diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2014-10-24 15:01:32 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2014-10-24 15:01:32 -0700 |
| commit | a33043f6393ae2a737f08d4f42d78fb06ba1e107 (patch) | |
| tree | ee1d8949ab87bdc80f9e63320306938fc3a76b36 | |
| parent | Merge branch 'sb/plug-transport-leak' (diff) | |
| parent | push: heed user.signingkey for signed pushes (diff) | |
| download | tgif-a33043f6393ae2a737f08d4f42d78fb06ba1e107.tar.xz | |
Merge branch 'jc/push-cert'
* jc/push-cert:
push: heed user.signingkey for signed pushes
| -rw-r--r-- | builtin/push.c | 13 | ||||
| -rwxr-xr-x | t/t5534-push-signed.sh | 44 |
2 files changed, 56 insertions, 1 deletions
diff --git a/builtin/push.c b/builtin/push.c index ae56f73a66..a076b1964d 100644 --- a/builtin/push.c +++ b/builtin/push.c @@ -471,6 +471,17 @@ static int option_parse_recurse_submodules(const struct option *opt, return 0; } +static int git_push_config(const char *k, const char *v, void *cb) +{ + struct wt_status *s = cb; + int status; + + status = git_gpg_config(k, v, NULL); + if (status) + return status; + return git_default_config(k, v, s); +} + int cmd_push(int argc, const char **argv, const char *prefix) { int flags = 0; @@ -511,7 +522,7 @@ int cmd_push(int argc, const char **argv, const char *prefix) }; packet_trace_identity("push"); - git_config(git_default_config, NULL); + git_config(git_push_config, NULL); argc = parse_options(argc, argv, prefix, options, push_usage, 0); if (deleterefs && (tags || (flags & (TRANSPORT_PUSH_ALL | TRANSPORT_PUSH_MIRROR)))) diff --git a/t/t5534-push-signed.sh b/t/t5534-push-signed.sh index 2786346f9a..ecb8d446a5 100755 --- a/t/t5534-push-signed.sh +++ b/t/t5534-push-signed.sh @@ -124,4 +124,48 @@ test_expect_success GPG 'signed push sends push certificate' ' test_cmp expect dst/push-cert-status ' +test_expect_success GPG 'fail without key and heed user.signingkey' ' + prepare_dst && + mkdir -p dst/.git/hooks && + git -C dst config receive.certnonceseed sekrit && + write_script dst/.git/hooks/post-receive <<-\EOF && + # discard the update list + cat >/dev/null + # record the push certificate + if test -n "${GIT_PUSH_CERT-}" + then + git cat-file blob $GIT_PUSH_CERT >../push-cert + fi && + + cat >../push-cert-status <<E_O_F + SIGNER=${GIT_PUSH_CERT_SIGNER-nobody} + KEY=${GIT_PUSH_CERT_KEY-nokey} + STATUS=${GIT_PUSH_CERT_STATUS-nostatus} + NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus} + NONCE=${GIT_PUSH_CERT_NONCE-nononce} + E_O_F + + EOF + + unset GIT_COMMITTER_EMAIL && + git config user.email hasnokey@nowhere.com && + test_must_fail git push --signed dst noop ff +noff && + git config user.signingkey committer@example.com && + git push --signed dst noop ff +noff && + + ( + cat <<-\EOF && + SIGNER=C O Mitter <committer@example.com> + KEY=13B6F51ECDDE430D + STATUS=G + NONCE_STATUS=OK + EOF + sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert + ) >expect && + + grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert && + grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert && + test_cmp expect dst/push-cert-status +' + test_done |