• Junio C Hamano's avatar
    Merge branch 'jc/push-cert' · fb06b528
    Junio C Hamano authored
    Allow "git push" request to be signed, so that it can be verified and
    audited, using the GPG signature of the person who pushed, that the
    tips of branches at a public repository really point the commits
    the pusher wanted to, without having to "trust" the server.
    * jc/push-cert: (24 commits)
      receive-pack::hmac_sha1(): copy the entire SHA-1 hash out
      signed push: allow stale nonce in stateless mode
      signed push: teach smart-HTTP to pass "git push --signed" around
      signed push: fortify against replay attacks
      signed push: add "pushee" header to push certificate
      signed push: remove duplicated protocol info
      send-pack: send feature request on push-cert packet
      receive-pack: GPG-validate push certificates
      push: the beginning of "git push --signed"
      pack-protocol doc: typofix for PKT-LINE
      gpg-interface: move parse_signature() to where it should be
      gpg-interface: move parse_gpg_output() to where it should be
      send-pack: clarify that cmds_sent is a boolean
      send-pack: refactor inspecting and resetting status and sending commands
      send-pack: rename "new_refs" to "need_pack_data"
      receive-pack: factor out capability string generation
      send-pack: factor out capability string generation
      send-pack: always send capabilities
      send-pack: refactor decision to send update per ref
      send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher
t5541-http-push-smart.sh 11.4 KB