global/git
1
0
Fork 0
mirror of https://github.com/git/git.git synced 2026-03-04 14:37:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'uk/signature-is-good-after-key-expires' into next

Browse Source 
A signature on a commit that was GPG signed long time ago ought to
be still valid after the key that was used to sign it has expired,
but we showed them in alarming red.

* uk/signature-is-good-after-key-expires:
  gpg-interface: signatures by expired keys are fine
This commit is contained in:
Junio C Hamano
2026-02-22 12:27:57 -08:00
parent 80178ecd0d 90695bbdae
commit 094113b392
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
gpg-interface.c
View File

@@ -382,7 +382,8 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc,
delete_tempfile(&temp);
ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ");
ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ") &&
!strstr(gpg_stdout.buf, "\n[GNUPG:] EXPKEYSIG ");
sigc->output = strbuf_detach(&gpg_stderr, NULL);
sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL);
@@ -680,7 +681,7 @@ int check_signature(struct signature_check *sigc,
if (status && !sigc->output)
return !!status;
status |= sigc->result != 'G';
status |= sigc->result != 'G' && sigc->result != 'Y';
status |= sigc->trust_level < configured_min_trust_level;
return !!status;