Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix empty message serialization #1441

Merged
merged 1 commit into from
Nov 16, 2024
Merged

Fix empty message serialization #1441

merged 1 commit into from
Nov 16, 2024

Conversation

castedo
Copy link
Contributor

@castedo castedo commented Nov 16, 2024

Fixes #1429, incorrect signature verification for commits with an empty message, as encoded by CGit.

@castedo castedo requested a review from jelmer as a code owner November 16, 2024 14:08
@castedo castedo marked this pull request as draft November 16, 2024 14:08
@castedo
Copy link
Contributor Author

castedo commented Nov 16, 2024

@jelmer I've made this a draft, because the change still seems terrifying to me. I haven't read and understood enough of the code to feel great about this change. I'm planning to read and understand some more of the code.

What do you think? You see any issues?

An addition improvement to consider is to strongly type the message attribute of commit to be a non-optional bytes string and only a string. In other words, it can not be None. I think the idea of a missing message in a commit is more error prone than a required message, but the message can be empty. But this re-typing of message in commit is probably not worth the time/effort.

@castedo castedo force-pushed the fix-empty-message-serialization branch 2 times, most recently from 95c545d to 95b2474 Compare November 16, 2024 14:55
@castedo
fix incorrect empty message commit serialization
6289902 
* Fixes incorrect signature verification for commits with an empty message,
  as encoded by CGit (jelmer#1429)
@castedo castedo force-pushed the fix-empty-message-serialization branch from 95b2474 to 6289902 Compare November 16, 2024 15:31
@jelmer
Copy link
Owner

jelmer commented Nov 16, 2024

@jelmer I've made this a draft, because the change still seems terrifying to me. I haven't read and understood enough of the code to feel great about this change. I'm planning to read and understand some more of the code.

What do you think? You see any issues?

An addition improvement to consider is to strongly type the message attribute of commit to be a non-optional bytes string and only a string. In other words, it can not be None. I think the idea of a missing message in a commit is more error prone than a required message, but the message can be empty. But this re-typing of message in commit is probably not worth the time/effort.

This looks correct to me; if you create a commit with an empty commit message in C git, you still end up with two newlines after the last header.

@castedo
Copy link
Contributor Author

castedo commented Nov 16, 2024

Reading the code, I'm seeing that this change is affecting a code path when a tag lacks a non-empty message and lacks a signature. So this code change is also going to cause an extra newline in a tag corner case.

I'm going peek at some more unit tests to see if they can help confirm that a new newline is appropriate in the tag case.

@castedo
Copy link
Contributor Author

castedo commented Nov 16, 2024

Doing git cat-file -p ... | xxd indicates that the logic is appropriate for tags too. When there is no message, cgit still places two newlines after the headers.

@castedo castedo marked this pull request as ready for review November 16, 2024 19:29
@castedo
Copy link
Contributor Author

castedo commented Nov 16, 2024

OK, i've looked over the code/tests, looked at git cat-file -d .. | xxd with some tags and commits with empty messages and this looks good to me. I give a 👍 to merge!

@jelmer jelmer merged commit 9a2d8e5 into jelmer:master Nov 16, 2024
24 checks passed
@jelmer
Copy link
Owner

jelmer commented Nov 16, 2024

Thanks for the careful checking!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jelmer jelmer Awaiting requested review from jelmer jelmer is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

GPG signature verification fails incorrectly for commits with empty message
2 participants
@castedo @jelmer