summaryrefslogtreecommitdiff
path: root/Documentation/git-push.txt
diff options
context:
space:
mode:
authorDave Borowitz <dborowitz@google.com>2015-08-19 11:26:46 -0400
committerJunio C Hamano <gitster@pobox.com>2015-08-19 12:58:45 -0700
commit30261094b1f7fdcba3b7a1f396e43891cd998149 (patch)
tree1ad9cc07d3c3dc5fb1a07c878be7f9b0fe2d4dde /Documentation/git-push.txt
parent068c77a5189584de2a8d9c2ad29e2370159444ae (diff)
downloadgit-30261094b1f7fdcba3b7a1f396e43891cd998149.tar.gz
push: support signing pushes iff the server supports it
Add a new flag --sign=true (or --sign=false), which means the same thing as the original --signed (or --no-signed). Give it a third value --sign=if-asked to tell push and send-pack to send a push certificate if and only if the server advertised a push cert nonce. If not, warn the user that their push may not be as secure as they thought. Signed-off-by: Dave Borowitz <dborowitz@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation/git-push.txt')
-rw-r--r--Documentation/git-push.txt17
1 files changed, 10 insertions, 7 deletions
diff --git a/Documentation/git-push.txt b/Documentation/git-push.txt
index da0a98d58c..1495e3416c 100644
--- a/Documentation/git-push.txt
+++ b/Documentation/git-push.txt
@@ -11,7 +11,8 @@ SYNOPSIS
[verse]
'git push' [--all | --mirror | --tags] [--follow-tags] [--atomic] [-n | --dry-run] [--receive-pack=<git-receive-pack>]
[--repo=<repository>] [-f | --force] [--prune] [-v | --verbose]
- [-u | --set-upstream] [--signed]
+ [-u | --set-upstream]
+ [--[no-]signed|--sign=(true|false|if-asked)]
[--force-with-lease[=<refname>[:<expect>]]]
[--no-verify] [<repository> [<refspec>...]]
@@ -132,14 +133,16 @@ already exists on the remote side.
with configuration variable 'push.followTags'. For more
information, see 'push.followTags' in linkgit:git-config[1].
-
---signed::
+--[no-]signed::
+--sign=(true|false|if-asked)::
GPG-sign the push request to update refs on the receiving
side, to allow it to be checked by the hooks and/or be
- logged. See linkgit:git-receive-pack[1] for the details
- on the receiving end. If the attempt to sign with `gpg` fails,
- or if the server does not support signed pushes, the push will
- fail.
+ logged. If `false` or `--no-signed`, no signing will be
+ attempted. If `true` or `--signed`, the push will fail if the
+ server does not support signed pushes. If set to `if-asked`,
+ sign if and only if the server supports signed pushes. The push
+ will also fail if the actual call to `gpg --sign` fails. See
+ linkgit:git-receive-pack[1] for the details on the receiving end.
--[no-]atomic::
Use an atomic transaction on the remote side if available.