc1991-signed-tag >actual &&
+	test_cmp expect actual
+'
+
+cat >fakeeditor <<'EOF'
+#!/bin/sh
+cp "$1" actual
+EOF
+chmod +x fakeeditor
+
+test_expect_failure GPG \
+	'reediting a signed tag body omits signature' '
+	echo "RFC1991 signed tag" >expect &&
+	GIT_EDITOR=./fakeeditor git tag -f -s rfc1991-signed-tag $commit &&
+	test_cmp expect actual
+'
+
+test_expect_failure GPG \
+	'verifying rfc1991 signature' '
+	git tag -v rfc1991-signed-tag
+'
+
+test_expect_failure GPG \
+	'list tag with rfc1991 signature' '
+	echo "rfc1991-signed-tag RFC1991 signed tag" >expect &&
+	git tag -l -n1 rfc1991-signed-tag >actual &&
+	test_cmp expect actual &&
+	git tag -l -n2 rfc1991-signed-tag >actual &&
+	test_cmp expect actual &&
+	git tag -l -n999 rfc1991-signed-tag >actual &&
+	test_cmp expect actual
+'
+
+rm -f gpghome/gpg.conf
+
 # try to sign with bad user.signingkey
 git config user.signingkey BobTheMouse
 test_expect_success GPG \
-- 
1.7.3.2.193.g78bbb

[PATCH 2/5] verify-tag: factor out signature detection

[Michael J Gruber]

into tag.h/c for later reuse and modification.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 builtin/verify-tag.c |   10 ++--------
 tag.c                |   11 +++++++++++
 tag.h                |    3 +++
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c
index 9f482c2..86cac6d 100644
--- a/builtin/verify-tag.c
+++ b/builtin/verify-tag.c
@@ -17,13 +17,11 @@ static const char * const verify_tag_usage[] = {
 		NULL
 };
 
-#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
-
 static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
 {
 	struct child_process gpg;
 	const char *args_gpg[] = {"gpg", "--verify", "FILE", "-", NULL};
-	char path[PATH_MAX], *eol;
+	char path[PATH_MAX];
 	size_t len;
 	int fd, ret;
 
@@ -37,11 +35,7 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
 	close(fd);
 
 	/* find the length without signature */
-	len = 0;
-	while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
-		eol = memchr(buf + len, '\n', size - len);
-		len += eol ? eol - (buf + len) + 1 : size - len;
-	}
+	len = parse_signature(buf, size);
 	if (verbose)
 		write_in_full(1, buf, len);
 
diff --git a/tag.c b/tag.c
index 28641cf..5f9626c 100644
--- a/tag.c
+++ b/tag.c
@@ -133,3 +133,14 @@ int parse_tag(struct tag *item)
 	free(data);
 	return ret;
 }
+
+size_t parse_signature(const char *buf, unsigned long size)
+{
+	char *eol;
+	size_t len = 0;
+	while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
+		eol = memchr(buf + len, '\n', size - len);
+		len += eol ? eol - (buf + len) + 1 : size - len;
+	}
+	return len;
+}
diff --git a/tag.h b/tag.h
index 4766272..4ba2a42 100644
--- a/tag.h
+++ b/tag.h
@@ -3,6 +3,8 @@
 
 #include "object.h"
 
+#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
+
 extern const char *tag_type;
 
 struct tag {
@@ -16,5 +18,6 @@ extern struct tag *lookup_tag(const unsigned char *sha1);
 extern int parse_tag_buffer(struct tag *item, void *data, unsigned long size);
 extern int parse_tag(struct tag *item);
 extern struct object *deref_tag(struct object *, const char *, int);
+extern size_t parse_signature(const char *buf, unsigned long size);
 
 #endif /* TAG_H */
-- 
1.7.3.2.193.g78bbb

[PATCH 3/5] tag: factor out sig detection for body edits

[Michael J Gruber]

Use the factored out code for sig detection when editing existing
tag bodies (tag -a -f without -m).

