#include "transport.h"
#include "version.h"
#include "sha1-array.h"
+#include "gpg-interface.h"
static int feed_object(const unsigned char *sha1, int fd, int negative)
{
NULL,
NULL,
};
- struct child_process po;
+ struct child_process po = CHILD_PROCESS_INIT;
int i;
i = 4;
argv[i++] = "-q";
if (args->progress)
argv[i++] = "--progress";
- memset(&po, 0, sizeof(po));
po.argv = argv;
po.in = -1;
po.out = args->stateless_rpc ? -1 : fd;
}
}
+/*
+ * the beginning of the next line, or the end of buffer.
+ *
+ * NEEDSWORK: perhaps move this to git-compat-util.h or somewhere and
+ * convert many similar uses found by "git grep -A4 memchr".
+ */
+static const char *next_line(const char *line, size_t len)
+{
+ const char *nl = memchr(line, '\n', len);
+ if (!nl)
+ return line + len; /* incomplete line */
+ return nl + 1;
+}
+
+static int generate_push_cert(struct strbuf *req_buf,
+ const struct ref *remote_refs,
+ struct send_pack_args *args,
+ const char *cap_string,
+ const char *push_cert_nonce)
+{
+ const struct ref *ref;
+ char *signing_key = xstrdup(get_signing_key());
+ const char *cp, *np;
+ struct strbuf cert = STRBUF_INIT;
+ int update_seen = 0;
+
+ strbuf_addf(&cert, "certificate version 0.1\n");
+ strbuf_addf(&cert, "pusher %s ", signing_key);
+ datestamp(&cert);
+ strbuf_addch(&cert, '\n');
+ if (args->url && *args->url) {
+ char *anon_url = transport_anonymize_url(args->url);
+ strbuf_addf(&cert, "pushee %s\n", anon_url);
+ free(anon_url);
+ }
+ if (push_cert_nonce[0])
+ strbuf_addf(&cert, "nonce %s\n", push_cert_nonce);
+ strbuf_addstr(&cert, "\n");
+
+ for (ref = remote_refs; ref; ref = ref->next) {
+ if (!ref_update_to_be_sent(ref, args))
+ continue;
+ update_seen = 1;
+ strbuf_addf(&cert, "%s %s %s\n",
+ sha1_to_hex(ref->old_sha1),
+ sha1_to_hex(ref->new_sha1),
+ ref->name);
+ }
+ if (!update_seen)
+ goto free_return;
+
+ if (sign_buffer(&cert, &cert, signing_key))
+ die(_("failed to sign the push certificate"));
+
+ packet_buf_write(req_buf, "push-cert%c%s", 0, cap_string);
+ for (cp = cert.buf; cp < cert.buf + cert.len; cp = np) {
+ np = next_line(cp, cert.buf + cert.len - cp);
+ packet_buf_write(req_buf,
+ "%.*s", (int)(np - cp), cp);
+ }
+ packet_buf_write(req_buf, "push-cert-end\n");
+
+free_return:
+ free(signing_key);
+ strbuf_release(&cert);
+ return update_seen;
+}
+
int send_pack(struct send_pack_args *args,
int fd[], struct child_process *conn,
struct ref *remote_refs,
unsigned cmds_sent = 0;
int ret;
struct async demux;
+ const char *push_cert_nonce = NULL;
/* Does the other end support the reporting? */
if (server_supports("report-status"))
agent_supported = 1;
if (server_supports("no-thin"))
args->use_thin_pack = 0;
+ if (args->push_cert) {
+ int len;
+
+ push_cert_nonce = server_feature_value("push-cert", &len);
+ if (!push_cert_nonce)
+ die(_("the receiving end does not support --signed push"));
+ push_cert_nonce = xmemdupz(push_cert_nonce, len);
+ }
if (!remote_refs) {
fprintf(stderr, "No refs in common and none specified; doing nothing.\n"
if (!args->dry_run)
advertise_shallow_grafts_buf(&req_buf);
+ if (!args->dry_run && args->push_cert)
+ cmds_sent = generate_push_cert(&req_buf, remote_refs, args,
+ cap_buf.buf, push_cert_nonce);
+
/*
- * Finally, tell the other end!
+ * Clear the status for each ref and see if we need to send
+ * the pack data.
*/
for (ref = remote_refs; ref; ref = ref->next) {
if (!ref_update_to_be_sent(ref, args))
if (!ref->deletion)
need_pack_data = 1;
- if (args->dry_run) {
+ if (args->dry_run || !status_report)
ref->status = REF_STATUS_OK;
+ else
+ ref->status = REF_STATUS_EXPECTING_REPORT;
+ }
+
+ /*
+ * Finally, tell the other end!
+ */
+ for (ref = remote_refs; ref; ref = ref->next) {
+ char *old_hex, *new_hex;
+
+ if (args->dry_run || args->push_cert)
+ continue;
+
+ if (!ref_update_to_be_sent(ref, args))
+ continue;
+
+ old_hex = sha1_to_hex(ref->old_sha1);
+ new_hex = sha1_to_hex(ref->new_sha1);
+ if (!cmds_sent) {
+ packet_buf_write(&req_buf,
+ "%s %s %s%c%s",
+ old_hex, new_hex, ref->name, 0,
+ cap_buf.buf);
+ cmds_sent = 1;
} else {
- char *old_hex = sha1_to_hex(ref->old_sha1);
- char *new_hex = sha1_to_hex(ref->new_sha1);
-
- if (!cmds_sent)
- packet_buf_write(&req_buf,
- "%s %s %s%c%s",
- old_hex, new_hex, ref->name, 0,
- cap_buf.buf);
- else
- packet_buf_write(&req_buf, "%s %s %s",
- old_hex, new_hex, ref->name);
- ref->status = status_report ?
- REF_STATUS_EXPECTING_REPORT :
- REF_STATUS_OK;
- cmds_sent++;
+ packet_buf_write(&req_buf, "%s %s %s",
+ old_hex, new_hex, ref->name);
}
}