diff options
author | Dave Borowitz <dborowitz@google.com> | 2015-08-19 11:26:46 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2015-08-19 12:58:45 -0700 |
commit | 30261094b1f7fdcba3b7a1f396e43891cd998149 (patch) | |
tree | 1ad9cc07d3c3dc5fb1a07c878be7f9b0fe2d4dde /Documentation | |
parent | builtin/send-pack.c: use parse_options API (diff) | |
download | tgif-30261094b1f7fdcba3b7a1f396e43891cd998149.tar.xz |
push: support signing pushes iff the server supports it
Add a new flag --sign=true (or --sign=false), which means the same
thing as the original --signed (or --no-signed). Give it a third
value --sign=if-asked to tell push and send-pack to send a push
certificate if and only if the server advertised a push cert nonce.
If not, warn the user that their push may not be as secure as they
thought.
Signed-off-by: Dave Borowitz <dborowitz@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/git-push.txt | 17 | ||||
-rw-r--r-- | Documentation/git-send-pack.txt | 16 |
2 files changed, 20 insertions, 13 deletions
diff --git a/Documentation/git-push.txt b/Documentation/git-push.txt index da0a98d58c..1495e3416c 100644 --- a/Documentation/git-push.txt +++ b/Documentation/git-push.txt @@ -11,7 +11,8 @@ SYNOPSIS [verse] 'git push' [--all | --mirror | --tags] [--follow-tags] [--atomic] [-n | --dry-run] [--receive-pack=<git-receive-pack>] [--repo=<repository>] [-f | --force] [--prune] [-v | --verbose] - [-u | --set-upstream] [--signed] + [-u | --set-upstream] + [--[no-]signed|--sign=(true|false|if-asked)] [--force-with-lease[=<refname>[:<expect>]]] [--no-verify] [<repository> [<refspec>...]] @@ -132,14 +133,16 @@ already exists on the remote side. with configuration variable 'push.followTags'. For more information, see 'push.followTags' in linkgit:git-config[1]. - ---signed:: +--[no-]signed:: +--sign=(true|false|if-asked):: GPG-sign the push request to update refs on the receiving side, to allow it to be checked by the hooks and/or be - logged. See linkgit:git-receive-pack[1] for the details - on the receiving end. If the attempt to sign with `gpg` fails, - or if the server does not support signed pushes, the push will - fail. + logged. If `false` or `--no-signed`, no signing will be + attempted. If `true` or `--signed`, the push will fail if the + server does not support signed pushes. If set to `if-asked`, + sign if and only if the server supports signed pushes. The push + will also fail if the actual call to `gpg --sign` fails. See + linkgit:git-receive-pack[1] for the details on the receiving end. --[no-]atomic:: Use an atomic transaction on the remote side if available. diff --git a/Documentation/git-send-pack.txt b/Documentation/git-send-pack.txt index 0a0a3fbf90..6aa91e830c 100644 --- a/Documentation/git-send-pack.txt +++ b/Documentation/git-send-pack.txt @@ -10,7 +10,8 @@ SYNOPSIS -------- [verse] 'git send-pack' [--all] [--dry-run] [--force] [--receive-pack=<git-receive-pack>] - [--verbose] [--thin] [--atomic] [--signed] + [--verbose] [--thin] [--atomic] + [--[no-]signed|--sign=(true|false|if-asked)] [<host>:]<directory> [<ref>...] DESCRIPTION @@ -69,13 +70,16 @@ be in a separate packet, and the list must end with a flush packet. fails to update then the entire push will fail without changing any refs. ---signed:: +--[no-]signed:: +--sign=(true|false|if-asked):: GPG-sign the push request to update refs on the receiving side, to allow it to be checked by the hooks and/or be - logged. See linkgit:git-receive-pack[1] for the details - on the receiving end. If the attempt to sign with `gpg` fails, - or if the server does not support signed pushes, the push will - fail. + logged. If `false` or `--no-signed`, no signing will be + attempted. If `true` or `--signed`, the push will fail if the + server does not support signed pushes. If set to `if-asked`, + sign if and only if the server supports signed pushes. The push + will also fail if the actual call to `gpg --sign` fails. See + linkgit:git-receive-pack[1] for the details on the receiving end. <host>:: A remote host to house the repository. When this |