diff options
| author | Junio C Hamano <gitster@pobox.com> | 2014-10-08 13:05:15 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-10-08 13:05:25 -0700 |
| commit | fb06b5280ea05d75515fa780cf08d4ec9d6fe101 (patch) | |
| tree | 9d7c7032df370076149f31f3373e067b69248169 /commit.c | |
| parent | 325602ce120e7bd7321b9ed409b49b48fd20888e (diff) | |
| parent | 6f5ef44e0d8933621fcd50127518557013002313 (diff) | |
| download | git-fb06b5280ea05d75515fa780cf08d4ec9d6fe101.tar.gz git-fb06b5280ea05d75515fa780cf08d4ec9d6fe101.tar.xz | |
Merge branch 'jc/push-cert'
Allow "git push" request to be signed, so that it can be verified and
audited, using the GPG signature of the person who pushed, that the
tips of branches at a public repository really point the commits
the pusher wanted to, without having to "trust" the server.
* jc/push-cert: (24 commits)
receive-pack::hmac_sha1(): copy the entire SHA-1 hash out
signed push: allow stale nonce in stateless mode
signed push: teach smart-HTTP to pass "git push --signed" around
signed push: fortify against replay attacks
signed push: add "pushee" header to push certificate
signed push: remove duplicated protocol info
send-pack: send feature request on push-cert packet
receive-pack: GPG-validate push certificates
push: the beginning of "git push --signed"
pack-protocol doc: typofix for PKT-LINE
gpg-interface: move parse_signature() to where it should be
gpg-interface: move parse_gpg_output() to where it should be
send-pack: clarify that cmds_sent is a boolean
send-pack: refactor inspecting and resetting status and sending commands
send-pack: rename "new_refs" to "need_pack_data"
receive-pack: factor out capability string generation
send-pack: factor out capability string generation
send-pack: always send capabilities
send-pack: refactor decision to send update per ref
send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher
...
Diffstat (limited to 'commit.c')
| -rw-r--r-- | commit.c | 36 |
1 files changed, 0 insertions, 36 deletions
@@ -1214,42 +1214,6 @@ free_return: free(buf); } -static struct { - char result; - const char *check; -} sigcheck_gpg_status[] = { - { 'G', "\n[GNUPG:] GOODSIG " }, - { 'B', "\n[GNUPG:] BADSIG " }, - { 'U', "\n[GNUPG:] TRUST_NEVER" }, - { 'U', "\n[GNUPG:] TRUST_UNDEFINED" }, -}; - -static void parse_gpg_output(struct signature_check *sigc) -{ - const char *buf = sigc->gpg_status; - int i; - - /* Iterate over all search strings */ - for (i = 0; i < ARRAY_SIZE(sigcheck_gpg_status); i++) { - const char *found, *next; - - if (!skip_prefix(buf, sigcheck_gpg_status[i].check + 1, &found)) { - found = strstr(buf, sigcheck_gpg_status[i].check); - if (!found) - continue; - found += strlen(sigcheck_gpg_status[i].check); - } - sigc->result = sigcheck_gpg_status[i].result; - /* The trust messages are not followed by key/signer information */ - if (sigc->result != 'U') { - sigc->key = xmemdupz(found, 16); - found += 17; - next = strchrnul(found, '\n'); - sigc->signer = xmemdupz(found, next - found); - } - } -} - void check_commit_signature(const struct commit *commit, struct signature_check *sigc) { struct strbuf payload = STRBUF_INIT; |