diff options
| author | Junio C Hamano <gitster@pobox.com> | 2014-10-08 13:05:15 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-10-08 13:05:25 -0700 |
| commit | fb06b5280ea05d75515fa780cf08d4ec9d6fe101 (patch) | |
| tree | 9d7c7032df370076149f31f3373e067b69248169 /remote-curl.c | |
| parent | 325602ce120e7bd7321b9ed409b49b48fd20888e (diff) | |
| parent | 6f5ef44e0d8933621fcd50127518557013002313 (diff) | |
| download | git-fb06b5280ea05d75515fa780cf08d4ec9d6fe101.tar.gz | |
Merge branch 'jc/push-cert'
Allow "git push" request to be signed, so that it can be verified and
audited, using the GPG signature of the person who pushed, that the
tips of branches at a public repository really point the commits
the pusher wanted to, without having to "trust" the server.
* jc/push-cert: (24 commits)
receive-pack::hmac_sha1(): copy the entire SHA-1 hash out
signed push: allow stale nonce in stateless mode
signed push: teach smart-HTTP to pass "git push --signed" around
signed push: fortify against replay attacks
signed push: add "pushee" header to push certificate
signed push: remove duplicated protocol info
send-pack: send feature request on push-cert packet
receive-pack: GPG-validate push certificates
push: the beginning of "git push --signed"
pack-protocol doc: typofix for PKT-LINE
gpg-interface: move parse_signature() to where it should be
gpg-interface: move parse_gpg_output() to where it should be
send-pack: clarify that cmds_sent is a boolean
send-pack: refactor inspecting and resetting status and sending commands
send-pack: rename "new_refs" to "need_pack_data"
receive-pack: factor out capability string generation
send-pack: factor out capability string generation
send-pack: always send capabilities
send-pack: refactor decision to send update per ref
send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher
...
Diffstat (limited to 'remote-curl.c')
| -rw-r--r-- | remote-curl.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/remote-curl.c b/remote-curl.c index cd626d15e5..dd63bc27ab 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -25,7 +25,8 @@ struct options { update_shallow : 1, followtags : 1, dry_run : 1, - thin : 1; + thin : 1, + push_cert : 1; }; static struct options options; static struct string_list cas_options = STRING_LIST_INIT_DUP; @@ -106,6 +107,14 @@ static int set_option(const char *name, const char *value) else return -1; return 0; + } else if (!strcmp(name, "pushcert")) { + if (!strcmp(value, "true")) + options.push_cert = 1; + else if (!strcmp(value, "false")) + options.push_cert = 0; + else + return -1; + return 0; } else { return 1 /* unsupported */; } @@ -872,6 +881,8 @@ static int push_git(struct discovery *heads, int nr_spec, char **specs) argv_array_push(&args, "--thin"); if (options.dry_run) argv_array_push(&args, "--dry-run"); + if (options.push_cert) + argv_array_push(&args, "--signed"); if (options.verbosity == 0) argv_array_push(&args, "--quiet"); else if (options.verbosity > 1) |