summaryrefslogtreecommitdiff
path: root/remote-curl.c
diff options
context:
space:
mode:
authorDave Borowitz <dborowitz@google.com>2015-08-19 15:26:46 (GMT)
committerJunio C Hamano <gitster@pobox.com>2015-08-19 19:58:45 (GMT)
commit30261094b1f7fdcba3b7a1f396e43891cd998149 (patch)
tree1ad9cc07d3c3dc5fb1a07c878be7f9b0fe2d4dde /remote-curl.c
parent068c77a5189584de2a8d9c2ad29e2370159444ae (diff)
downloadgit-30261094b1f7fdcba3b7a1f396e43891cd998149.zip
git-30261094b1f7fdcba3b7a1f396e43891cd998149.tar.gz
git-30261094b1f7fdcba3b7a1f396e43891cd998149.tar.bz2
push: support signing pushes iff the server supports it
Add a new flag --sign=true (or --sign=false), which means the same thing as the original --signed (or --no-signed). Give it a third value --sign=if-asked to tell push and send-pack to send a push certificate if and only if the server advertised a push cert nonce. If not, warn the user that their push may not be as secure as they thought. Signed-off-by: Dave Borowitz <dborowitz@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'remote-curl.c')
-rw-r--r--remote-curl.c16
1 files changed, 11 insertions, 5 deletions
diff --git a/remote-curl.c b/remote-curl.c
index af7b678..71fbbb6 100644
--- a/remote-curl.c
+++ b/remote-curl.c
@@ -11,6 +11,7 @@
#include "argv-array.h"
#include "credential.h"
#include "sha1-array.h"
+#include "send-pack.h"
static struct remote *remote;
/* always ends with a trailing slash */
@@ -26,7 +27,8 @@ struct options {
followtags : 1,
dry_run : 1,
thin : 1,
- push_cert : 1;
+ /* One of the SEND_PACK_PUSH_CERT_* constants. */
+ push_cert : 2;
};
static struct options options;
static struct string_list cas_options = STRING_LIST_INIT_DUP;
@@ -109,9 +111,11 @@ static int set_option(const char *name, const char *value)
return 0;
} else if (!strcmp(name, "pushcert")) {
if (!strcmp(value, "true"))
- options.push_cert = 1;
+ options.push_cert = SEND_PACK_PUSH_CERT_ALWAYS;
else if (!strcmp(value, "false"))
- options.push_cert = 0;
+ options.push_cert = SEND_PACK_PUSH_CERT_NEVER;
+ else if (!strcmp(value, "if-asked"))
+ options.push_cert = SEND_PACK_PUSH_CERT_IF_ASKED;
else
return -1;
return 0;
@@ -880,8 +884,10 @@ static int push_git(struct discovery *heads, int nr_spec, char **specs)
argv_array_push(&args, "--thin");
if (options.dry_run)
argv_array_push(&args, "--dry-run");
- if (options.push_cert)
- argv_array_push(&args, "--signed");
+ if (options.push_cert == SEND_PACK_PUSH_CERT_ALWAYS)
+ argv_array_push(&args, "--signed=yes");
+ else if (options.push_cert == SEND_PACK_PUSH_CERT_IF_ASKED)
+ argv_array_push(&args, "--signed=if-asked");
if (options.verbosity == 0)
argv_array_push(&args, "--quiet");
else if (options.verbosity > 1)