diff options
| -rw-r--r-- | builtin/send-pack.c | 4 | ||||
| -rw-r--r-- | remote-curl.c | 13 | ||||
| -rw-r--r-- | t/lib-httpd/apache.conf | 1 | ||||
| -rwxr-xr-x | t/t5541-http-push-smart.sh | 36 | ||||
| -rw-r--r-- | t/test-lib.sh | 3 | ||||
| -rw-r--r-- | transport-helper.c | 9 |
6 files changed, 63 insertions, 3 deletions
diff --git a/builtin/send-pack.c b/builtin/send-pack.c index f420b74665..ca28d8d248 100644 --- a/builtin/send-pack.c +++ b/builtin/send-pack.c @@ -153,6 +153,10 @@ int cmd_send_pack(int argc, const char **argv, const char *prefix) args.verbose = 1; continue; } + if (!strcmp(arg, "--signed")) { + args.push_cert = 1; + continue; + } if (!strcmp(arg, "--progress")) { progress = 1; continue; diff --git a/remote-curl.c b/remote-curl.c index 0fcf2ce5ff..1ea4e95d9a 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -25,7 +25,8 @@ struct options { update_shallow : 1, followtags : 1, dry_run : 1, - thin : 1; + thin : 1, + push_cert : 1; }; static struct options options; static struct string_list cas_options = STRING_LIST_INIT_DUP; @@ -106,6 +107,14 @@ static int set_option(const char *name, const char *value) else return -1; return 0; + } else if (!strcmp(name, "pushcert")) { + if (!strcmp(value, "true")) + options.push_cert = 1; + else if (!strcmp(value, "false")) + options.push_cert = 0; + else + return -1; + return 0; } else { return 1 /* unsupported */; } @@ -872,6 +881,8 @@ static int push_git(struct discovery *heads, int nr_spec, char **specs) argv_array_push(&args, "--thin"); if (options.dry_run) argv_array_push(&args, "--dry-run"); + if (options.push_cert) + argv_array_push(&args, "--signed"); if (options.verbosity == 0) argv_array_push(&args, "--quiet"); else if (options.verbosity > 1) diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index b384d79935..7713dd2609 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -68,6 +68,7 @@ LockFile accept.lock PassEnv GIT_VALGRIND PassEnv GIT_VALGRIND_OPTIONS +PassEnv GNUPGHOME Alias /dumb/ www/ Alias /auth/dumb/ www/auth/dumb/ diff --git a/t/t5541-http-push-smart.sh b/t/t5541-http-push-smart.sh index 73af16f481..24926a4a42 100755 --- a/t/t5541-http-push-smart.sh +++ b/t/t5541-http-push-smart.sh @@ -12,6 +12,7 @@ if test -n "$NO_CURL"; then fi ROOT_PATH="$PWD" +. "$TEST_DIRECTORY"/lib-gpg.sh . "$TEST_DIRECTORY"/lib-httpd.sh . "$TEST_DIRECTORY"/lib-terminal.sh start_httpd @@ -323,5 +324,40 @@ test_expect_success 'push into half-auth-complete requires password' ' test_cmp expect actual ' +test_expect_success GPG 'push with post-receive to inspect certificate' ' + ( + cd "$HTTPD_DOCUMENT_ROOT_PATH"/test_repo.git && + mkdir -p hooks && + write_script hooks/post-receive <<-\EOF && + # discard the update list + cat >/dev/null + # record the push certificate + if test -n "${GIT_PUSH_CERT-}" + then + git cat-file blob $GIT_PUSH_CERT >../push-cert + fi && + cat >../push-cert-status <<E_O_F + SIGNER=${GIT_PUSH_CERT_SIGNER-nobody} + KEY=${GIT_PUSH_CERT_KEY-nokey} + STATUS=${GIT_PUSH_CERT_STATUS-nostatus} + E_O_F + EOF + + git config receive.certnonceseed sekrit + ) && + cd "$ROOT_PATH/test_repo_clone" && + test_commit cert-test && + git push --signed "$HTTPD_URL/smart/test_repo.git" && + ( + cd "$HTTPD_DOCUMENT_ROOT_PATH" && + cat <<-\EOF + SIGNER=C O Mitter <committer@example.com> + KEY=13B6F51ECDDE430D + STATUS=G + EOF + ) >expect && + test_cmp expect "$HTTPD_DOCUMENT_ROOT_PATH/push-cert-status" +' + stop_httpd test_done diff --git a/t/test-lib.sh b/t/test-lib.sh index b1bc65bfb5..d5939b70f3 100644 --- a/t/test-lib.sh +++ b/t/test-lib.sh @@ -813,7 +813,8 @@ rm -fr "$TRASH_DIRECTORY" || { } HOME="$TRASH_DIRECTORY" -export HOME +GNUPGHOME="$HOME/gnupg-home-not-used" +export HOME GNUPGHOME if test -z "$TEST_NO_CREATE_REPO" then diff --git a/transport-helper.c b/transport-helper.c index 3d8fe7d801..4b1a26143a 100644 --- a/transport-helper.c +++ b/transport-helper.c @@ -259,7 +259,8 @@ static const char *unsupported_options[] = { static const char *boolean_options[] = { TRANS_OPT_THIN, TRANS_OPT_KEEP, - TRANS_OPT_FOLLOWTAGS + TRANS_OPT_FOLLOWTAGS, + TRANS_OPT_PUSH_CERT }; static int set_helper_option(struct transport *transport, @@ -835,6 +836,9 @@ static int push_refs_with_push(struct transport *transport, if (flags & TRANSPORT_PUSH_DRY_RUN) { if (set_helper_option(transport, "dry-run", "true") != 0) die("helper %s does not support dry-run", data->name); + } else if (flags & TRANSPORT_PUSH_CERT) { + if (set_helper_option(transport, TRANS_OPT_PUSH_CERT, "true") != 0) + die("helper %s does not support --signed", data->name); } strbuf_addch(&buf, '\n'); @@ -859,6 +863,9 @@ static int push_refs_with_export(struct transport *transport, if (flags & TRANSPORT_PUSH_DRY_RUN) { if (set_helper_option(transport, "dry-run", "true") != 0) die("helper %s does not support dry-run", data->name); + } else if (flags & TRANSPORT_PUSH_CERT) { + if (set_helper_option(transport, TRANS_OPT_PUSH_CERT, "true") != 0) + die("helper %s does not support dry-run", data->name); } if (flags & TRANSPORT_PUSH_FORCE) { |