From b1eb679572a417de3b9ff63397885c7c5ce367b3 Mon Sep 17 00:00:00 2001
From: Karsten Blees <blees@dcon.de>
Date: Thu, 19 Mar 2015 16:33:44 +0100
Subject: [PATCH 1/4] mingw: Support `git_terminal_prompt` with more terminals

The `git_terminal_prompt()` function expects the terminal window to be
attached to a Win32 Console. However, this is not the case with terminal
windows other than `cmd.exe`'s, e.g. with MSys2's own `mintty`.

Non-cmd terminals such as `mintty` still have to have a Win32 Console
to be proper console programs, but have to hide the Win32 Console to
be able to provide more flexibility (such as being resizeable not only
vertically but also horizontally). By writing to that Win32 Console,
`git_terminal_prompt()` manages only to send the prompt to nowhere and
to wait for input from a Console to which the user has no access.

This commit introduces a function specifically to support `mintty` -- or
other terminals that are compatible with MSys2's `/dev/tty` emulation. We
use the `TERM` environment variable as an indicator for that: if the value
starts with "xterm" (such as `mintty`'s "xterm_256color"), we prefer to
let `xterm_prompt()` handle the user interaction.

The most prominent user of `git_terminal_prompt()` is certainly
`git-remote-https.exe`. It is an interesting use case because both
`stdin` and `stdout` are redirected when Git calls said executable, yet
it still wants to access the terminal.

When running inside a `mintty`, the terminal is not accessible to the
`git-remote-https.exe` program, though, because it is a MinGW program
and the `mintty` terminal is not backed by a Win32 console.

To solve that problem, we simply call out to the shell -- which is an
*MSys2* program and can therefore access `/dev/tty`.

Helped-by: nalla <nalla@hamal.uberspace.de>
Signed-off-by: Karsten Blees <blees@dcon.de>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 compat/terminal.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/compat/terminal.c b/compat/terminal.c
index d54efa1c5d..2a2611855b 100644
--- a/compat/terminal.c
+++ b/compat/terminal.c
@@ -419,6 +419,54 @@ static int getchar_with_timeout(int timeout)
 	return getchar();
 }
 
+static char *shell_prompt(const char *prompt, int echo)
+{
+	const char *read_input[] = {
+		/* Note: call 'bash' explicitly, as 'read -s' is bash-specific */
+		"bash", "-c", echo ?
+		"cat >/dev/tty && read -r line </dev/tty && echo \"$line\"" :
+		"cat >/dev/tty && read -r -s line </dev/tty && echo \"$line\" && echo >/dev/tty",
+		NULL
+	};
+	struct child_process child = CHILD_PROCESS_INIT;
+	static struct strbuf buffer = STRBUF_INIT;
+	int prompt_len = strlen(prompt), len = -1, code;
+
+	strvec_pushv(&child.args, read_input);
+	child.in = -1;
+	child.out = -1;
+
+	if (start_command(&child))
+		return NULL;
+
+	if (write_in_full(child.in, prompt, prompt_len) != prompt_len) {
+		error("could not write to prompt script");
+		close(child.in);
+		goto ret;
+	}
+	close(child.in);
+
+	strbuf_reset(&buffer);
+	len = strbuf_read(&buffer, child.out, 1024);
+	if (len < 0) {
+		error("could not read from prompt script");
+		goto ret;
+	}
+
+	strbuf_strip_suffix(&buffer, "\n");
+	strbuf_strip_suffix(&buffer, "\r");
+
+ret:
+	close(child.out);
+	code = finish_command(&child);
+	if (code) {
+		error("failed to execute prompt script (exit code %d)", code);
+		return NULL;
+	}
+
+	return len < 0 ? NULL : buffer.buf;
+}
+
 #endif
 
 #ifndef FORCE_TEXT
@@ -430,6 +478,12 @@ char *git_terminal_prompt(const char *prompt, int echo)
 	static struct strbuf buf = STRBUF_INIT;
 	int r;
 	FILE *input_fh, *output_fh;
+#ifdef GIT_WINDOWS_NATIVE
+	const char *term = getenv("TERM");
+
+	if (term && starts_with(term, "xterm"))
+		return shell_prompt(prompt, echo);
+#endif
 
 	input_fh = fopen(INPUT_PATH, "r" FORCE_TEXT);
 	if (!input_fh)

From 6e351ecd8ea938ce72a153744c5bc5785e72b336 Mon Sep 17 00:00:00 2001
From: Karsten Blees <blees@dcon.de>
Date: Sat, 9 May 2015 02:11:48 +0200
Subject: [PATCH 2/4] compat/terminal.c: only use the Windows console if bash
 'read -r' fails
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Accessing the Windows console through the special CONIN$ / CONOUT$ devices
doesn't work properly for non-ASCII usernames an passwords.

