diff options
author | Dave Borowitz <dborowitz@google.com> | 2015-08-19 11:26:46 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2015-08-19 12:58:45 -0700 |
commit | 30261094b1f7fdcba3b7a1f396e43891cd998149 (patch) | |
tree | 1ad9cc07d3c3dc5fb1a07c878be7f9b0fe2d4dde /remote-curl.c | |
parent | 068c77a5189584de2a8d9c2ad29e2370159444ae (diff) | |
download | git-30261094b1f7fdcba3b7a1f396e43891cd998149.tar.gz |
push: support signing pushes iff the server supports it
Add a new flag --sign=true (or --sign=false), which means the same
thing as the original --signed (or --no-signed). Give it a third
value --sign=if-asked to tell push and send-pack to send a push
certificate if and only if the server advertised a push cert nonce.
If not, warn the user that their push may not be as secure as they
thought.
Signed-off-by: Dave Borowitz <dborowitz@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'remote-curl.c')
-rw-r--r-- | remote-curl.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/remote-curl.c b/remote-curl.c index af7b6786dc..71fbbb694f 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -11,6 +11,7 @@ #include "argv-array.h" #include "credential.h" #include "sha1-array.h" +#include "send-pack.h" static struct remote *remote; /* always ends with a trailing slash */ @@ -26,7 +27,8 @@ struct options { followtags : 1, dry_run : 1, thin : 1, - push_cert : 1; + /* One of the SEND_PACK_PUSH_CERT_* constants. */ + push_cert : 2; }; static struct options options; static struct string_list cas_options = STRING_LIST_INIT_DUP; @@ -109,9 +111,11 @@ static int set_option(const char *name, const char *value) return 0; } else if (!strcmp(name, "pushcert")) { if (!strcmp(value, "true")) - options.push_cert = 1; + options.push_cert = SEND_PACK_PUSH_CERT_ALWAYS; else if (!strcmp(value, "false")) - options.push_cert = 0; + options.push_cert = SEND_PACK_PUSH_CERT_NEVER; + else if (!strcmp(value, "if-asked")) + options.push_cert = SEND_PACK_PUSH_CERT_IF_ASKED; else return -1; return 0; @@ -880,8 +884,10 @@ static int push_git(struct discovery *heads, int nr_spec, char **specs) argv_array_push(&args, "--thin"); if (options.dry_run) argv_array_push(&args, "--dry-run"); - if (options.push_cert) - argv_array_push(&args, "--signed"); + if (options.push_cert == SEND_PACK_PUSH_CERT_ALWAYS) + argv_array_push(&args, "--signed=yes"); + else if (options.push_cert == SEND_PACK_PUSH_CERT_IF_ASKED) + argv_array_push(&args, "--signed=if-asked"); if (options.verbosity == 0) argv_array_push(&args, "--quiet"); else if (options.verbosity > 1) |