From 30261094b1f7fdcba3b7a1f396e43891cd998149 Mon Sep 17 00:00:00 2001 From: Dave Borowitz Date: Wed, 19 Aug 2015 11:26:46 -0400 Subject: push: support signing pushes iff the server supports it Add a new flag --sign=true (or --sign=false), which means the same thing as the original --signed (or --no-signed). Give it a third value --sign=if-asked to tell push and send-pack to send a push certificate if and only if the server advertised a push cert nonce. If not, warn the user that their push may not be as secure as they thought. Signed-off-by: Dave Borowitz Signed-off-by: Junio C Hamano --- send-pack.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'send-pack.h') diff --git a/send-pack.h b/send-pack.h index b6646488aa..57f222abcc 100644 --- a/send-pack.h +++ b/send-pack.h @@ -1,6 +1,11 @@ #ifndef SEND_PACK_H #define SEND_PACK_H +/* Possible values for push_cert field in send_pack_args. */ +#define SEND_PACK_PUSH_CERT_NEVER 0 +#define SEND_PACK_PUSH_CERT_IF_ASKED 1 +#define SEND_PACK_PUSH_CERT_ALWAYS 2 + struct send_pack_args { const char *url; unsigned verbose:1, @@ -12,11 +17,16 @@ struct send_pack_args { use_thin_pack:1, use_ofs_delta:1, dry_run:1, - push_cert:1, + /* One of the SEND_PACK_PUSH_CERT_* constants. */ + push_cert:2, stateless_rpc:1, atomic:1; }; +struct option; +int option_parse_push_signed(const struct option *opt, + const char *arg, int unset); + int send_pack(struct send_pack_args *args, int fd[], struct child_process *conn, struct ref *remote_refs, struct sha1_array *extra_have); -- cgit v1.2.3