It also doesn't work for terminal emulators that hide the native console
window (such as mintty), and 'TERM=xterm*' is not necessarily a reliable
indicator for such terminals.

The new shell_prompt() function, on the other hand, works fine for both
MSys1 and MSys2, in native console windows as well as mintty, and properly
supports Unicode. It just needs bash on the path (for 'read -s', which is
bash-specific).

On Windows, try to use the shell to read from the terminal. If that fails
with ENOENT (i.e. bash was not found), use CONIN/OUT as fallback.

Note: To test this, create a UTF-8 credential file with non-ASCII chars,
e.g. in git-bash: 'echo url=http://täst.com > cred.txt'. Then in git-cmd,
'git credential fill <cred.txt' works (shell version), while calling git
without the git-wrapper (i.e. 'mingw64\bin\git credential fill <cred.txt')
mangles non-ASCII chars in both console output and input.

Signed-off-by: Karsten Blees <blees@dcon.de>
---
 compat/terminal.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/compat/terminal.c b/compat/terminal.c
index 2a2611855b..e8994aaf0e 100644
--- a/compat/terminal.c
+++ b/compat/terminal.c
@@ -435,6 +435,7 @@ static char *shell_prompt(const char *prompt, int echo)
 	strvec_pushv(&child.args, read_input);
 	child.in = -1;
 	child.out = -1;
+	child.silent_exec_failure = 1;
 
 	if (start_command(&child))
 		return NULL;
@@ -478,11 +479,14 @@ char *git_terminal_prompt(const char *prompt, int echo)
 	static struct strbuf buf = STRBUF_INIT;
 	int r;
 	FILE *input_fh, *output_fh;
-#ifdef GIT_WINDOWS_NATIVE
-	const char *term = getenv("TERM");
 
-	if (term && starts_with(term, "xterm"))
-		return shell_prompt(prompt, echo);
+#ifdef GIT_WINDOWS_NATIVE
+
+	/* try shell_prompt first, fall back to CONIN/OUT if bash is missing */
+	char *result = shell_prompt(prompt, echo);
+	if (result || errno != ENOENT)
+		return result;
+
 #endif
 
 	input_fh = fopen(INPUT_PATH, "r" FORCE_TEXT);

From 3dab29b4ae801f853be2f1761ca268f3be403888 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Fri, 23 Feb 2018 02:50:03 +0100
Subject: [PATCH 3/4] mingw (git_terminal_prompt): do fall back to
 CONIN$/CONOUT$ method

To support Git Bash running in a MinTTY, we use a dirty trick to access
the MSYS2 pseudo terminal: we execute a Bash snippet that accesses
/dev/tty.

The idea was to fall back to writing to/reading from CONOUT$/CONIN$ if
that Bash call failed because Bash was not found.

However, we should fall back even in other error conditions, because we
have not successfully read the user input. Let's make it so.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 compat/terminal.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compat/terminal.c b/compat/terminal.c
index e8994aaf0e..66bf4b55d0 100644
--- a/compat/terminal.c
+++ b/compat/terminal.c
@@ -484,7 +484,7 @@ char *git_terminal_prompt(const char *prompt, int echo)
 
 	/* try shell_prompt first, fall back to CONIN/OUT if bash is missing */
 	char *result = shell_prompt(prompt, echo);
-	if (result || errno != ENOENT)
+	if (result)
 		return result;
 
 #endif

From 08d520df739106c8007a279d0953d3c42d77309c Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Tue, 6 Sep 2016 09:50:33 +0200
Subject: [PATCH 4/4] Unbreak interactive GPG prompt upon signing

With the recent update in efee955 (gpg-interface: check gpg signature
creation status, 2016-06-17), we ask GPG to send all status updates to
stderr, and then catch the stderr in an strbuf.

But GPG might fail, and send error messages to stderr. And we simply
do not show them to the user.

Even worse: this swallows any interactive prompt for a passphrase. And
detaches stderr from the tty so that the passphrase cannot be read.