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 builtin/tag.c |   12 ++----------
 1 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/builtin/tag.c b/builtin/tag.c
index d311491..66feeb0 100644
--- a/builtin/tag.c
+++ b/builtin/tag.c
@@ -29,8 +29,6 @@ struct tag_filter {
 	struct commit_list *with_commit;
 };
 
-#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
-
 static int show_reference(const char *refname, const unsigned char *sha1,
 			  int flag, void *cb_data)
 {
@@ -242,8 +240,7 @@ static void write_tag_body(int fd, const unsigned char *sha1)
 {
 	unsigned long size;
 	enum object_type type;
-	char *buf, *sp, *eob;
-	size_t len;
+	char *buf, *sp;
 
 	buf = read_sha1_file(sha1, &type, &size);
 	if (!buf)
@@ -256,12 +253,7 @@ static void write_tag_body(int fd, const unsigned char *sha1)
 		return;
 	}
 	sp += 2; /* skip the 2 LFs */
-	eob = strstr(sp, "\n" PGP_SIGNATURE "\n");
-	if (eob)
-		len = eob - sp;
-	else
-		len = buf + size - sp;
-	write_or_die(fd, sp, len);
+	write_or_die(fd, sp, parse_signature(sp, buf + size - sp));
 
 	free(buf);
 }
-- 
1.7.3.2.193.g78bbb

[PATCH 4/5] tag: factor out sig detection for tag display

[Michael J Gruber]

Use the factored out code for sig detection when displaying tags.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 builtin/tag.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/builtin/tag.c b/builtin/tag.c
index 66feeb0..617a58f 100644
--- a/builtin/tag.c
+++ b/builtin/tag.c
@@ -68,9 +68,9 @@ static int show_reference(const char *refname, const unsigned char *sha1,
 			return 0;
 		}
 		/* only take up to "lines" lines, and strip the signature */
+		size = parse_signature(buf, size);
 		for (i = 0, sp += 2;
-				i < filter->lines && sp < buf + size &&
-				prefixcmp(sp, PGP_SIGNATURE "\n");
+				i < filter->lines && sp < buf + size;
 				i++) {
 			if (i)
 				printf("\n    ");
-- 
1.7.3.2.193.g78bbb

[PATCH 5/5] tag: recognize rfc1991 signatures

[Michael J Gruber]

We have always been creating rfc1991 signatures for users with "rfc1991"
in their gpg config but failed to recognize them (tag -l -n largenumber)
and verify them (tag -v, verify-tag).

Make good use of the refactored signature detection and let us recognize
and verify those signatures also.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 t/t7004-tag.sh |    6 +++---
 tag.c          |    3 ++-
 tag.h          |    1 +
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index 22dcc45..4fe45a4 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -1048,19 +1048,19 @@ cp "$1" actual
 EOF
 chmod +x fakeeditor
 
-test_expect_failure GPG \
+test_expect_success GPG \
 	'reediting a signed tag body omits signature' '
 	echo "RFC1991 signed tag" >expect &&
 	GIT_EDITOR=./fakeeditor git tag -f -s rfc1991-signed-tag $commit &&
 	test_cmp expect actual
 '
 
-test_expect_failure GPG \
+test_expect_success GPG \
 	'verifying rfc1991 signature' '
 	git tag -v rfc1991-signed-tag
 '
 
-test_expect_failure GPG \
+test_expect_success GPG \
 	'list tag with rfc1991 signature' '
 	echo "rfc1991-signed-tag RFC1991 signed tag" >expect &&
 	git tag -l -n1 rfc1991-signed-tag >actual &&
diff --git a/tag.c b/tag.c
index 5f9626c..18a5142 100644
--- a/tag.c
+++ b/tag.c
@@ -138,7 +138,8 @@ size_t parse_signature(const char *buf, unsigned long size)
 {
 	char *eol;
 	size_t len = 0;
-	while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
+	while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)
+			&& prefixcmp(buf + len, PGP_MESSAGE)) {
 		eol = memchr(buf + len, '\n', size - len);
 		len += eol ? eol - (buf + len) + 1 : size - len;
 	}
diff --git a/tag.h b/tag.h
index 4ba2a42..134d572 100644
--- a/tag.h
+++ b/tag.h
@@ -4,6 +4,7 @@
 #include "object.h"
 
 #define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
+#define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----"
 
 extern const char *tag_type;
 
-- 
1.7.3.2.193.g78bbb

Re: [PATCH 2/5] verify-tag: factor out signature detection

[Thiago Farina]

On Sat, Nov 6, 2010 at 9:04 AM, Michael J Gruber
<git@drmicha.warpmail.net> wrote:
> diff --git a/tag.h b/tag.h
> index 4766272..4ba2a42 100644
> --- a/tag.h
> +++ b/tag.h
> @@ -3,6 +3,8 @@
>
>  #include "object.h"
>
> +#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
> +

nit: I'd move this into the tag.c file. It's only used there now.

