path: root/Documentation/technical/pack-protocol.txt
diff options
authorJunio C Hamano <>2014-08-23 01:15:24 (GMT)
committerJunio C Hamano <>2014-09-15 20:23:28 (GMT)
commit9be89160e7382a88e56a02bcf38f4694dd6542d6 (patch)
treed321807664e8398eb5c99c1dc7a08cccdfd82c77 /Documentation/technical/pack-protocol.txt
parent4adf569dea052dac88121d822e11c249986b3398 (diff)
signed push: add "pushee" header to push certificate
Record the URL of the intended recipient for a push (after anonymizing it if it has authentication material) on a new "pushee URL" header. Because the networking configuration (SSH-tunnels, proxies, etc.) on the pushing user's side varies, the receiving repository may not know the single canonical URL all the pushing users would refer it as (besides, many sites allow pushing over ssh://host/path and https://host/path protocols to the same repository but with different local part of the path). So this value may not be reliably used for replay-attack prevention purposes, but this will still serve as a human readable hint to identify the repository the certificate refers to. Signed-off-by: Junio C Hamano <>
Diffstat (limited to 'Documentation/technical/pack-protocol.txt')
1 files changed, 6 insertions, 0 deletions
diff --git a/Documentation/technical/pack-protocol.txt b/Documentation/technical/pack-protocol.txt
index 4a5c2e8..7b543dc 100644
--- a/Documentation/technical/pack-protocol.txt
+++ b/Documentation/technical/pack-protocol.txt
@@ -484,6 +484,7 @@ references.
push-cert = PKT-LINE("push-cert" NUL capability-list LF)
PKT-LINE("certificate version 0.1" LF)
PKT-LINE("pusher" SP ident LF)
+ PKT-LINE("pushee" SP url LF)
*PKT-LINE(command LF)
*PKT-LINE(gpg-signature-lines LF)
@@ -527,6 +528,11 @@ Currently, the following header fields are defined:
Identify the GPG key in "Human Readable Name <email@address>"
+`pushee` url::
+ The repository URL (anonymized, if the URL contains
+ authentication material) the user who ran `git push`
+ intended to push into.
The GPG signature lines are a detached signature for the contents
recorded in the push certificate before the signature block begins.
The detached signature is used to certify that the commands were