diff options
author | Dave Borowitz <dborowitz@google.com> | 2015-08-19 11:26:46 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2015-08-19 12:58:45 -0700 |
commit | 30261094b1f7fdcba3b7a1f396e43891cd998149 (patch) | |
tree | 1ad9cc07d3c3dc5fb1a07c878be7f9b0fe2d4dde /transport-helper.c | |
parent | 068c77a5189584de2a8d9c2ad29e2370159444ae (diff) | |
download | git-30261094b1f7fdcba3b7a1f396e43891cd998149.tar.gz git-30261094b1f7fdcba3b7a1f396e43891cd998149.tar.xz |
push: support signing pushes iff the server supports it
Add a new flag --sign=true (or --sign=false), which means the same
thing as the original --signed (or --no-signed). Give it a third
value --sign=if-asked to tell push and send-pack to send a push
certificate if and only if the server advertised a push cert nonce.
If not, warn the user that their push may not be as secure as they
thought.
Signed-off-by: Dave Borowitz <dborowitz@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'transport-helper.c')
-rw-r--r-- | transport-helper.c | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/transport-helper.c b/transport-helper.c index 5d99a6bc2..fd5723f52 100644 --- a/transport-helper.c +++ b/transport-helper.c @@ -257,7 +257,6 @@ static const char *boolean_options[] = { TRANS_OPT_THIN, TRANS_OPT_KEEP, TRANS_OPT_FOLLOWTAGS, - TRANS_OPT_PUSH_CERT }; static int set_helper_option(struct transport *transport, @@ -763,6 +762,21 @@ static int push_update_refs_status(struct helper_data *data, return ret; } +static void set_common_push_options(struct transport *transport, + const char *name, int flags) +{ + if (flags & TRANSPORT_PUSH_DRY_RUN) { + if (set_helper_option(transport, "dry-run", "true") != 0) + die("helper %s does not support dry-run", name); + } else if (flags & TRANSPORT_PUSH_CERT_ALWAYS) { + if (set_helper_option(transport, TRANS_OPT_PUSH_CERT, "true") != 0) + die("helper %s does not support --signed", name); + } else if (flags & TRANSPORT_PUSH_CERT_IF_ASKED) { + if (set_helper_option(transport, TRANS_OPT_PUSH_CERT, "if-asked") != 0) + die("helper %s does not support --signed=if-asked", name); + } +} + static int push_refs_with_push(struct transport *transport, struct ref *remote_refs, int flags) { @@ -830,14 +844,7 @@ static int push_refs_with_push(struct transport *transport, for_each_string_list_item(cas_option, &cas_options) set_helper_option(transport, "cas", cas_option->string); - - if (flags & TRANSPORT_PUSH_DRY_RUN) { - if (set_helper_option(transport, "dry-run", "true") != 0) - die("helper %s does not support dry-run", data->name); - } else if (flags & TRANSPORT_PUSH_CERT) { - if (set_helper_option(transport, TRANS_OPT_PUSH_CERT, "true") != 0) - die("helper %s does not support --signed", data->name); - } + set_common_push_options(transport, data->name, flags); strbuf_addch(&buf, '\n'); sendline(data, &buf); @@ -858,14 +865,7 @@ static int push_refs_with_export(struct transport *transport, if (!data->refspecs) die("remote-helper doesn't support push; refspec needed"); - if (flags & TRANSPORT_PUSH_DRY_RUN) { - if (set_helper_option(transport, "dry-run", "true") != 0) - die("helper %s does not support dry-run", data->name); - } else if (flags & TRANSPORT_PUSH_CERT) { - if (set_helper_option(transport, TRANS_OPT_PUSH_CERT, "true") != 0) - die("helper %s does not support --signed", data->name); - } - + set_common_push_options(transport, data->name, flags); if (flags & TRANSPORT_PUSH_FORCE) { if (set_helper_option(transport, "force", "true") != 0) warning("helper %s does not support 'force'", data->name); |