Add time-stamping functionality to git verify-tag

This commit introduces command line options for git verify-tag to allow
verification of RFC3161 time-stamped tags.

To keep consistent with the current behavior of verifying gpg signatures, the
return value of `git verify-tag` still indicates only the success of gpg
signature verification by default. To influence this behavior, the configuration
variable `ts.failonverify` is introduced.

ts.failonverify set to 0: use default behavior
	Return 1 if gpg verification failed or no signature was found
	Return 0 on success.

If config variable ts.failonverify is set, the return value includes the status
of time-stamp verification in the second lowest bit. Possible return values are:
	0 - both gpg and time stamp verification succeeded
	1 - gpg failed, time stamp succeeded
	2 - gpg succeeded, time stamp failed
	3 - both gpg and time stamp verification failed

Command line parameters `-s` or `-t` override the configuration
variable mentioned above.

Signed-off-by: Anton Würfel <anton.wuerfel@fau.de>
Signed-off-by: Phillip Raffeck <phillip.raffeck@fau.de>

builtin/verify-tag.c

@@ -12,9 +12,15 @@
 #include <signal.h>
 #include "parse-options.h"
 #include "gpg-interface.h"
+#include "rfc3161.h"
+
+#define GPG_VERIFY_RET 4
+#define TS_VERIFY_RET 8
+
+static const char *config_key_verify_ts = "ts.failonverify";
 
 static const char * const verify_tag_usage[] = {
-		N_("git verify-tag [-v | --verbose] <tag>..."),
+		N_("git verify-tag [-s | --signature] [-t | --timestamp] [-v | --verbose] [--raw] <tag>..."),
 		NULL
 };
 
@@ -31,7 +37,8 @@ static int run_gpg_verify(const char *buf, unsigned long size, unsigned flags)
 	if (size == len) {
 		if (flags & GPG_VERIFY_VERBOSE)
 			write_in_full(1, buf, len);
-		return error("no signature found");
+		printf("pgp: no signature found\n");
+		return 1;
 	}
 
 	ret = check_signature(buf, len, buf + len, size - len, &sigc);
@@ -47,7 +54,12 @@ static int verify_tag(const char *name, unsigned flags)
 	unsigned char sha1[20];
 	char *buf;
 	unsigned long size;
-	int ret;
+	int gpg_had_error = 0;
+	int ret = 0;
+	int config_failonverify = 0;
+	int ts_had_error = 0;
+
+	git_config_get_bool(config_key_verify_ts, &config_failonverify);
 
 	if (get_sha1(name, sha1))
 		return error("tag '%s' not found.", name);
@@ -61,9 +73,48 @@ static int verify_tag(const char *name, unsigned flags)
 	if (!buf)
 		return error("%s: unable to read file.", name);
 
-	ret = run_gpg_verify(buf, size, flags);
+	if (run_gpg_verify(buf, size, flags))
+		gpg_had_error = 1;
+
+#if defined(NO_CURL) || defined(NO_OPENSSL)
+	fputs("git has been compiled without RFC3161 time-stamp support. "
+	      "NO_CURL and NO_OPENSSL must not be defined", stderr);
+#else
+	if (verify_time_signature(buf, size))
+		ts_had_error = 1;
+#endif
 
 	free(buf);
+
+	/*
+	 * If the config variable ts.failonverify is not set, behave like older
+	 * versions of git verify-tag:
+	 * Return 1 if gpg verification failed or no signature was found
+	 * Return 0 on success.
+	 *
+	 * If the config variable ts.failonverify is set and neither -s nor -t
+	 * are set as command line parameters, the return value includes the
+	 * status of time-stamp verification in the second lowest bit. Possible
+	 * return values are:
+	 * 0 - both gpg and time stamp verification succeeded
+	 * 1 - gpg failed, time stamp succeeded
+	 * 2 - gpg succeeded, time stamp failed
+	 * 3 - both gpg and time stamp verification failed
+	 *
+	 * Command line parameters `-s` or `-t` override the configuration
+	 * variable mentioned above.
+	 */
+	if (flags & (GPG_VERIFY_RET | TS_VERIFY_RET)) {
+		if (flags & GPG_VERIFY_RET)
+			ret = gpg_had_error;
+		if (flags & TS_VERIFY_RET)
+			ret |= (ts_had_error << 1);
+	} else {
+		ret = gpg_had_error;
+
+		if (config_failonverify)
+			ret |= (ts_had_error << 1);
+	}
 	return ret;
 }
 
@@ -82,6 +133,8 @@ int cmd_verify_tag(int argc, const char **argv, const char *prefix)
 	const struct option verify_tag_options[] = {
 		OPT__VERBOSE(&verbose, N_("print tag contents")),
 		OPT_BIT(0, "raw", &flags, N_("print raw gpg status output"), GPG_VERIFY_RAW),
+		OPT_BIT('s', "signature", &flags, N_("report return value of gpg signature"), GPG_VERIFY_RET),
+		OPT_BIT('t', "timestamp", &flags, N_("report return value of time-stamp signature"), TS_VERIFY_RET),
 		OPT_END()
 	};