Commit Graph

173 Commits

Author SHA1 Message Date
Martin Ågren
9e9f132f53 doc: convert \--option to --option
Rather than using a backslash in \--foo, with or without ''-quoting,
write `--foo` for better rendering. As explained in commit 1c262bb7b
(doc: convert \--option to --option, 2015-05-13), the backslash is not
needed for the versions of AsciiDoc that we support, but is rendered
literally by Asciidoctor.

Signed-off-by: Martin Ågren <martin.agren@gmail.com>
2018-04-18 12:49:26 +09:00
Marius Paliga
d8052750c5 builtin/push.c: add push.pushOption config
Push options need to be given explicitly, via the command line as "git
push --push-option <option>".  Add the config option push.pushOption,
which is a multi-valued option, containing push options that are sent
by default.

When push options are set in the lower-priority configulation file
(e.g. /etc/gitconfig, or $HOME/.gitconfig), they can be unset later in
the more specific repository config by the empty string.

Add tests and update documentation as well.

Signed-off-by: Marius Paliga <marius.paliga@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-24 09:57:54 +09:00
Junio C Hamano
bdfcdefd2f Merge branch 'ma/parse-maybe-bool'
Code clean-up.

* ma/parse-maybe-bool:
  parse_decoration_style: drop unused argument `var`
  treewide: deprecate git_config_maybe_bool, use git_parse_maybe_bool
  config: make git_{config,parse}_maybe_bool equivalent
  config: introduce git_parse_maybe_bool_text
  t5334: document that git push --signed=1 does not work
  Doc/git-{push,send-pack}: correct --sign= to --signed=
2017-08-22 10:29:03 -07:00
Martin Ågren
a81383badc Doc/git-{push,send-pack}: correct --sign= to --signed=
Since we're about to touch the behavior of --signed=, do this as a
preparatory step.

The documentation mentions --sign=, and it works. But that's just
because it's an unambiguous abbreviation of --signed, which is how it is
actually implemented. This was added in commit 30261094 ("push: support
signing pushes iff the server supports it", 2015-08-19). Back when that
series was developed [1] [2], there were suggestions about both --sign=
and --signed=. The final implementation settled on --signed=, but some
of the documentation and commit messages ended up using --sign=.

The option is referred to as --signed= in Documentation/config.txt
(under push.gpgSign).

One could argue that we have promised --sign for two years now, so we
should implement it as an alias for --signed. (Then we might also
deprecate the latter, something which was considered already then.) That
would be a slightly more intrusive change.

This minor issue would only be a problem once we want to implement some
other option --signfoo, but the earlier we do this step, the better.

[1] v1-thread:
https://public-inbox.org/git/1439492451-11233-1-git-send-email-dborowitz@google.com/T/#u

[2] v2-thread:
https://public-inbox.org/git/1439998007-28719-1-git-send-email-dborowitz@google.com/T/#m6533a6c4707a30b0d81e86169ff8559460cbf6eb

Signed-off-by: Martin Ågren <martin.agren@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-08-07 13:27:20 -07:00
Ævar Arnfjörð Bjarmason
f17d642d3b push: document & test --force-with-lease with multiple remotes
Document & test for cases where there are two remotes pointing to the
same URL, and a background fetch & subsequent `git push
--force-with-lease` shouldn't clobber un-updated references we haven't
fetched.

Some editors like Microsoft's VSC have a feature to auto-fetch in the
background, this bypasses the protections offered by
--force-with-lease & --force-with-lease=<refname>, as noted in the
documentation being added here.

See the 'Tools that do an automatic fetch defeat "git push
--force-with-lease"' (<1491617750.2149.10.camel@mattmccutchen.net>)
git mailing list thread for more details. Jakub Narębski suggested
this method of adding another remote to bypass this edge case,
document that & add a test for it.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-04-19 18:53:06 -07:00
Junio C Hamano
8e7c1f3240 Merge branch 'bw/push-submodule-only'
Add missing documentation update to a recent topic.

* bw/push-submodule-only:
  completion: add completion for --recurse-submodules=only
  doc: add doc for git-push --recurse-submodules=only
2017-02-10 12:52:23 -08:00
Cornelius Weig
9c24c8741e doc: add doc for git-push --recurse-submodules=only
Add documentation for the `--recurse-submodules=only` option of
git-push. The feature was added in commit 225e8bf (add option to
push only submodules).

