push: heed user.signingkey for signed pushes
authorMichael J Gruber <git@drmicha.warpmail.net>
Wed, 22 Oct 2014 14:57:49 +0000 (16:57 +0200)
committerJunio C Hamano <gitster@pobox.com>
Fri, 24 Oct 2014 17:50:05 +0000 (10:50 -0700)
push --signed promises to take user.signingkey as the signing key but
fails to read the config.

Make it do so.

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
builtin/push.c
t/t5534-push-signed.sh
index ae56f73a66edde6ee8c8b6be349d9e31f29699dc..a076b1964d6ac0ca96496eda4e88fd23409299a9 100644 (file)
@@ -471,6 +471,17 @@ static int option_parse_recurse_submodules(const struct option *opt,
        return 0;
 }
 
+static int git_push_config(const char *k, const char *v, void *cb)
+{
+       struct wt_status *s = cb;
+       int status;
+
+       status = git_gpg_config(k, v, NULL);
+       if (status)
+               return status;
+       return git_default_config(k, v, s);
+}
+
 int cmd_push(int argc, const char **argv, const char *prefix)
 {
        int flags = 0;
@@ -511,7 +522,7 @@ int cmd_push(int argc, const char **argv, const char *prefix)
        };
 
        packet_trace_identity("push");
-       git_config(git_default_config, NULL);
+       git_config(git_push_config, NULL);
        argc = parse_options(argc, argv, prefix, options, push_usage, 0);
 
        if (deleterefs && (tags || (flags & (TRANSPORT_PUSH_ALL | TRANSPORT_PUSH_MIRROR))))
index 2786346f9a288fd49c98224d022f56a631957180..ecb8d446a58d422bd8a9a25f75e4f9a20ec50818 100755 (executable)
@@ -124,4 +124,48 @@ test_expect_success GPG 'signed push sends push certificate' '
        test_cmp expect dst/push-cert-status
 '
 
+test_expect_success GPG 'fail without key and heed user.signingkey' '
+       prepare_dst &&
+       mkdir -p dst/.git/hooks &&
+       git -C dst config receive.certnonceseed sekrit &&
+       write_script dst/.git/hooks/post-receive <<-\EOF &&
+       # discard the update list
+       cat >/dev/null
+       # record the push certificate
+       if test -n "${GIT_PUSH_CERT-}"
+       then
+               git cat-file blob $GIT_PUSH_CERT >../push-cert
+       fi &&
+
+       cat >../push-cert-status <<E_O_F
+       SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
+       KEY=${GIT_PUSH_CERT_KEY-nokey}
+       STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
+       NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
+       NONCE=${GIT_PUSH_CERT_NONCE-nononce}
+       E_O_F
+
+       EOF
+
+       unset GIT_COMMITTER_EMAIL &&
+       git config user.email hasnokey@nowhere.com &&
+       test_must_fail git push --signed dst noop ff +noff &&
+       git config user.signingkey committer@example.com &&
+       git push --signed dst noop ff +noff &&
+
+       (
+               cat <<-\EOF &&
+               SIGNER=C O Mitter <committer@example.com>
+               KEY=13B6F51ECDDE430D
+               STATUS=G
+               NONCE_STATUS=OK
+               EOF
+               sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
+       ) >expect &&
+
+       grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
+       grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
+       test_cmp expect dst/push-cert-status
+'
+
 test_done