diff options
| author | Junio C Hamano <gitster@pobox.com> | 2014-10-08 13:05:15 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-10-08 13:05:25 -0700 |
| commit | fb06b5280ea05d75515fa780cf08d4ec9d6fe101 (patch) | |
| tree | 9d7c7032df370076149f31f3373e067b69248169 /transport-helper.c | |
| parent | 325602ce120e7bd7321b9ed409b49b48fd20888e (diff) | |
| parent | 6f5ef44e0d8933621fcd50127518557013002313 (diff) | |
| download | git-fb06b5280ea05d75515fa780cf08d4ec9d6fe101.tar.gz | |
Merge branch 'jc/push-cert'
Allow "git push" request to be signed, so that it can be verified and
audited, using the GPG signature of the person who pushed, that the
tips of branches at a public repository really point the commits
the pusher wanted to, without having to "trust" the server.
* jc/push-cert: (24 commits)
receive-pack::hmac_sha1(): copy the entire SHA-1 hash out
signed push: allow stale nonce in stateless mode
signed push: teach smart-HTTP to pass "git push --signed" around
signed push: fortify against replay attacks
signed push: add "pushee" header to push certificate
signed push: remove duplicated protocol info
send-pack: send feature request on push-cert packet
receive-pack: GPG-validate push certificates
push: the beginning of "git push --signed"
pack-protocol doc: typofix for PKT-LINE
gpg-interface: move parse_signature() to where it should be
gpg-interface: move parse_gpg_output() to where it should be
send-pack: clarify that cmds_sent is a boolean
send-pack: refactor inspecting and resetting status and sending commands
send-pack: rename "new_refs" to "need_pack_data"
receive-pack: factor out capability string generation
send-pack: factor out capability string generation
send-pack: always send capabilities
send-pack: refactor decision to send update per ref
send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher
...
Diffstat (limited to 'transport-helper.c')
| -rw-r--r-- | transport-helper.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/transport-helper.c b/transport-helper.c index 080a7a6ae2..2b24d51a24 100644 --- a/transport-helper.c +++ b/transport-helper.c @@ -260,7 +260,8 @@ static const char *unsupported_options[] = { static const char *boolean_options[] = { TRANS_OPT_THIN, TRANS_OPT_KEEP, - TRANS_OPT_FOLLOWTAGS + TRANS_OPT_FOLLOWTAGS, + TRANS_OPT_PUSH_CERT }; static int set_helper_option(struct transport *transport, @@ -836,6 +837,9 @@ static int push_refs_with_push(struct transport *transport, if (flags & TRANSPORT_PUSH_DRY_RUN) { if (set_helper_option(transport, "dry-run", "true") != 0) die("helper %s does not support dry-run", data->name); + } else if (flags & TRANSPORT_PUSH_CERT) { + if (set_helper_option(transport, TRANS_OPT_PUSH_CERT, "true") != 0) + die("helper %s does not support --signed", data->name); } strbuf_addch(&buf, '\n'); @@ -860,6 +864,9 @@ static int push_refs_with_export(struct transport *transport, if (flags & TRANSPORT_PUSH_DRY_RUN) { if (set_helper_option(transport, "dry-run", "true") != 0) die("helper %s does not support dry-run", data->name); + } else if (flags & TRANSPORT_PUSH_CERT) { + if (set_helper_option(transport, TRANS_OPT_PUSH_CERT, "true") != 0) + die("helper %s does not support dry-run", data->name); } if (flags & TRANSPORT_PUSH_FORCE) { |