Signed-off-by: Cornelius Weig <cornelius.weig@tngtech.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-02-01 15:16:49 -08:00
Junio C Hamano
5f52e70879 Merge branch 'mm/push-social-engineering-attack-doc'
Doc update on fetching and pushing.

* mm/push-social-engineering-attack-doc:
  doc: mention transfer data leaks in more places
2017-01-10 15:24:24 -08:00
Matt McCutchen
235ec24352 doc: mention transfer data leaks in more places
The "SECURITY" section of the gitnamespaces(7) man page described two
ways for a client to steal data from a server that wasn't intended to be
shared. Similar attacks can be performed by a server on a client, so
adapt the section to cover both directions and add it to the
git-fetch(1), git-pull(1), and git-push(1) man pages. Also add
references to this section from the documentation of server
configuration options that attempt to control data leakage but may not
be fully effective.

Signed-off-by: Matt McCutchen <matt@mattmccutchen.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-11-14 11:23:07 -08:00
Junio C Hamano
e674762786 Merge branch 'jk/push-force-with-lease-creation'
"git push --force-with-lease" already had enough logic to allow
ensuring that such a push results in creation of a ref (i.e. the
receiving end did not have another push from sideways that would be
discarded by our force-pushing), but didn't expose this possibility
to the users.  It does so now.

* jk/push-force-with-lease-creation:
  t5533: make it pass on case-sensitive filesystems
  push: allow pushing new branches with --force-with-lease
  push: add shorthand for --force-with-lease branch creation
  Documentation/git-push: fix placeholder formatting
2016-08-10 12:33:18 -07:00
Junio C Hamano
cf27c7996e Merge branch 'sb/push-options'
"git push" learned to accept and pass extra options to the
receiving end so that hooks can read and react to them.

* sb/push-options:
  add a test for push options
  push: accept push options
  receive-pack: implement advertising and receiving push options
  push options: {pre,post}-receive hook learns about push options
2016-08-03 15:10:24 -07:00
John Keeping
eee98e74f9 push: add shorthand for --force-with-lease branch creation
Allow the empty string to stand in for the null SHA-1 when pushing a new
branch, like we do when deleting branches.

This means that the following command ensures that `new-branch` is
created on the remote (that is, is must not already exist):

	git push --force-with-lease=new-branch: origin new-branch

Signed-off-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-07-26 13:48:09 -07:00
John Keeping
d132b32b4e Documentation/git-push: fix placeholder formatting
Format the placeholder as monospace to match other occurrences in this
file and obey CodingGuidelines.

Signed-off-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-07-25 15:21:32 -07:00
Stefan Beller
f6a4e61fbb push: accept push options
This implements everything that is required on the client side to make use
of push options from the porcelain push command.

Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-07-14 15:50:41 -07:00
Matthieu Moy
bcf9626a71 doc: typeset long command-line options as literal
Similarly to the previous commit, use backquotes instead of
forward-quotes, for long options.

This was obtained with:

  perl -pi -e "s/'(--[a-z][a-z=<>-]*)'/\`\$1\`/g" *.txt

and manual tweak to remove false positive in ascii-art (o'--o'--o' to
describe rewritten history).

Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-28 08:36:45 -07:00
Tom Russello
ae9f6311e9 doc: change configuration variables format
This change configuration variables that where in italic style
to monospace font according to the guideline. It was obtained with

	grep '[[:alpha:]]*\.[[:alpha:]]*::$' config.txt | \
	sed -e 's/::$//' -e 's/\./\\\\./' | \
	xargs -iP perl -pi -e "s/\'P\'/\`P\`/g" ./*.txt

Signed-off-by: Tom Russello <tom.russello@grenoble-inp.org>
Signed-off-by: Erwan Mathoniere <erwan.mathoniere@grenoble-inp.org>
Signed-off-by: Samuel Groot <samuel.groot@grenoble-inp.org>
Signed-off-by: Matthieu Moy <matthieu.moy@grenoble-inp.fr>
Reviewed-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-06-08 12:04:55 -07:00
Junio C Hamano
d4e7b9bcb0 Merge branch 'mm/push-simple-doc' into maint
The documentation did not clearly state that the 'simple' mode is
now the default for "git push" when push.default configuration is
not set.