Re: [PATCH 5/5] tag: recognize rfc1991 signatures

[Thiago Farina]

On Sat, Nov 6, 2010 at 9:04 AM, Michael J Gruber
<git@drmicha.warpmail.net> wrote:
> diff --git a/tag.c b/tag.c
> index 5f9626c..18a5142 100644
> --- a/tag.c
> +++ b/tag.c
> @@ -138,7 +138,8 @@ size_t parse_signature(const char *buf, unsigned long size)
>  {
>        char *eol;
>        size_t len = 0;
> -       while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
> +       while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)
> +                       && prefixcmp(buf + len, PGP_MESSAGE)) {

nit: I think this && should be in the end of the previous line. (Not
sure what is the preferred style though, comments?).

Re: [PATCH 5/5] tag: recognize rfc1991 signatures

[Junio C Hamano]

Thiago Farina <tfransosi@gmail.com> writes:

> On Sat, Nov 6, 2010 at 9:04 AM, Michael J Gruber
> <git@drmicha.warpmail.net> wrote:
>> diff --git a/tag.c b/tag.c
>> index 5f9626c..18a5142 100644
>> --- a/tag.c
>> +++ b/tag.c
>> @@ -138,7 +138,8 @@ size_t parse_signature(const char *buf, unsigned long size)
>>  {
>>        char *eol;
>>        size_t len = 0;
>> -       while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
>> +       while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)
>> +                       && prefixcmp(buf + len, PGP_MESSAGE)) {
>
> nit: I think this && should be in the end of the previous line. (Not
> sure what is the preferred style though, comments?).

I personally prefer to lay out a multi-line expression so that you can see
the parse tree when you tilt your head the same way as when you view ;-),
i.e. what Michael wrote, but when I inherited the codebase, nobody wrote
multi-line expressions that way, so the standard coding style here has
become "&& at the end" due to the "mimic the surrounding code" rule.

Re: [PATCH 1/5] t/t7004-tag: test handling of rfc1991 signatures

[Junio C Hamano]

Michael J Gruber <git@drmicha.warpmail.net> writes:

> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
> the "rfc1991" option. This leads to git's failing to verify it's own
> signed tags, among other problems.
>
> Add tests for all code paths (tag -v, tag -l -n largenumber, tag -f
> without -m) where signature detection matters.
>
> Reported-by: Stephan Hugel <urschrei@gmail.com>
> Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
> ---
>  t/t7004-tag.sh |   43 +++++++++++++++++++++++++++++++++++++++++++
>  1 files changed, 43 insertions(+), 0 deletions(-)
>
> diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
> index ac943f5..22dcc45 100755
> --- a/t/t7004-tag.sh
> +++ b/t/t7004-tag.sh
> @@ -1030,6 +1030,49 @@ test_expect_success GPG \
>  	test_cmp expect actual
>  '
>  
> +# usage with rfc1991 signatures
> +echo "rfc1991" > gpghome/gpg.conf
> +get_tag_header rfc1991-signed-tag $commit commit $time >expect
> +echo "RFC1991 signed tag" >>expect
> +echo '-----BEGIN PGP MESSAGE-----' >>expect
> +test_expect_success GPG \
> +	'creating a signed tag with rfc1991' '
> +	git tag -s -m "RFC1991 signed tag" rfc1991-signed-tag $commit &&
> +	get_tag_msg rfc1991-signed-tag >actual &&
> +	test_cmp expect actual
> +'
> +
> +cat >fakeeditor <<'EOF'
> +#!/bin/sh
> +cp "$1" actual
> +EOF
> +chmod +x fakeeditor
> +
> +test_expect_failure GPG \
> +...
> +'
> +
> +rm -f gpghome/gpg.conf

Shouldn't this line be placed much earlier in the sequence, to make sure
that people without --rfc1991 can grok new style signatures?  Better yet,
shouldn't the script test rfc1991-signed tags both with and without the
rfc1991 configuration?

