Skip to content

Commit a33043f

Browse files
gitstergitster
committed
Merge branch 'jc/push-cert'
* jc/push-cert: push: heed user.signingkey for signed pushes
2 parents 95d2255 + b945901 commit a33043f

File tree

2 files changed

+56
-1
lines changed

2 files changed

+56
-1
lines changed

builtin/push.c

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -471,6 +471,17 @@ static int option_parse_recurse_submodules(const struct option *opt,
471471
return 0;
472472
}
473473

474+
static int git_push_config(const char *k, const char *v, void *cb)
475+
{
476+
struct wt_status *s = cb;
477+
int status;
478+
479+
status = git_gpg_config(k, v, NULL);
480+
if (status)
481+
return status;
482+
return git_default_config(k, v, s);
483+
}
484+
474485
int cmd_push(int argc, const char **argv, const char *prefix)
475486
{
476487
int flags = 0;
@@ -511,7 +522,7 @@ int cmd_push(int argc, const char **argv, const char *prefix)
511522
};
512523

513524
packet_trace_identity("push");
514-
git_config(git_default_config, NULL);
525+
git_config(git_push_config, NULL);
515526
argc = parse_options(argc, argv, prefix, options, push_usage, 0);
516527

517528
if (deleterefs && (tags || (flags & (TRANSPORT_PUSH_ALL | TRANSPORT_PUSH_MIRROR))))

t/t5534-push-signed.sh

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -124,4 +124,48 @@ test_expect_success GPG 'signed push sends push certificate' '
124124
test_cmp expect dst/push-cert-status
125125
'
126126

127+
test_expect_success GPG 'fail without key and heed user.signingkey' '
128+
prepare_dst &&
129+
mkdir -p dst/.git/hooks &&
130+
git -C dst config receive.certnonceseed sekrit &&
131+
write_script dst/.git/hooks/post-receive <<-\EOF &&
132+
# discard the update list
133+
cat >/dev/null
134+
# record the push certificate
135+
if test -n "${GIT_PUSH_CERT-}"
136+
then
137+
git cat-file blob $GIT_PUSH_CERT >../push-cert
138+
fi &&
139+
140+
cat >../push-cert-status <<E_O_F
141+
SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
142+
KEY=${GIT_PUSH_CERT_KEY-nokey}
143+
STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
144+
NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
145+
NONCE=${GIT_PUSH_CERT_NONCE-nononce}
146+
E_O_F
147+
148+
EOF
149+
150+
unset GIT_COMMITTER_EMAIL &&
151+
git config user.email hasnokey@nowhere.com &&
152+
test_must_fail git push --signed dst noop ff +noff &&
153+
git config user.signingkey committer@example.com &&
154+
git push --signed dst noop ff +noff &&
155+
156+
(
157+
cat <<-\EOF &&
158+
SIGNER=C O Mitter <committer@example.com>
159+
KEY=13B6F51ECDDE430D
160+
STATUS=G
161+
NONCE_STATUS=OK
162+
EOF
163+
sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
164+
) >expect &&
165+
166+
grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
167+
grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
168+
test_cmp expect dst/push-cert-status
169+
'
170+
127171
test_done

0 commit comments

Comments
 (0)