add Tag.raw_without_sig method and unittest

dulwich/objects.py

@@ -917,6 +917,16 @@ class Tag(ShaFile):
                     self.as_raw_string(), mode=gpg.constants.sig.mode.DETACH
                 )
 
+    def raw_without_sig(self) -> bytes:
+        """Return raw string serialization without the GPG/SSH signature.
+
+        self.signature is a signature for the returned raw byte string serialization.
+        """
+        ret = self.as_raw_string()
+        if self._signature:
+            ret = ret[: -len(self._signature)]
+        return ret
+
     def verify(self, keyids: Optional[Iterable[str]] = None) -> None:
         """Verify GPG signature for this tag (if it is signed).
 
@@ -938,7 +948,7 @@ class Tag(ShaFile):
 
         with gpg.Context() as ctx:
             data, result = ctx.verify(
-                self.as_raw_string()[: -len(self._signature)],
+                self.raw_without_sig(),
                 signature=self._signature,
             )
             if keyids:

tests/test_objects.py

@@ -218,6 +218,7 @@ class BlobReadTests(TestCase):
             b"=ql7y\n"
             b"-----END PGP SIGNATURE-----\n",
         )
+        self.assertEqual(t.raw_without_sig() + t.signature, bytes(t))
 
     def test_read_commit_from_file(self) -> None:
         sha = b"60dacdc733de308bb77bb76ce0fb0f9b44c9769e"
@@ -1238,6 +1239,23 @@ class TagParseTests(ShaFileCheckTests):
         self.assertNotIn(shas[0], shas[1:])
         self.assertEqual(shas[1], shas[2])
 
+    def test_tag_withough_sig(self) -> None:
+        x = Tag()
+        x.set_raw_string(self.make_tag_text())
+        self.assertEqual(bytes(x), x.raw_without_sig() + x.signature)
+        self.assertEqual(
+            b"""\
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (GNU/Linux)
+
+iD8DBQBGiAaAF3YsRnbiHLsRAitMAKCiLboJkQECM/jpYsY3WPfvUgLXkACgg3ql
+OK2XeQOiEeXtT76rV4t2WR4=
+=ivrA
+-----END PGP SIGNATURE-----
+""",
+            x.signature,
+        )
+
 
 class CheckTests(TestCase):
     def test_check_hexsha(self) -> None: