git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: NSENGIYUMVA WILBERFORCE <nsengiyumvawilberforce@gmail.com>
To: Junio C Hamano <gitster@pobox.com>
Cc: nsengaw4c via GitGitGadget <gitgitgadget@gmail.com>, git@vger.kernel.org
Subject: Re: [PATCH] ref-filter: add new atom "signature" atom
Date: Sun, 8 Jan 2023 18:21:27 +0300	[thread overview]
Message-ID: <CA+PPyiH5ANyHw-RSzMK+RXxio8gYk2DybY=XnDBvfD1M9s6Mmw@mail.gmail.com> (raw)
In-Reply-To: <CA+PPyiGd0-AiwhPa5e+fDdA9RybS+c5XeOYm5yycCZco3VHAxg@mail.gmail.com>

> >> I am not sure I have understood this, which helper?
> >
> > I think Junio is talking about the following function:
> >
> > static enum signature_option parse_signature_option(const char *arg)
> >
> > he suggested above.
>
> Correct.
>
> > With this function the above code could be just something like:
> >
> > if (parse_signature_option(name) < 0)
> >                     continue;
>
> More or less so, but the first "if" in the helper I wrote in the
> message above is broken.  It should be
>
>          static enum signature_option parse_signature_option(const char *arg)
>          {
>                  if (!*arg)
>                          return S_BARE;
>                  else if (!strcmp(arg, "signer"))
>                          return S_SIGNER;
>                  ...
>                  else
>                          return -1;
>          }

This way, running git for-each-ref refs/heads/signature8
--format="%(signature)" raises a seg fault, I looked for the bug using
gdb when I check the contents of *arg like this:p *arg, I get this:
Cannot access memory at 0x0.

However, others like signature:key, signature:signer, etc are ok.
Leaving it as arg makes everything fine. So I decided to leave it as
you had suggested first.


I had actually forgotten to add the test for "%(signature)", so this
scenario reminded me to do so.


