1 year ago

#299421

test-img

Joker

How to verify good signature of a git signed tag without using command "git verify-tag"

I made a git signed tag, using this command: git tag -s <tag>

Is there another alternatives to check the signature of this tag without using the command: git verify-tag <tag> or git tag -v <tag>?

My tag is signed locally on a git local repository and then pushed to a remote git bare repository. In my use case, the verification of the signature shall be not done locally but by a hook on the server side during the push operation that can reject the tag if it is not signed. And git verify-tag <tag> does not return anything on the hook server side as the tag is not recognized and not yet created on the server side.

As for git commits verifications mentioned here https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work, is there another alternatives to verify git signature by using "git log" commands for example?

Thank you for your help.

------------------------------ UPDATE -----------------------------------

As @torek mentions belower in a comment, the tag name is not yet recognized by the server, so that is why I use the tag hash id instead of the tag name. One step made!

As I said upper, the verification of the signature is made on the server side through a hook written with C++. Thus, in my C++ code I use a generic c++ code to execute a command line and get its output.

Here is the code of the generic c++ exec function:

#include <iostream>
#include <stdexcept>
#include <stdio.h>
#include <string>

std::string exec(const char* cmd) {
    char buffer[128];
    std::string result = "";
    FILE* pipe = popen(cmd, "r");
    if (!pipe) throw std::runtime_error("popen() failed!");
    try {
        while (fgets(buffer, sizeof buffer, pipe) != NULL) {
            result += buffer;
        }
    } catch (...) {
        pclose(pipe);
        throw;
    }
    pclose(pipe);
    return result;
}

This exec function works for another commands. But for unknown reason, my command "git verify-tag <tag_hash>" does not return anything in the returned string of the function (same thing if using the command 'git verify-commit <commit_hash>'). So I cannot in my C++ code, parse the output of the command.

But the output strangely appears in the command line window, where the tag push command is executed.

Any ideas on the problems? Is my exec function asynchrone?

--------------SOLUTION-----------------------------------

Strangely, the command git verify-tag <tag> does not print the output to the standard 'stdout' but to the 'stderr' output.

So my issue is resolved by redirecting the 'stderr' output to the 'stdout' with the command git verify-tag <tag> 2>&1 instead of git verify-tag <tag>

c++

git

git-tag

gpg-signature

git-sign

0 Answers

Your Answer

Accepted video resources