diff options
author | Junio C Hamano <gitster@pobox.com> | 2014-10-09 00:05:15 +0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2014-10-09 00:05:25 +0400 |
commit | fb06b5280ea05d75515fa780cf08d4ec9d6fe101 (patch) | |
tree | 9d7c7032df370076149f31f3373e067b69248169 /gpg-interface.h | |
parent | 325602ce120e7bd7321b9ed409b49b48fd20888e (diff) | |
parent | 6f5ef44e0d8933621fcd50127518557013002313 (diff) |
Merge branch 'jc/push-cert'
Allow "git push" request to be signed, so that it can be verified and
audited, using the GPG signature of the person who pushed, that the
tips of branches at a public repository really point the commits
the pusher wanted to, without having to "trust" the server.
* jc/push-cert: (24 commits)
receive-pack::hmac_sha1(): copy the entire SHA-1 hash out
signed push: allow stale nonce in stateless mode
signed push: teach smart-HTTP to pass "git push --signed" around
signed push: fortify against replay attacks
signed push: add "pushee" header to push certificate
signed push: remove duplicated protocol info
send-pack: send feature request on push-cert packet
receive-pack: GPG-validate push certificates
push: the beginning of "git push --signed"
pack-protocol doc: typofix for PKT-LINE
gpg-interface: move parse_signature() to where it should be
gpg-interface: move parse_gpg_output() to where it should be
send-pack: clarify that cmds_sent is a boolean
send-pack: refactor inspecting and resetting status and sending commands
send-pack: rename "new_refs" to "need_pack_data"
receive-pack: factor out capability string generation
send-pack: factor out capability string generation
send-pack: always send capabilities
send-pack: refactor decision to send update per ref
send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher
...
Diffstat (limited to 'gpg-interface.h')
-rw-r--r-- | gpg-interface.h | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/gpg-interface.h b/gpg-interface.h index 37c23daff0..87a4f2e3fa 100644 --- a/gpg-interface.h +++ b/gpg-interface.h @@ -5,16 +5,23 @@ struct signature_check { char *payload; char *gpg_output; char *gpg_status; - char result; /* 0 (not checked), - * N (checked but no further result), - * U (untrusted good), - * G (good) - * B (bad) */ + + /* + * possible "result": + * 0 (not checked) + * N (checked but no further result) + * U (untrusted good) + * G (good) + * B (bad) + */ + char result; char *signer; char *key; }; extern void signature_check_clear(struct signature_check *sigc); +extern size_t parse_signature(const char *buf, unsigned long size); +extern void parse_gpg_output(struct signature_check *); extern int sign_buffer(struct strbuf *buffer, struct strbuf *signature, const char *signing_key); extern int verify_signed_buffer(const char *payload, size_t payload_size, const char *signature, size_t signature_size, struct strbuf *gpg_output, struct strbuf *gpg_status); extern int git_gpg_config(const char *, const char *, void *); |