Re: [PATCH 1/5] t/t7004-tag: test handling of rfc1991 signatures

[Michael J Gruber]

Junio C Hamano venit, vidit, dixit 09.11.2010 18:17:
> Michael J Gruber <git@drmicha.warpmail.net> writes:
> 
>> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
>> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
>> the "rfc1991" option. This leads to git's failing to verify it's own
>> signed tags, among other problems.
>>
>> Add tests for all code paths (tag -v, tag -l -n largenumber, tag -f
>> without -m) where signature detection matters.
>>
>> Reported-by: Stephan Hugel <urschrei@gmail.com>
>> Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
>> ---
>>  t/t7004-tag.sh |   43 +++++++++++++++++++++++++++++++++++++++++++
>>  1 files changed, 43 insertions(+), 0 deletions(-)
>>
>> diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
>> index ac943f5..22dcc45 100755
>> --- a/t/t7004-tag.sh
>> +++ b/t/t7004-tag.sh
>> @@ -1030,6 +1030,49 @@ test_expect_success GPG \
>>  	test_cmp expect actual
>>  '
>>  
>> +# usage with rfc1991 signatures
>> +echo "rfc1991" > gpghome/gpg.conf
>> +get_tag_header rfc1991-signed-tag $commit commit $time >expect
>> +echo "RFC1991 signed tag" >>expect
>> +echo '-----BEGIN PGP MESSAGE-----' >>expect
>> +test_expect_success GPG \
>> +	'creating a signed tag with rfc1991' '
>> +	git tag -s -m "RFC1991 signed tag" rfc1991-signed-tag $commit &&
>> +	get_tag_msg rfc1991-signed-tag >actual &&
>> +	test_cmp expect actual
>> +'
>> +
>> +cat >fakeeditor <<'EOF'
>> +#!/bin/sh
>> +cp "$1" actual
>> +EOF
>> +chmod +x fakeeditor
>> +
>> +test_expect_failure GPG \
>> +...
>> +'
>> +
>> +rm -f gpghome/gpg.conf
> 
> Shouldn't this line be placed much earlier in the sequence, to make sure
> that people without --rfc1991 can grok new style signatures?  Better yet,
> shouldn't the script test rfc1991-signed tags both with and without the
> rfc1991 configuration?

The --rfc1991 option matters for the creation of signatures only, not
for the verification (and neither for display/listing with git, of course).

Michael

Re: [PATCH 1/5] t/t7004-tag: test handling of rfc1991 signatures

[Junio C Hamano]

Michael J Gruber <git@drmicha.warpmail.net> writes:

> The --rfc1991 option matters for the creation of signatures only, not
> for the verification (and neither for display/listing with git, of course).

Doesn't the above statement assume a bit too much about how the current
version of gpg behaves, I have to wonder?

Re: [PATCH 1/5] t/t7004-tag: test handling of rfc1991 signatures

[Michael J Gruber]

Junio C Hamano venit, vidit, dixit 10.11.2010 01:19:
> Michael J Gruber <git@drmicha.warpmail.net> writes:
> 
>> The --rfc1991 option matters for the creation of signatures only, not
>> for the verification (and neither for display/listing with git, of course).
> 
> Doesn't the above statement assume a bit too much about how the current
> version of gpg behaves, I have to wonder?

[Note: I'm sick and may sound even more grumpy than usual...]

* This test (and the patches) is about making signed tags work for
people with rfc1991 in their options. This is why I put rfc1991 in gpg's
option file.

Note that git always produced rfc1991 sigs for those users, and always
failed to verify/list them properly, no matter what gpg option is active
during the verify/list phase.

* If you /also/ want to test that users without --rfc1991 can very those
rfc1991 sigs one would need an additional test after the "rm...". I'm
telling you that --rfc1991 is completely irrelevant for what gpg
accepts, and thus the additional test is completely superfluous. gpg is
lenient about what it accepts (within existing rfc's) and strict about
what it produces (according to what you tell it to do), just like it
should. This is by design and intentional, not version dependent or by
chance. (Even requesting strict openpgp mode does not change this.)

So, the rm needs to stay where it is.

I could repeat the three tests again after the rm, albeit in different
order so that the first one has no chance of rewriting the rfc1991 sig
into an openpgp sig. I have no objection against that, it does no good
and no harm.