On Mon, Jan 2, 2023 at 7:47 AM NSENGIYUMVA WILBERFORCE
<nsengiyumvawilberforce@gmail.com> wrote:
>
> Hi
>>
>> > From: Nsengiyumva Wilberforce <nsengiyumvawilberforce@gmail.com>
>> >
>> > This only works for commits. Add "signature" atom with `grade`,
>> > `signer`, `key`, `fingerprint`, `primarykeyfingerprint`, `trustlevel`
>> > as arguments. This code and it's documentation are inspired by
>> > how the %GG, %G?, %GS, %GK, %GF, %GP, and %GT pretty formats were
>> > implemented.
>>
>> Lacking motivation.  Without explaining why somebody may want to
>> have the feature and what it would be used for, "only works for
>> commits" would invite a "so what?  does it even have to work?"  as a
>> response, so start with a brief descrioption "with the current set
>> of atoms, $this_useful_thing cannot easily be achieved" before
>> describing its limitation.
>
> Ok, I will edit the commit message. Thanks
>>
>> > diff --git a/Documentation/git-for-each-ref.txt b/Documentation/git-for-each-ref.txt
>> > index 6da899c6296..9a0be85368b 100644
>> > --- a/Documentation/git-for-each-ref.txt
>> > +++ b/Documentation/git-for-each-ref.txt
>> > @@ -212,6 +212,33 @@ symref::
>> >       `:lstrip` and `:rstrip` options in the same way as `refname`
>> >       above.
>> >
>> > +signature::
>> > +...
>> > +signature:trustlevel::
>> > +     The Trust level of the GPG signature of a commit. Possible
>> > +     outputs are `ultimate`, `fully`, `marginal`, `never` and `undefined`.
>>
>> A good list.  How do these work for signature made with a tool other
>> than GPG (in other words, when "gpg.format" is set to something
>> other than "openpgp")?
>
> You mean ssh and X509, right? honestly, I did not check the behavior. I am going to check
>
>> Having said that, wouldn't it be natural to expect that the same
>> code can deal with signed tags?  After all we use the same signature
>> verification machinery at the lowest level in the callchain.
>
> Very right, it works for signed tags too.
>
>>
>> Handing the !arg case first will make the if/else if/... cascade
>> easier to follow, no?  Also the body of the function may want to
>> become a separate function that returns one of these S_FOO constants.
>>
>>         static enum signatore_option signature_atom_parser(...)
>>         {
>>                 enum signature_option opt = parse_signature_option(arg);
>>                 if (opt < 0)
>>                         return strbuf_addf_ret(err, opt, _("unknown ..."), arg);
>>                 return opt;
>>         }
>>
>> where parse_signature_option() would look like
>>
>>         static enum signature_option parse_signature_option(const char *arg)
>>         {
>>                 if (!arg)
>>                         return S_BARE;
>>                 else if (!strcmp(arg, "signer"))
>>                         return S_SIGNER;
>>                 ...
>>                 else
>>                         return -1;
>>         }
>>
>> or something like that?
>
>  It makes more sense
>>
>> > +{
>> > +     int i;
>> > +     struct commit *commit = (struct commit *) obj;
>>
>> Style?  No SP between cast and value?
>
> ok, noted
>>
>> > +
>> > +     for (i = 0; i < used_atom_cnt; i++) {
>> > +             struct used_atom *atom = &used_atom[i];
>> > +             const char *name = atom->name;
>> > +             struct atom_value *v = &val[i];
>> > +             struct signature_check sigc = { 0 };
>> > +
>> > +             if (!!deref != (*name == '*'))
>> > +                     continue;
>> > +             if (deref)
>> > +                     name++;
>> > +             if (strcmp(name, "signature") &&
>> > +                     strcmp(name, "signature:signer") &&
>> > +                     strcmp(name, "signature:grade") &&
>> > +                     strcmp(name, "signature:key") &&
>> > +                     strcmp(name, "signature:fingerprint") &&
>> > +                     strcmp(name, "signature:primarykeyfingerprint") &&
>> > +                     strcmp(name, "signature:trustlevel"))
>> > +                     continue;
>>
>> And with the helper above, we can avoid the repetition here that can
>> go out of sync with the parser function.
>
> I am not sure I have understood this, which helper?
>
>> > +             check_commit_signature(commit, &sigc);
>>
>> If a format asks for signature:signer and signature:key, we
>> shouldn't be running GPG twice.  First check used_atom[] to see if
>> we even need to do _any_ signature processing (and leave if there is
>> not), populate the sigc just once and then enter the loop, perhaps?
>
> Yeah, I think it was not right calling check_commit_signature() in the loop. Populating sigc at once looks more good to me
>
>
>>
>>  In adddition, a call to check_commit_signature() should have a
>>
>> matching call to signature_check_clear(); otherwise all the
>>
>> resources held by sigc would leak, wouldn't it?
>
> Yeah, it would.
>
> On Mon, Dec 26, 2022 at 9:20 PM Junio C Hamano <gitster@pobox.com> wrote:
>>
>> "nsengaw4c via GitGitGadget" <gitgitgadget@gmail.com> writes:
>>
>> > From: Nsengiyumva Wilberforce <nsengiyumvawilberforce@gmail.com>
>> >
>> > This only works for commits. Add "signature" atom with `grade`,
>> > `signer`, `key`, `fingerprint`, `primarykeyfingerprint`, `trustlevel`
>> > as arguments. This code and it's documentation are inspired by
>> > how the %GG, %G?, %GS, %GK, %GF, %GP, and %GT pretty formats were
>> > implemented.
>>
>> Lacking motivation.  Without explaining why somebody may want to
>> have the feature and what it would be used for, "only works for
