From 87c0d08b3d92c55c233c8a95294a2232a97d97eb Mon Sep 17 00:00:00 2001 From: Dave Borowitz Date: Wed, 19 Aug 2015 11:26:43 -0400 Subject: transport: remove git_transport_options.push_cert This field was set in transport_set_option, but never read in the push code. The push code basically ignores the smart_options field entirely, and derives its options from the flags arguments to the push* callbacks. Note that in git_transport_push there are already several args set from flags that have no corresponding field in git_transport_options; after this change, push_cert is just like those. Signed-off-by: Dave Borowitz Signed-off-by: Junio C Hamano --- transport.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'transport.c') diff --git a/transport.c b/transport.c index eca9b8c817..39a1a66287 100644 --- a/transport.c +++ b/transport.c @@ -478,9 +478,6 @@ static int set_git_option(struct git_transport_options *opts, die("transport: invalid depth option '%s'", value); } return 0; - } else if (!strcmp(name, TRANS_OPT_PUSH_CERT)) { - opts->push_cert = !!value; - return 0; } return 1; } -- cgit v1.2.3 From 30261094b1f7fdcba3b7a1f396e43891cd998149 Mon Sep 17 00:00:00 2001 From: Dave Borowitz Date: Wed, 19 Aug 2015 11:26:46 -0400 Subject: push: support signing pushes iff the server supports it Add a new flag --sign=true (or --sign=false), which means the same thing as the original --signed (or --no-signed). Give it a third value --sign=if-asked to tell push and send-pack to send a push certificate if and only if the server advertised a push cert nonce. If not, warn the user that their push may not be as secure as they thought. Signed-off-by: Dave Borowitz Signed-off-by: Junio C Hamano --- transport.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'transport.c') diff --git a/transport.c b/transport.c index 39a1a66287..12837254d5 100644 --- a/transport.c +++ b/transport.c @@ -828,10 +828,16 @@ static int git_transport_push(struct transport *transport, struct ref *remote_re args.progress = transport->progress; args.dry_run = !!(flags & TRANSPORT_PUSH_DRY_RUN); args.porcelain = !!(flags & TRANSPORT_PUSH_PORCELAIN); - args.push_cert = !!(flags & TRANSPORT_PUSH_CERT); args.atomic = !!(flags & TRANSPORT_PUSH_ATOMIC); args.url = transport->url; + if (flags & TRANSPORT_PUSH_CERT_ALWAYS) + args.push_cert = SEND_PACK_PUSH_CERT_ALWAYS; + else if (flags & TRANSPORT_PUSH_CERT_IF_ASKED) + args.push_cert = SEND_PACK_PUSH_CERT_IF_ASKED; + else + args.push_cert = SEND_PACK_PUSH_CERT_NEVER; + ret = send_pack(&args, data->fd, data->conn, remote_refs, &data->extra_have); -- cgit v1.2.3