Michael

[PATCHv2 0/5] Handling of rfc1991 signatures

[Michael J Gruber]

This mini-series fixes the handling of signed tags for users
with "rfc1991" in their gpg config. In fact, the refactoring
done in the middle three patches would be worthwhile even
without the side effect of having to fix the handling in
one place only rather than three...

v2 has these changes:
* additional tests for dealing with rfc1991 sigs without the rfc1991 option set (1/5)
* macros in tag.c rather than tag.h since they are used only in tag.c (2/5)
* logical && at eol for continued logical expression in C (5/5)

Michael J Gruber (5):
  t/t7004-tag: test handling of rfc1991 signatures
  verify-tag: factor out signature detection
  tag: factor out sig detection for body edits
  tag: factor out sig detection for tag display
  tag: recognize rfc1991 signatures

 builtin/tag.c        |   16 +++---------
 builtin/verify-tag.c |   10 +------
 t/t7004-tag.sh       |   66 ++++++++++++++++++++++++++++++++++++++++++++++++++
 tag.c                |   15 +++++++++++
 tag.h                |    1 +
 5 files changed, 88 insertions(+), 20 deletions(-)

-- 
1.7.3.2.193.g78bbb

[PATCHv2 1/5] t/t7004-tag: test handling of rfc1991 signatures

[Michael J Gruber]

Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
the "rfc1991" option. This leads to git's failing to verify it's own
signed tags, among other problems.

Add tests for all code paths (tag -v, tag -l -n largenumber, tag -f
without -m) where signature detection matters.

Reported-by: Stephan Hugel <urschrei@gmail.com>
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 t/t7004-tag.sh |   66 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 66 insertions(+), 0 deletions(-)

diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index ac943f5..c7d49e1 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -1030,6 +1030,72 @@ test_expect_success GPG \
 	test_cmp expect actual
 '
 
+# usage with rfc1991 signatures
+echo "rfc1991" > gpghome/gpg.conf
+get_tag_header rfc1991-signed-tag $commit commit $time >expect
+echo "RFC1991 signed tag" >>expect
+echo '-----BEGIN PGP MESSAGE-----' >>expect
+test_expect_success GPG \
+	'creating a signed tag with rfc1991' '
+	git tag -s -m "RFC1991 signed tag" rfc1991-signed-tag $commit &&
+	get_tag_msg rfc1991-signed-tag >actual &&
+	test_cmp expect actual
+'
+
+cat >fakeeditor <<'EOF'
+#!/bin/sh
+cp "$1" actual
+EOF
+chmod +x fakeeditor
+
+test_expect_failure GPG \
+	'reediting a signed tag body omits signature' '
+	echo "RFC1991 signed tag" >expect &&
+	GIT_EDITOR=./fakeeditor git tag -f -s rfc1991-signed-tag $commit &&
+	test_cmp expect actual
+'
+
+test_expect_failure GPG \
+	'verifying rfc1991 signature' '
+	git tag -v rfc1991-signed-tag
+'
+
+test_expect_failure GPG \
+	'list tag with rfc1991 signature' '
+	echo "rfc1991-signed-tag RFC1991 signed tag" >expect &&
+	git tag -l -n1 rfc1991-signed-tag >actual &&
+	test_cmp expect actual &&
+	git tag -l -n2 rfc1991-signed-tag >actual &&
+	test_cmp expect actual &&
+	git tag -l -n999 rfc1991-signed-tag >actual &&
+	test_cmp expect actual
+'
+
+rm -f gpghome/gpg.conf
+
+test_expect_failure GPG \
+	'verifying rfc1991 signature without --rfc1991' '
+	git tag -v rfc1991-signed-tag
+'
+
+test_expect_failure GPG \
+	'list tag with rfc1991 signature without --rfc1991' '
+	echo "rfc1991-signed-tag RFC1991 signed tag" >expect &&
+	git tag -l -n1 rfc1991-signed-tag >actual &&
+	test_cmp expect actual &&
+	git tag -l -n2 rfc1991-signed-tag >actual &&
+	test_cmp expect actual &&
+	git tag -l -n999 rfc1991-signed-tag >actual &&
+	test_cmp expect actual
+'
+
+test_expect_failure GPG \
+	'reediting a signed tag body omits signature' '
+	echo "RFC1991 signed tag" >expect &&
+	GIT_EDITOR=./fakeeditor git tag -f -s rfc1991-signed-tag $commit &&
+	test_cmp expect actual
+'
+
 # try to sign with bad user.signingkey
 git config user.signingkey BobTheMouse
 test_expect_success GPG \
-- 
1.7.3.2.193.g78bbb