>> commits" would invite a "so what?  does it even have to work?"  as a
>> response, so start with a brief descrioption "with the current set
>> of atoms, $this_useful_thing cannot easily be achieved" before
>> describing its limitation.
>>
>> Having said that, wouldn't it be natural to expect that the same
>> code can deal with signed tags?  After all we use the same signature
>> verification machinery at the lowest level in the callchain.
>>
>> > diff --git a/Documentation/git-for-each-ref.txt b/Documentation/git-for-each-ref.txt
>> > index 6da899c6296..9a0be85368b 100644
>> > --- a/Documentation/git-for-each-ref.txt
>> > +++ b/Documentation/git-for-each-ref.txt
>> > @@ -212,6 +212,33 @@ symref::
>> >       `:lstrip` and `:rstrip` options in the same way as `refname`
>> >       above.
>> >
>> > +signature::
>> > +...
>> > +signature:trustlevel::
>> > +     The Trust level of the GPG signature of a commit. Possible
>> > +     outputs are `ultimate`, `fully`, `marginal`, `never` and `undefined`.
>>
>> A good list.  How do these work for signature made with a tool other
>> than GPG (in other words, when "gpg.format" is set to something
>> other than "openpgp")?
>>
>> > @@ -378,6 +383,30 @@ static int subject_atom_parser(struct ref_format *format, struct used_atom *atom
>> >       return 0;
>> >  }
>> >
>> > +static int signature_atom_parser(struct ref_format *format, struct used_atom *atom,
>> > +                            const char *arg, struct strbuf *err)
>> > +{
>> > +     if (arg) {
>> > +             if (!strcmp(arg, "signer"))
>> > +                     atom->u.signature.option = S_SIGNER;
>> > +             else if (!strcmp(arg, "grade"))
>> > +                     atom->u.signature.option = S_GRADE;
>> > +             else if (!strcmp(arg, "key"))
>> > +                     atom->u.signature.option = S_KEY;
>> > +             else if (!strcmp(arg, "fingerprint"))
>> > +                     atom->u.signature.option = S_FINGERPRINT;
>> > +             else if (!strcmp(arg, "primarykeyfingerprint"))
>> > +                     atom->u.signature.option = S_PRI_KEY_FP;
>> > +             else if (!strcmp(arg, "trustlevel"))
>> > +                     atom->u.signature.option = S_TRUST_LEVEL;
>> > +             else
>> > +                     return strbuf_addf_ret(err, -1, _("unknown %%(signature) argument: %s"), arg);
>> > +     }
>> > +     else
>> > +             atom->u.signature.option = S_BARE;
>> > +     return 0;
>> > +}
>>
>> Handing the !arg case first will make the if/else if/... cascade
>> easier to follow, no?  Also the body of the function may want to
>> become a separate function that returns one of these S_FOO constants.
>>
>>         static enum signatore_option signature_atom_parser(...)
>>         {
>>                 enum signature_option opt = parse_signature_option(arg);
>>                 if (opt < 0)
>>                         return strbuf_addf_ret(err, opt, _("unknown ..."), arg);
>>                 return opt;
>>         }
>>
>> where parse_signature_option() would look like
>>
>>         static enum signature_option parse_signature_option(const char *arg)
>>         {
>>                 if (!arg)
>>                         return S_BARE;
>>                 else if (!strcmp(arg, "signer"))
>>                         return S_SIGNER;
>>                 ...
>>                 else
>>                         return -1;
>>         }
>>
>> or something like that?
>>
>> > @@ -1344,6 +1374,69 @@ static void grab_person(const char *who, struct atom_value *val, int deref, void
>> >       }
>> >  }
>> >
>> > +static void grab_signature(struct atom_value *val, int deref, struct object *obj)
>>
>> To be considerate for future developers, perhaps rename this to
>> grab_commit_signature(), so that they can add grab_tag_signature()
>> when they lift the limitation of this implementaiton?
>>
>> > +{
>> > +     int i;
>> > +     struct commit *commit = (struct commit *) obj;
>>
>> Style?  No SP between cast and value?
>>
>> > +
>> > +     for (i = 0; i < used_atom_cnt; i++) {
>> > +             struct used_atom *atom = &used_atom[i];
>> > +             const char *name = atom->name;
>> > +             struct atom_value *v = &val[i];
>> > +             struct signature_check sigc = { 0 };
>> > +
>> > +             if (!!deref != (*name == '*'))
>> > +                     continue;
>> > +             if (deref)
>> > +                     name++;
>> > +             if (strcmp(name, "signature") &&
>> > +                     strcmp(name, "signature:signer") &&
>> > +                     strcmp(name, "signature:grade") &&
>> > +                     strcmp(name, "signature:key") &&
>> > +                     strcmp(name, "signature:fingerprint") &&
>> > +                     strcmp(name, "signature:primarykeyfingerprint") &&
>> > +                     strcmp(name, "signature:trustlevel"))
>> > +                     continue;
>>
>> And with the helper above, we can avoid the repetition here that can
>> go out of sync with the parser function.
>>
>> > +             check_commit_signature(commit, &sigc);
>>
>> If a format asks for signature:signer and signature:key, we
>> shouldn't be running GPG twice.  First check used_atom[] to see if
>> we even need to do _any_ signature processing (and leave if there is
>> not), populate the sigc just once and then enter the loop, perhaps?
>>
>> In adddition, a call to check_commit_signature() should have a
>> matching call to signature_check_clear(); otherwise all the
>> resources held by sigc would leak, wouldn't it?