* mm/push-simple-doc:
  Documentation/git-push: document that 'simple' is the default
2016-03-10 11:13:44 -08:00
Junio C Hamano
1e4c08ff7e Merge branch 'mm/push-simple-doc'
The documentation did not clearly state that the 'simple' mode is
now the default for "git push" when push.default configuration is
not set.

* mm/push-simple-doc:
  Documentation/git-push: document that 'simple' is the default
2016-02-26 13:37:21 -08:00
Junio C Hamano
e84d5e9fa1 Merge branch 'ew/force-ipv4'
"git fetch" and friends that make network connections can now be
told to only use ipv4 (or ipv6).

* ew/force-ipv4:
  connect & http: support -4 and -6 switches for remote operations
2016-02-24 13:25:54 -08:00
Matthieu Moy
f6b1fb372e Documentation/git-push: document that 'simple' is the default
The default behavior is well documented already in git-config(1), but
git-push(1) itself did not mention it at all. For users willing to learn
how "git push" works but not how to configure it, this makes the
documentation cumbersome to read.

Make the git-push(1) page self-contained by adding a short summary of
what 'push.default=simple' does, early in the page.

Signed-off-by: Matthieu Moy <Matthieu.Moy@imag.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-02-23 13:35:10 -08:00
Eric Wong
c915f11eb4 connect & http: support -4 and -6 switches for remote operations
Sometimes it is necessary to force IPv4-only or IPv6-only operation
on networks where name lookups may return a non-routable address and
stall remote operations.

The ssh(1) command has an equivalent switches which we may pass when
we run them.  There may be old ssh(1) implementations out there
which do not support these switches; they should report the
appropriate error in that case.

rsync support is untouched for now since it is deprecated and
scheduled to be removed.

Signed-off-by: Eric Wong <normalperson@yhbt.net>
Reviewed-by: Torsten Bögershausen <tboegi@web.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-02-12 11:34:14 -08:00
Junio C Hamano
7b9d1b9556 Merge branch 'ps/push-delete-option'
"branch --delete" has "branch -d" but "push --delete" does not.

* ps/push-delete-option:
  push: add '-d' as shorthand for '--delete'
  push: add '--delete' flag to synopsis
2016-01-12 15:16:54 -08:00
Patrick Steinhardt
38a2559113 push: add '-d' as shorthand for '--delete'
"git push" takes "--delete" but does not take a short form "-d",
unlike "git branch" which does take both.  Bring consistency
between them.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-12-16 12:30:10 -08:00
Patrick Steinhardt
fff69f7053 push: add '--delete' flag to synopsis
The delete flag is not mentioned in the synopsis of `git-push`.
Add the flag to make it more discoverable.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-12-14 13:47:03 -08:00
Mike Crowe
b33a15b081 push: add recurseSubmodules config option
The --recurse-submodules command line parameter has existed for some
time but it has no config file equivalent.

Following the style of the corresponding parameter for git fetch, let's
invent push.recurseSubmodules to provide a default for this
parameter. This also requires the addition of --recurse-submodules=no to
allow the configuration to be overridden on the command line when
required.

The most straightforward way to implement this appears to be to make
push use code in submodule-config in a similar way to fetch.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Jeff King <peff@peff.net>
2015-11-20 08:02:07 -05:00
Junio C Hamano
73167677c0 Merge branch 'jc/em-dash-in-doc'
AsciiDoc markup fixes.

* jc/em-dash-in-doc:
  Documentation: AsciiDoc spells em-dash as double-dashes, not triple
2015-10-29 13:59:16 -07:00
Junio C Hamano
3b19dba703 Documentation: AsciiDoc spells em-dash as double-dashes, not triple
Again, we do not usually process release notes with AsciiDoc, but it
is better to be consistent.