[PATCHv2 2/5] verify-tag: factor out signature detection

[Michael J Gruber]

into tag.h/c for later reuse and modification.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 builtin/verify-tag.c |   10 ++--------
 tag.c                |   13 +++++++++++++
 tag.h                |    1 +
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/builtin/verify-tag.c b/builtin/verify-tag.c
index 9f482c2..86cac6d 100644
--- a/builtin/verify-tag.c
+++ b/builtin/verify-tag.c
@@ -17,13 +17,11 @@ static const char * const verify_tag_usage[] = {
 		NULL
 };
 
-#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
-
 static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
 {
 	struct child_process gpg;
 	const char *args_gpg[] = {"gpg", "--verify", "FILE", "-", NULL};
-	char path[PATH_MAX], *eol;
+	char path[PATH_MAX];
 	size_t len;
 	int fd, ret;
 
@@ -37,11 +35,7 @@ static int run_gpg_verify(const char *buf, unsigned long size, int verbose)
 	close(fd);
 
 	/* find the length without signature */
-	len = 0;
-	while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
-		eol = memchr(buf + len, '\n', size - len);
-		len += eol ? eol - (buf + len) + 1 : size - len;
-	}
+	len = parse_signature(buf, size);
 	if (verbose)
 		write_in_full(1, buf, len);
 
diff --git a/tag.c b/tag.c
index 28641cf..d4f3080 100644
--- a/tag.c
+++ b/tag.c
@@ -4,6 +4,8 @@
 #include "tree.h"
 #include "blob.h"
 
+#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
+
 const char *tag_type = "tag";
 
 struct object *deref_tag(struct object *o, const char *warn, int warnlen)
@@ -133,3 +135,14 @@ int parse_tag(struct tag *item)
 	free(data);
 	return ret;
 }
+
+size_t parse_signature(const char *buf, unsigned long size)
+{
+	char *eol;
+	size_t len = 0;
+	while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
+		eol = memchr(buf + len, '\n', size - len);
+		len += eol ? eol - (buf + len) + 1 : size - len;
+	}
+	return len;
+}
diff --git a/tag.h b/tag.h
index 4766272..8522370 100644
--- a/tag.h
+++ b/tag.h
@@ -16,5 +16,6 @@ extern struct tag *lookup_tag(const unsigned char *sha1);
 extern int parse_tag_buffer(struct tag *item, void *data, unsigned long size);
 extern int parse_tag(struct tag *item);
 extern struct object *deref_tag(struct object *, const char *, int);
+extern size_t parse_signature(const char *buf, unsigned long size);
 
 #endif /* TAG_H */
-- 
1.7.3.2.193.g78bbb

[PATCHv2 3/5] tag: factor out sig detection for body edits

[Michael J Gruber]

Use the factored out code for sig detection when editing existing
tag bodies (tag -a -f without -m).

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 builtin/tag.c |   12 ++----------
 1 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/builtin/tag.c b/builtin/tag.c
index d311491..66feeb0 100644
--- a/builtin/tag.c
+++ b/builtin/tag.c
@@ -29,8 +29,6 @@ struct tag_filter {
 	struct commit_list *with_commit;
 };
 
-#define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
-
 static int show_reference(const char *refname, const unsigned char *sha1,
 			  int flag, void *cb_data)
 {
@@ -242,8 +240,7 @@ static void write_tag_body(int fd, const unsigned char *sha1)
 {
 	unsigned long size;
 	enum object_type type;
-	char *buf, *sp, *eob;
-	size_t len;
+	char *buf, *sp;
 
 	buf = read_sha1_file(sha1, &type, &size);
 	if (!buf)
@@ -256,12 +253,7 @@ static void write_tag_body(int fd, const unsigned char *sha1)
 		return;
 	}
 	sp += 2; /* skip the 2 LFs */
-	eob = strstr(sp, "\n" PGP_SIGNATURE "\n");
-	if (eob)
-		len = eob - sp;
-	else
-		len = buf + size - sp;
-	write_or_die(fd, sp, len);
+	write_or_die(fd, sp, parse_signature(sp, buf + size - sp));
 
 	free(buf);
 }
-- 
1.7.3.2.193.g78bbb

[PATCHv2 4/5] tag: factor out sig detection for tag display

[Michael J Gruber]