So while the first problem could be fixed (by printing the captured
stderr upon error), the second problem cannot be easily fixed, and
presents a major regression.

So let's just revert commit efee9553a4f97b2ecd8f49be19606dd4cf7d9c28.

This fixes https://github.com/git-for-windows/git/issues/871

Cc: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 gpg-interface.c | 21 +++------------------
 t/t7004-tag.sh  | 31 -------------------------------
 2 files changed, 3 insertions(+), 49 deletions(-)

diff --git a/gpg-interface.c b/gpg-interface.c
index 5c824aeb25..ffa3ce0787 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -972,12 +972,9 @@ static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
 	struct child_process gpg = CHILD_PROCESS_INIT;
 	int ret;
 	size_t bottom;
-	const char *cp;
-	struct strbuf gpg_status = STRBUF_INIT;
 
 	strvec_pushl(&gpg.args,
 		     use_format->program,
-		     "--status-fd=2",
 		     "-bsau", signing_key,
 		     NULL);
 
@@ -989,23 +986,11 @@ static int sign_buffer_gpg(struct strbuf *buffer, struct strbuf *signature,
 	 */
 	sigchain_push(SIGPIPE, SIG_IGN);
 	ret = pipe_command(&gpg, buffer->buf, buffer->len,
-			   signature, 1024, &gpg_status, 0);
+			   signature, 1024, NULL, 0);
 	sigchain_pop(SIGPIPE);
 
-	for (cp = gpg_status.buf;
-	     cp && (cp = strstr(cp, "[GNUPG:] SIG_CREATED "));
-	     cp++) {
-		if (cp == gpg_status.buf || cp[-1] == '\n')
-			break; /* found */
-	}
-	ret |= !cp;
-	if (ret) {
-		error(_("gpg failed to sign the data:\n%s"),
-		      gpg_status.len ? gpg_status.buf : "(no gpg output)");
-		strbuf_release(&gpg_status);
-		return -1;
-	}
-	strbuf_release(&gpg_status);
+	if (ret || signature->len == bottom)
+		return error(_("gpg failed to sign the data"));
 
 	/* Strip CR from the line endings, in case we are on Windows. */
 	remove_cr_after(signature, bottom);
diff --git a/t/t7004-tag.sh b/t/t7004-tag.sh
index fa6336edf9..e253b520f2 100755
--- a/t/t7004-tag.sh
+++ b/t/t7004-tag.sh
@@ -1517,30 +1517,6 @@ test_expect_success GPG \
 	'test_config user.signingkey BobTheMouse &&
 	test_must_fail git tag -s -m tail tag-gpg-failure'
 
-# try to produce invalid signature
-test_expect_success GPG \
-	'git tag -s fails if gpg is misconfigured (bad signature format)' \
-	'test_config gpg.program echo &&
-	 test_must_fail git tag -s -m tail tag-gpg-failure'
-
-# try to produce invalid signature
-test_expect_success GPG 'git verifies tag is valid with double signature' '
-	git tag -s -m tail tag-gpg-double-sig &&
-	git cat-file tag tag-gpg-double-sig >tag &&
-	othersigheader=$(test_oid othersigheader) &&
-	sed -ne "/^\$/q;p" tag >new-tag &&
-	cat <<-EOM >>new-tag &&
-	$othersigheader -----BEGIN PGP SIGNATURE-----
-	 someinvaliddata
-	 -----END PGP SIGNATURE-----
-	EOM
-	sed -e "1,/^tagger/d" tag >>new-tag &&
-	new_tag=$(git hash-object -t tag -w new-tag) &&
-	git update-ref refs/tags/tag-gpg-double-sig $new_tag &&
-	git verify-tag tag-gpg-double-sig &&
-	git fsck
-'
-
 # try to sign with bad user.signingkey
 test_expect_success GPGSM \
 	'git tag -s fails if gpgsm is misconfigured (bad key)' \
@@ -1548,13 +1524,6 @@ test_expect_success GPGSM \
 	 test_config gpg.format x509 &&
 	 test_must_fail git tag -s -m tail tag-gpg-failure'
 
-# try to produce invalid signature
-test_expect_success GPGSM \
-	'git tag -s fails if gpgsm is misconfigured (bad signature format)' \
-	'test_config gpg.x509.program echo &&
-	 test_config gpg.format x509 &&
-	 test_must_fail git tag -s -m tail tag-gpg-failure'
-
 # try to verify without gpg:
 
 rm -rf gpghome