summaryrefslogtreecommitdiff
path: root/send-pack.c
diff options
context:
space:
mode:
authorDave Borowitz <dborowitz@google.com>2015-08-19 11:26:46 -0400
committerJunio C Hamano <gitster@pobox.com>2015-08-19 12:58:45 -0700
commit30261094b1f7fdcba3b7a1f396e43891cd998149 (patch)
tree1ad9cc07d3c3dc5fb1a07c878be7f9b0fe2d4dde /send-pack.c
parent068c77a5189584de2a8d9c2ad29e2370159444ae (diff)
downloadgit-30261094b1f7fdcba3b7a1f396e43891cd998149.tar.gz
push: support signing pushes iff the server supports it
Add a new flag --sign=true (or --sign=false), which means the same thing as the original --signed (or --no-signed). Give it a third value --sign=if-asked to tell push and send-pack to send a push certificate if and only if the server advertised a push cert nonce. If not, warn the user that their push may not be as secure as they thought. Signed-off-by: Dave Borowitz <dborowitz@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'send-pack.c')
-rw-r--r--send-pack.c43
1 files changed, 36 insertions, 7 deletions
diff --git a/send-pack.c b/send-pack.c
index 2e07ac3339..f5bc098b39 100644
--- a/send-pack.c
+++ b/send-pack.c
@@ -12,6 +12,29 @@
#include "version.h"
#include "sha1-array.h"
#include "gpg-interface.h"
+#include "cache.h"
+
+int option_parse_push_signed(const struct option *opt,
+ const char *arg, int unset)
+{
+ if (unset) {
+ *(int *)(opt->value) = SEND_PACK_PUSH_CERT_NEVER;
+ return 0;
+ }
+ switch (git_parse_maybe_bool(arg)) {
+ case 1:
+ *(int *)(opt->value) = SEND_PACK_PUSH_CERT_ALWAYS;
+ return 0;
+ case 0:
+ *(int *)(opt->value) = SEND_PACK_PUSH_CERT_NEVER;
+ return 0;
+ }
+ if (!strcasecmp("if-asked", arg)) {
+ *(int *)(opt->value) = SEND_PACK_PUSH_CERT_IF_ASKED;
+ return 0;
+ }
+ die("bad %s argument: %s", opt->long_name, arg);
+}
static int feed_object(const unsigned char *sha1, int fd, int negative)
{
@@ -370,14 +393,20 @@ int send_pack(struct send_pack_args *args,
args->use_thin_pack = 0;
if (server_supports("atomic"))
atomic_supported = 1;
- if (args->push_cert) {
- int len;
+ if (args->push_cert != SEND_PACK_PUSH_CERT_NEVER) {
+ int len;
push_cert_nonce = server_feature_value("push-cert", &len);
- if (!push_cert_nonce)
+ if (push_cert_nonce) {
+ reject_invalid_nonce(push_cert_nonce, len);
+ push_cert_nonce = xmemdupz(push_cert_nonce, len);
+ } else if (args->push_cert == SEND_PACK_PUSH_CERT_ALWAYS) {
die(_("the receiving end does not support --signed push"));
- reject_invalid_nonce(push_cert_nonce, len);
- push_cert_nonce = xmemdupz(push_cert_nonce, len);
+ } else if (args->push_cert == SEND_PACK_PUSH_CERT_IF_ASKED) {
+ warning(_("not sending a push certificate since the"
+ " receiving end does not support --signed"
+ " push"));
+ }
}
if (!remote_refs) {
@@ -413,7 +442,7 @@ int send_pack(struct send_pack_args *args,
if (!args->dry_run)
advertise_shallow_grafts_buf(&req_buf);
- if (!args->dry_run && args->push_cert)
+ if (!args->dry_run && push_cert_nonce)
cmds_sent = generate_push_cert(&req_buf, remote_refs, args,
cap_buf.buf, push_cert_nonce);
@@ -452,7 +481,7 @@ int send_pack(struct send_pack_args *args,
for (ref = remote_refs; ref; ref = ref->next) {
char *old_hex, *new_hex;
- if (args->dry_run || args->push_cert)
+ if (args->dry_run || push_cert_nonce)
continue;
if (check_to_send_update(ref, args) < 0)