This incidentally reveals breakages left by an ancient 5e00439f
(Documentation: build html for all files in technical and howto,
2012-10-23).  The index-format documentation was originally written
to be read as straight text without formatting and when the commit
forced everything in Documentation/ to go through AsciiDoc, it did
not do any adjustment--hence the double-dashes will be seen in the
resulting text that is rendered as preformatted fixed-width without
converted into em-dashes.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-10-22 13:02:33 -07:00
Dave Borowitz
30261094b1 push: support signing pushes iff the server supports it
Add a new flag --sign=true (or --sign=false), which means the same
thing as the original --signed (or --no-signed).  Give it a third
value --sign=if-asked to tell push and send-pack to send a push
certificate if and only if the server advertised a push cert nonce.

If not, warn the user that their push may not be as secure as they
thought.

Signed-off-by: Dave Borowitz <dborowitz@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-08-19 12:58:45 -07:00
Dave Borowitz
f9e0952d1f Documentation/git-push.txt: document when --signed may fail
Like --atomic, --signed will fail if the server does not advertise the
necessary capability. In addition, it requires gpg on the client side.

Signed-off-by: Dave Borowitz <dborowitz@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-08-19 12:38:35 -07:00
Junio C Hamano
96b7f93ac8 Merge branch 'jk/asciidoc-markup-fix' into maint
Various documentation mark-up fixes to make the output more
consistent in general and also make AsciiDoctor (an alternative
formatter) happier.

* jk/asciidoc-markup-fix:
  doc: convert AsciiDoc {?foo} to ifdef::foo[]
  doc: put example URLs and emails inside literal backticks
  doc: drop backslash quoting of some curly braces
  doc: convert \--option to --option
  doc/add: reformat `--edit` option
  doc: fix length of underlined section-title
  doc: fix hanging "+"-continuation
  doc: fix unquoted use of "{type}"
  doc: fix misrendering due to `single quote'
2015-06-05 12:00:19 -07:00
Jeff King
1c262bb7b2 doc: convert \--option to --option
Older versions of AsciiDoc would convert the "--" in
"--option" into an emdash. According to 565e135
(Documentation: quote double-dash for AsciiDoc, 2011-06-29),
this is fixed in AsciiDoc 8.3.0. According to bf17126, we
don't support anything older than 8.4.1 anyway, so we no
longer need to worry about quoting.

Even though this does not change the output at all, there
are a few good reasons to drop the quoting:

  1. It makes the source prettier to read.

  2. We don't quote consistently, which may be confusing when
     reading the source.

  3. Asciidoctor does not like the quoting, and renders a
     literal backslash.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-05-12 22:14:46 -07:00
Junio C Hamano
a78fc4af82 Merge branch 'ph/push-doc-cas' into maint
* ph/push-doc-cas:
  git-push.txt: clean up force-with-lease wording
2015-03-31 14:52:24 -07:00
Junio C Hamano
31137f54db Merge branch 'ph/push-doc-cas'
* ph/push-doc-cas:
  git-push.txt: clean up force-with-lease wording
2015-03-28 09:37:53 -07:00
Phil Hord
fddfaf8a22 git-push.txt: clean up force-with-lease wording
The help text for the --force-with-lease option to git-push
does not parse cleanly.  Clean up the wording and syntax to
be more sensible.  Also remove redundant information in the
"--force-with-lease alone" description.

Signed-off-by: Phil Hord <hordp@cisco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-03-26 11:41:24 -07:00
Junio C Hamano
61ca378275 Merge branch 'jk/push-config'
Restructure "git push" codepath to make it easier to add new
configuration bits and then add push.followTags configuration that
turns --follow-tags option on by default.

* jk/push-config:
  push: allow --follow-tags to be set by config push.followTags
  cmd_push: pass "flags" pointer to config callback
  cmd_push: set "atomic" bit directly
  git_push_config: drop cargo-culted wt_status pointer
2015-03-23 11:28:14 -07:00
Dave Olszewski
a8bc269f11 push: allow --follow-tags to be set by config push.followTags
Signed-off-by: Dave Olszewski <cxreg@pobox.com>
Helped-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-03-14 15:08:35 -07:00
Junio C Hamano
2fc85f0545 Merge branch 'mg/push-repo-option-doc' into maint
The "git push" documentation made the "--repo=<there>" option
easily misunderstood.

* mg/push-repo-option-doc:
  git-push.txt: document the behavior of --repo
2015-02-24 22:10:19 -08:00
Junio C Hamano
a158904323 Merge branch 'mg/push-repo-option-doc'
The "git push" documentation made the "--repo=<there>" option
easily misunderstood.

