global/git
1
0
Fork 0
mirror of https://github.com/git/git.git synced 2026-03-04 14:37:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'uk/signature-is-good-after-key-expires'

Browse Source 
A signature on a commit that was GPG signed long time ago ought to
be still valid after the key that was used to sign it has expired,
but we showed them in alarming red.

* uk/signature-is-good-after-key-expires:
  gpg-interface: signatures by expired keys are fine
This commit is contained in:
Junio C Hamano
2026-03-02 17:06:50 -08:00
parent 9eb5b3b999 90695bbdae
commit dbae219b22
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
gpg-interface.c
View File

@@ -382,7 +382,8 @@ static int verify_gpg_signed_buffer(struct signature_check *sigc,
delete_tempfile(&temp);
ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ");
ret |= !strstr(gpg_stdout.buf, "\n[GNUPG:] GOODSIG ") &&
!strstr(gpg_stdout.buf, "\n[GNUPG:] EXPKEYSIG ");
sigc->output = strbuf_detach(&gpg_stderr, NULL);
sigc->gpg_status = strbuf_detach(&gpg_stdout, NULL);
@@ -680,7 +681,7 @@ int check_signature(struct signature_check *sigc,
if (status && !sigc->output)
return !!status;
status |= sigc->result != 'G';
status |= sigc->result != 'G' && sigc->result != 'Y';
status |= sigc->trust_level < configured_min_trust_level;
return !!status;