Use the factored out code for sig detection when displaying tags.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 builtin/tag.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/builtin/tag.c b/builtin/tag.c
index 66feeb0..617a58f 100644
--- a/builtin/tag.c
+++ b/builtin/tag.c
@@ -68,9 +68,9 @@ static int show_reference(const char *refname, const unsigned char *sha1,
 			return 0;
 		}
 		/* only take up to "lines" lines, and strip the signature */
+		size = parse_signature(buf, size);
 		for (i = 0, sp += 2;
-				i < filter->lines && sp < buf + size &&
-				prefixcmp(sp, PGP_SIGNATURE "\n");
+				i < filter->lines && sp < buf + size;
 				i++) {
 			if (i)
 				printf("\n    ");
-- 
1.7.3.2.193.g78bbb

[PATCHv2 5/5] tag: recognize rfc1991 signatures

[Michael J Gruber]

We have always been creating rfc1991 signatures for users with "rfc1991"
in their gpg config but failed to recognize them (tag -l -n largenumber)
and verify them (tag -v, verify-tag).

Make good use of the refactored signature detection and let us recognize
and verify those signatures also.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
---
 t/t7004-tag.sh |   12 ++++++------
 tag.c          |    4 +++-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index c7d49e1..6841c23 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -1048,19 +1048,19 @@ cp "$1" actual
 EOF
 chmod +x fakeeditor
 
-test_expect_failure GPG \
+test_expect_success GPG \
 	'reediting a signed tag body omits signature' '
 	echo "RFC1991 signed tag" >expect &&
 	GIT_EDITOR=./fakeeditor git tag -f -s rfc1991-signed-tag $commit &&
 	test_cmp expect actual
 '
 
-test_expect_failure GPG \
+test_expect_success GPG \
 	'verifying rfc1991 signature' '
 	git tag -v rfc1991-signed-tag
 '
 
-test_expect_failure GPG \
+test_expect_success GPG \
 	'list tag with rfc1991 signature' '
 	echo "rfc1991-signed-tag RFC1991 signed tag" >expect &&
 	git tag -l -n1 rfc1991-signed-tag >actual &&
@@ -1073,12 +1073,12 @@ test_expect_failure GPG \
 
 rm -f gpghome/gpg.conf
 
-test_expect_failure GPG \
+test_expect_success GPG \
 	'verifying rfc1991 signature without --rfc1991' '
 	git tag -v rfc1991-signed-tag
 '
 
-test_expect_failure GPG \
+test_expect_success GPG \
 	'list tag with rfc1991 signature without --rfc1991' '
 	echo "rfc1991-signed-tag RFC1991 signed tag" >expect &&
 	git tag -l -n1 rfc1991-signed-tag >actual &&
@@ -1089,7 +1089,7 @@ test_expect_failure GPG \
 	test_cmp expect actual
 '
 
-test_expect_failure GPG \
+test_expect_success GPG \
 	'reediting a signed tag body omits signature' '
 	echo "RFC1991 signed tag" >expect &&
 	GIT_EDITOR=./fakeeditor git tag -f -s rfc1991-signed-tag $commit &&
diff --git a/tag.c b/tag.c
index d4f3080..f789744 100644
--- a/tag.c
+++ b/tag.c
@@ -5,6 +5,7 @@
 #include "blob.h"
 
 #define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
+#define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----"
 
 const char *tag_type = "tag";
 
@@ -140,7 +141,8 @@ size_t parse_signature(const char *buf, unsigned long size)
 {
 	char *eol;
 	size_t len = 0;
-	while (len < size && prefixcmp(buf + len, PGP_SIGNATURE)) {
+	while (len < size && prefixcmp(buf + len, PGP_SIGNATURE) &&
+			prefixcmp(buf + len, PGP_MESSAGE)) {
 		eol = memchr(buf + len, '\n', size - len);
 		len += eol ? eol - (buf + len) + 1 : size - len;
 	}
-- 
1.7.3.2.193.g78bbb

Re: [PATCHv2 0/5] Handling of rfc1991 signatures

[Junio C Hamano]

Thanks, will queue.