* mg/push-repo-option-doc:
  git-push.txt: document the behavior of --repo
2015-02-17 10:15:31 -08:00
Junio C Hamano
39fa6112ec Merge branch 'sb/atomic-push'
"git push" has been taught a "--atomic" option that makes push to
update more than one ref an "all-or-none" affair.

* sb/atomic-push:
  Document receive.advertiseatomic
  t5543-atomic-push.sh: add basic tests for atomic pushes
  push.c: add an --atomic argument
  send-pack.c: add --atomic command line argument
  send-pack: rename ref_update_to_be_sent to check_to_send_update
  receive-pack.c: negotiate atomic push support
  receive-pack.c: add execute_commands_atomic function
  receive-pack.c: move transaction handling in a central place
  receive-pack.c: move iterating over all commands outside execute_commands
  receive-pack.c: die instead of error in case of possible future bug
  receive-pack.c: shorten the execute_commands loop over all commands
2015-02-11 13:43:51 -08:00
Michael J Gruber
57b92a77a0 git-push.txt: document the behavior of --repo
As per the code, the --repo <repo> option is equivalent to the
<repo> argument to 'git push', but somehow it was documented as
something that is more than that.  [It exists for historical
reasons, back from the time when options had to come before
arguments.]

Say so. [But not that.]

Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
Helped-by: Eric Sunshine <sunshine@sunshineco.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-01-28 12:56:06 -08:00
Ronnie Sahlberg
d0e8e09cd8 push.c: add an --atomic argument
Add a command line argument to the git push command to request atomic
pushes.

Signed-off-by: Ronnie Sahlberg <sahlberg@google.com>
Signed-off-by: Stefan Beller <sbeller@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2015-01-07 19:56:44 -08:00
Junio C Hamano
ebae81e96d Merge branch 'po/everyday-doc' into maint
"Everyday" document had a broken link.

* po/everyday-doc:
  Documentation: change "gitlink" typo in git-push
2014-12-22 12:18:17 -08:00
Junio C Hamano
b690b87ce3 Merge branch 'po/everyday-doc'
* po/everyday-doc:
  Documentation: change "gitlink" typo in git-push
2014-12-12 14:31:34 -08:00
brian m. carlson
366c8d4ca3 Documentation: change "gitlink" typo in git-push
The git-push manual page used "gitlink" in one place instead of
"linkgit".  Fix this so the link renders correctly.

Noticed-by: Dan Allen <dan.j.allen@gmail.com>
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-11-17 09:27:47 -08:00
Junio C Hamano
1cb3324e61 Merge branch 'po/everyday-doc'
"git help everyday" to show the Everyday Git document.

* po/everyday-doc:
  doc: add 'everyday' to 'git help'
  doc: Makefile regularise OBSOLETE_HTML list building
  doc: modernise everyday.txt wording and format in man page style
2014-10-16 14:16:42 -07:00
Philip Oakley
673151a9bb doc: add 'everyday' to 'git help'
The "Everyday GIT With 20 Commands Or So" is not accessible via the
Git help system.  Move everyday.txt to giteveryday.txt so that "git
help everyday" works, and create a new placeholder file everyday.html
to refer people who follow existing URLs to the updated location.

giteveryday.txt now formats well with AsciiDoc as a man page and
refreshed content to a more command modern style.

Add 'everyday' to the help --guides list and update git(1) and 5
other links to giteveryday.

Signed-off-by: Philip Oakley <philipoakley@iee.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-10 16:02:26 -07:00
Junio C Hamano
fb06b5280e Merge branch 'jc/push-cert'
Allow "git push" request to be signed, so that it can be verified and
audited, using the GPG signature of the person who pushed, that the
tips of branches at a public repository really point the commits
the pusher wanted to, without having to "trust" the server.

