diff options
Diffstat (limited to 'builtin')
-rw-r--r-- | builtin/push.c | 1 | ||||
-rw-r--r-- | builtin/receive-pack.c | 52 |
2 files changed, 53 insertions, 0 deletions
diff --git a/builtin/push.c b/builtin/push.c index f50e3d5e77..ae56f73a66 100644 --- a/builtin/push.c +++ b/builtin/push.c @@ -506,6 +506,7 @@ int cmd_push(int argc, const char **argv, const char *prefix) OPT_BIT(0, "no-verify", &flags, N_("bypass pre-push hook"), TRANSPORT_PUSH_NO_HOOK), OPT_BIT(0, "follow-tags", &flags, N_("push missing but relevant tags"), TRANSPORT_PUSH_FOLLOW_TAGS), + OPT_BIT(0, "signed", &flags, N_("GPG sign the push"), TRANSPORT_PUSH_CERT), OPT_END() }; diff --git a/builtin/receive-pack.c b/builtin/receive-pack.c index cbbad5488a..610b085e3d 100644 --- a/builtin/receive-pack.c +++ b/builtin/receive-pack.c @@ -46,6 +46,9 @@ static void *head_name_to_free; static int sent_capabilities; static int shallow_update; static const char *alt_shallow_file; +static int accept_push_cert = 1; +static struct strbuf push_cert = STRBUF_INIT; +static unsigned char push_cert_sha1[20]; static enum deny_action parse_deny_action(const char *var, const char *value) { @@ -129,6 +132,11 @@ static int receive_pack_config(const char *var, const char *value, void *cb) return 0; } + if (strcmp(var, "receive.acceptpushcert") == 0) { + accept_push_cert = git_config_bool(var, value); + return 0; + } + return git_default_config(var, value, cb); } @@ -146,6 +154,8 @@ static void show_ref(const char *path, const unsigned char *sha1) "report-status delete-refs side-band-64k quiet"); if (prefer_ofs_delta) strbuf_addstr(&cap, " ofs-delta"); + if (accept_push_cert) + strbuf_addstr(&cap, " push-cert"); strbuf_addf(&cap, " agent=%s", git_user_agent_sanitized()); packet_write(1, "%s %s%c%s\n", sha1_to_hex(sha1), path, 0, cap.buf); @@ -258,6 +268,25 @@ static int copy_to_sideband(int in, int out, void *arg) return 0; } +static void prepare_push_cert_sha1(struct child_process *proc) +{ + static int already_done; + struct argv_array env = ARGV_ARRAY_INIT; + + if (!push_cert.len) + return; + + if (!already_done) { + already_done = 1; + if (write_sha1_file(push_cert.buf, push_cert.len, "blob", push_cert_sha1)) + hashclr(push_cert_sha1); + } + if (!is_null_sha1(push_cert_sha1)) { + argv_array_pushf(&env, "GIT_PUSH_CERT=%s", sha1_to_hex(push_cert_sha1)); + proc->env = env.argv; + } +} + typedef int (*feed_fn)(void *, const char **, size_t *); static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_state) { @@ -277,6 +306,8 @@ static int run_and_feed_hook(const char *hook_name, feed_fn feed, void *feed_sta proc.in = -1; proc.stdout_to_stderr = 1; + prepare_push_cert_sha1(&proc); + if (use_sideband) { memset(&muxer, 0, sizeof(muxer)); muxer.proc = copy_to_sideband; @@ -896,6 +927,27 @@ static struct command *read_head_info(struct sha1_array *shallow) quiet = 1; } + if (!strcmp(line, "push-cert")) { + int true_flush = 0; + char certbuf[1024]; + + for (;;) { + len = packet_read(0, NULL, NULL, + certbuf, sizeof(certbuf), 0); + if (!len) { + true_flush = 1; + break; + } + if (!strcmp(certbuf, "push-cert-end\n")) + break; /* end of cert */ + strbuf_addstr(&push_cert, certbuf); + } + + if (true_flush) + break; + continue; + } + p = queue_command(p, line, linelen); } return commands; |