summaryrefslogtreecommitdiff
path: root/src/Propellor/Git/VerifiedBranch.hs
diff options
context:
space:
mode:
authorJoey Hess2018-06-12 10:55:00 -0400
committerJoey Hess2018-06-12 10:55:00 -0400
commitd1164739fb1844dd9a5c4e57c76ce1cd2dbddebc (patch)
tree781c4133132251559bf7a647fd821f395f332e57 /src/Propellor/Git/VerifiedBranch.hs
parent70f318e44d12500c62dd1ad1164fbf7fd9ca8726 (diff)
parentdca1c56e612757c4bb306fb45675337dc52eb201 (diff)
Merge branch 'joeyconfig'
Diffstat (limited to 'src/Propellor/Git/VerifiedBranch.hs')
-rw-r--r--src/Propellor/Git/VerifiedBranch.hs9
1 files changed, 4 insertions, 5 deletions
diff --git a/src/Propellor/Git/VerifiedBranch.hs b/src/Propellor/Git/VerifiedBranch.hs
index df607bd2..61f5baa0 100644
--- a/src/Propellor/Git/VerifiedBranch.hs
+++ b/src/Propellor/Git/VerifiedBranch.hs
@@ -6,9 +6,8 @@ import Propellor.PrivData.Paths
import Utility.FileMode
{- To verify origin branch commit's signature, have to convince gpg
- - to use our keyring.
- - While running git log. Which has no way to pass options to gpg.
- - Argh!
+ - to use our keyring while running git verify-tag.
+ - Which has no way to pass options to gpg. Argh!
-}
verifyOriginBranch :: String -> IO Bool
verifyOriginBranch originbranch = do
@@ -20,12 +19,12 @@ verifyOriginBranch originbranch = do
]
-- gpg is picky about perms
modifyFileMode privDataDir (removeModes otherGroupModes)
- s <- readProcessEnv "git" ["log", "-n", "1", "--format=%G?", originbranch]
+ verified <- boolSystemEnv "git" [Param "verify-commit", Param originbranch]
(Just [("GNUPGHOME", privDataDir)])
nukeFile $ privDataDir </> "trustdb.gpg"
nukeFile $ privDataDir </> "pubring.gpg"
nukeFile $ privDataDir </> "gpg.conf"
- return (s == "U\n" || s == "G\n")
+ return verified
-- Returns True if HEAD is changed by fetching and merging from origin.
fetchOrigin :: IO Bool