Mirror/Reticulum
1
0
Fork 0
mirror of https://github.com/markqvist/Reticulum.git synced 2026-06-08 22:21:54 -07:00
Code Issues Packages Projects Releases Wiki Activity

Added tag validation support

Browse Source
This commit is contained in:
Mark Qvist
2026-05-28 00:17:22 +02:00
parent afb984d3d4
commit 237eada209
1 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
RNS/Utilities/rngit/commitsigs.py
+23 -2
View File
@@ -227,23 +227,42 @@ def verify(args):
author = ""
for line in message_lines:
AUTHOR_TARGET = b"author "
if line.startswith(AUTHOR_TARGET):
if not line.strip(b""): break
elif line.startswith(AUTHOR_TARGET):
try:
spos = line.find(b"<"); epos = line.find(b">")
if spos > len(AUTHOR_TARGET) and epos > spos and epos < len(line)-1:
author = line[spos+1:epos].decode("utf-8")
break
except Exception as e: print(f"Error while determining author from signed commit"); return 1
committer = ""
for line in message_lines:
COMMITTER_TARGET = b"committer "
if line.startswith(COMMITTER_TARGET):
if not line.strip(b""): break
elif line.startswith(COMMITTER_TARGET):
try:
spos = line.find(b"<"); epos = line.find(b">")
if spos > len(COMMITTER_TARGET) and epos > spos and epos < len(line)-1:
committer = line[spos+1:epos].decode("utf-8")
break
except Exception as e: print(f"Error while determining committer from signed commit"); return 1
tagger = ""
is_tag = False
for line in message_lines:
TAG_TARGET = b"tag "
TAGGER_TARGET = b"tagger "
if not line.strip(b""): break
elif line.startswith(TAG_TARGET): is_tag = True
elif line.startswith(TAGGER_TARGET) and is_tag:
try:
spos = line.find(b"<"); epos = line.find(b">")
if spos > len(TAGGER_TARGET) and epos > spos and epos < len(line)-1:
tagger = line[spos+1:epos].decode("utf-8")
break
except Exception as e: print(f"Error while determining tagger from signed commit"); return 1
if ssh_sig["namespace"] != NAMESPACE_GIT: print(f"Invalid commit signature namespace", file=sys.stderr); return 1
rsg = ssh_sig["signature_data"]
@@ -251,6 +270,8 @@ def verify(args):
if not valid: print(f"Invalid signature", file=sys.stderr); return 1
if is_tag: author = tagger
signer_hash = RNS.hexrep(signing_identity.hash, delimit=False)
if not author == signer_hash: print(f"Commit not signed by author <{author}>"); return 1