* jc/push-cert: (24 commits)
  receive-pack::hmac_sha1(): copy the entire SHA-1 hash out
  signed push: allow stale nonce in stateless mode
  signed push: teach smart-HTTP to pass "git push --signed" around
  signed push: fortify against replay attacks
  signed push: add "pushee" header to push certificate
  signed push: remove duplicated protocol info
  send-pack: send feature request on push-cert packet
  receive-pack: GPG-validate push certificates
  push: the beginning of "git push --signed"
  pack-protocol doc: typofix for PKT-LINE
  gpg-interface: move parse_signature() to where it should be
  gpg-interface: move parse_gpg_output() to where it should be
  send-pack: clarify that cmds_sent is a boolean
  send-pack: refactor inspecting and resetting status and sending commands
  send-pack: rename "new_refs" to "need_pack_data"
  receive-pack: factor out capability string generation
  send-pack: factor out capability string generation
  send-pack: always send capabilities
  send-pack: refactor decision to send update per ref
  send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher
  ...
2014-10-08 13:05:25 -07:00
Junio C Hamano
a85b377d04 push: the beginning of "git push --signed"
While signed tags and commits assert that the objects thusly signed
came from you, who signed these objects, there is not a good way to
assert that you wanted to have a particular object at the tip of a
particular branch.  My signing v2.0.1 tag only means I want to call
the version v2.0.1, and it does not mean I want to push it out to my
'master' branch---it is likely that I only want it in 'maint', so
the signature on the object alone is insufficient.

The only assurance to you that 'maint' points at what I wanted to
place there comes from your trust on the hosting site and my
authentication with it, which cannot easily audited later.

Introduce a mechanism that allows you to sign a "push certificate"
(for the lack of better name) every time you push, asserting that
what object you are pushing to update which ref that used to point
at what other object.  Think of it as a cryptographic protection for
ref updates, similar to signed tags/commits but working on an
orthogonal axis.

The basic flow based on this mechanism goes like this:

 1. You push out your work with "git push --signed".

 2. The sending side learns where the remote refs are as usual,
    together with what protocol extension the receiving end
    supports.  If the receiving end does not advertise the protocol
    extension "push-cert", an attempt to "git push --signed" fails.

    Otherwise, a text file, that looks like the following, is
    prepared in core:

	certificate version 0.1
	pusher Junio C Hamano <gitster@pobox.com> 1315427886 -0700

	7339ca65... 21580ecb... refs/heads/master
	3793ac56... 12850bec... refs/heads/next

    The file begins with a few header lines, which may grow as we
    gain more experience.  The 'pusher' header records the name of
    the signer (the value of user.signingkey configuration variable,
    falling back to GIT_COMMITTER_{NAME|EMAIL}) and the time of the
    certificate generation.  After the header, a blank line follows,
    followed by a copy of the protocol message lines.

    Each line shows the old and the new object name at the tip of
    the ref this push tries to update, in the way identical to how
    the underlying "git push" protocol exchange tells the ref
    updates to the receiving end (by recording the "old" object
    name, the push certificate also protects against replaying).  It
    is expected that new command packet types other than the
    old-new-refname kind will be included in push certificate in the
    same way as would appear in the plain vanilla command packets in
    unsigned pushes.

    The user then is asked to sign this push certificate using GPG,
    formatted in a way similar to how signed tag objects are signed,
    and the result is sent to the other side (i.e. receive-pack).

    In the protocol exchange, this step comes immediately before the
    sender tells what the result of the push should be, which in
    turn comes before it sends the pack data.

 3. When the receiving end sees a push certificate, the certificate
    is written out as a blob.  The pre-receive hook can learn about
    the certificate by checking GIT_PUSH_CERT environment variable,
    which, if present, tells the object name of this blob, and make
    the decision to allow or reject this push.  Additionally, the
    post-receive hook can also look at the certificate, which may be
    a good place to log all the received certificates for later
    audits.

Because a push certificate carry the same information as the usual
command packets in the protocol exchange, we can omit the latter
when a push certificate is in use and reduce the protocol overhead.
This however is not included in this patch to make it easier to
review (in other words, the series at this step should never be
released without the remainder of the series, as it implements an
interim protocol that will be incompatible with the final one).
As such, the documentation update for the protocol is left out of
this step.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-09-15 13:23:20 -07:00
Junio C Hamano
b16665e832 Merge branch 'tf/maint-doc-push'
* tf/maint-doc-push:
  git-push: fix link in man page
2014-08-04 14:03:45 -07:00
Tony Finch
2147fa7e19 git-push: fix link in man page
Signed-off-by: Tony Finch <dot@dotat.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-07-31 10:17:37 -07:00