  parent reply	other threads:[~2023-01-08 15:21 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-27  0:55 [PATCH] ref-filter: add new atom "signature" atom nsengaw4c via GitGitGadget
2022-12-27  2:20 ` Junio C Hamano
2023-01-02  4:49   ` NSENGIYUMVA WILBERFORCE
2023-01-02  8:37     ` Christian Couder
2023-01-03  0:58       ` Junio C Hamano
     [not found]   ` <CA+PPyiGd0-AiwhPa5e+fDdA9RybS+c5XeOYm5yycCZco3VHAxg@mail.gmail.com>
2023-01-08 15:21     ` NSENGIYUMVA WILBERFORCE [this message]
2022-12-27  6:11 ` Jeff King
2023-01-02  6:34   ` NSENGIYUMVA WILBERFORCE
2023-01-10  0:52 ` [PATCH v3 0/1] ref-filter: add new " Nsengiyumva Wilberforce
2023-01-10  0:52   ` [PATCH v3 1/1] " Nsengiyumva Wilberforce
2023-01-16 17:38     ` [PATCH v4 0/1] " Nsengiyumva Wilberforce
2023-01-16 17:38       ` [PATCH v4 1/1] " Nsengiyumva Wilberforce
2023-03-11 21:06         ` [PATCH v5 0/1] " Nsengiyumva Wilberforce
2023-03-11 21:06           ` [PATCH v5 1/1] " Nsengiyumva Wilberforce
2023-03-14 22:51             ` Junio C Hamano
2023-04-28 18:29             ` Kousik Sanagavarapu
2023-04-29 18:37               ` Kousik Sanagavarapu
2023-01-26 21:07       ` [PATCH v4 0/1] " Junio C Hamano
2023-01-10  9:13   ` [PATCH v3 " Christian Couder
  -- strict thread matches above, loose matches on Subject: below --
2023-01-09  9:02 [PATCH] ref-filter: add new atom " nsengaw4c via GitGitGadget
2023-01-09  9:45 ` Christian Couder
2023-01-09 12:59   ` NSENGIYUMVA WILBERFORCE

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CA+PPyiH5ANyHw-RSzMK+RXxio8gYk2DybY=XnDBvfD1M9s6Mmw@mail.gmail.com' \
    --to=nsengiyumvawilberforce@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=gitgitgadget@gmail.com \
    --cc=gitster@pobox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).