summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorDave Borowitz <dborowitz@google.com>2015-08-19 15:26:46 (GMT)
committerJunio C Hamano <gitster@pobox.com>2015-08-19 19:58:45 (GMT)
commit30261094b1f7fdcba3b7a1f396e43891cd998149 (patch)
tree1ad9cc07d3c3dc5fb1a07c878be7f9b0fe2d4dde /Documentation
parent068c77a5189584de2a8d9c2ad29e2370159444ae (diff)
downloadgit-30261094b1f7fdcba3b7a1f396e43891cd998149.zip
git-30261094b1f7fdcba3b7a1f396e43891cd998149.tar.gz
git-30261094b1f7fdcba3b7a1f396e43891cd998149.tar.bz2
push: support signing pushes iff the server supports it
Add a new flag --sign=true (or --sign=false), which means the same thing as the original --signed (or --no-signed). Give it a third value --sign=if-asked to tell push and send-pack to send a push certificate if and only if the server advertised a push cert nonce. If not, warn the user that their push may not be as secure as they thought. Signed-off-by: Dave Borowitz <dborowitz@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/git-push.txt17
-rw-r--r--Documentation/git-send-pack.txt16
2 files changed, 20 insertions, 13 deletions
diff --git a/Documentation/git-push.txt b/Documentation/git-push.txt
index da0a98d..1495e34 100644
--- a/Documentation/git-push.txt
+++ b/Documentation/git-push.txt
@@ -11,7 +11,8 @@ SYNOPSIS
[verse]
'git push' [--all | --mirror | --tags] [--follow-tags] [--atomic] [-n | --dry-run] [--receive-pack=<git-receive-pack>]
[--repo=<repository>] [-f | --force] [--prune] [-v | --verbose]
- [-u | --set-upstream] [--signed]
+ [-u | --set-upstream]
+ [--[no-]signed|--sign=(true|false|if-asked)]
[--force-with-lease[=<refname>[:<expect>]]]
[--no-verify] [<repository> [<refspec>...]]
@@ -132,14 +133,16 @@ already exists on the remote side.
with configuration variable 'push.followTags'. For more
information, see 'push.followTags' in linkgit:git-config[1].
-
---signed::
+--[no-]signed::
+--sign=(true|false|if-asked)::
GPG-sign the push request to update refs on the receiving
side, to allow it to be checked by the hooks and/or be
- logged. See linkgit:git-receive-pack[1] for the details
- on the receiving end. If the attempt to sign with `gpg` fails,
- or if the server does not support signed pushes, the push will
- fail.
+ logged. If `false` or `--no-signed`, no signing will be
+ attempted. If `true` or `--signed`, the push will fail if the
+ server does not support signed pushes. If set to `if-asked`,
+ sign if and only if the server supports signed pushes. The push
+ will also fail if the actual call to `gpg --sign` fails. See
+ linkgit:git-receive-pack[1] for the details on the receiving end.
--[no-]atomic::
Use an atomic transaction on the remote side if available.
diff --git a/Documentation/git-send-pack.txt b/Documentation/git-send-pack.txt
index 0a0a3fb..6aa91e8 100644
--- a/Documentation/git-send-pack.txt
+++ b/Documentation/git-send-pack.txt
@@ -10,7 +10,8 @@ SYNOPSIS
--------
[verse]
'git send-pack' [--all] [--dry-run] [--force] [--receive-pack=<git-receive-pack>]
- [--verbose] [--thin] [--atomic] [--signed]
+ [--verbose] [--thin] [--atomic]
+ [--[no-]signed|--sign=(true|false|if-asked)]
[<host>:]<directory> [<ref>...]
DESCRIPTION
@@ -69,13 +70,16 @@ be in a separate packet, and the list must end with a flush packet.
fails to update then the entire push will fail without changing any
refs.
---signed::
+--[no-]signed::
+--sign=(true|false|if-asked)::
GPG-sign the push request to update refs on the receiving
side, to allow it to be checked by the hooks and/or be
- logged. See linkgit:git-receive-pack[1] for the details
- on the receiving end. If the attempt to sign with `gpg` fails,
- or if the server does not support signed pushes, the push will
- fail.
+ logged. If `false` or `--no-signed`, no signing will be
+ attempted. If `true` or `--signed`, the push will fail if the
+ server does not support signed pushes. If set to `if-asked`,
+ sign if and only if the server supports signed pushes. The push
+ will also fail if the actual call to `gpg --sign` fails. See
+ linkgit:git-receive-pack[1] for the details on the receiving end.
<host>::
A remote host to house the repository. When this