[PATCH 7/7] Add a config option push.gpgSign for default signed pushes

[Dave Borowitz <dborowitz@google.com>]

---
 Documentation/config.txt |  8 ++++++++
 builtin/push.c           | 22 ++++++++++++++++++++++
 builtin/send-pack.c      | 27 ++++++++++++++++++++++++++-
 3 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/Documentation/config.txt b/Documentation/config.txt
index 016f6e9..6804f5b 100644
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -2178,6 +2178,14 @@ push.followTags::
 	may override this configuration at time of push by specifying
 	'--no-follow-tags'.
 
+push.gpgSign::
+	May be set to a boolean value, or the string 'if-possible'. A
+	true value causes all pushes to be GPG signed, as if '--signed'
+	is passed to linkgit:git-push[1]. The string 'if-possible'
+	causes pushes to be signed if the server supports it, as if
+	'--signed-if-possible' is passed to 'git push'. A false value
+	may override a value from a lower-priority config file. An
+	explicit command-line flag always overrides this config option.
 
 rebase.stat::
 	Whether to show a diffstat of what changed upstream since the last
diff --git a/builtin/push.c b/builtin/push.c
index 95a67c5..8972193 100644
--- a/builtin/push.c
+++ b/builtin/push.c
@@ -491,6 +491,26 @@ static int git_push_config(const char *k, const char *v, void *cb)
 	return git_default_config(k, v, NULL);
 }
 
+static void set_push_cert_flags_from_config(int *flags)
+{
+	const char *value;
+	/* Ignore config if flags were set from command line. */
+	if (*flags & (TRANSPORT_PUSH_CERT_ALWAYS | TRANSPORT_PUSH_CERT_IF_POSSIBLE))
+		return;
+	if (!git_config_get_value("push.gpgsign", &value)) {
+		switch (git_config_maybe_bool("push.gpgsign", value)) {
+		case 1:
+			*flags |= TRANSPORT_PUSH_CERT_ALWAYS;
+			break;
+		default:
+			if (value && !strcmp(value, "if-possible"))
+				*flags |= TRANSPORT_PUSH_CERT_IF_POSSIBLE;
+			else
+				die(_("Invalid value for 'push.gpgsign'"));
+		}
+	}
+}
+
 int cmd_push(int argc, const char **argv, const char *prefix)
 {
 	int flags = 0;
@@ -537,6 +557,8 @@ int cmd_push(int argc, const char **argv, const char *prefix)
 	git_config(git_push_config, &flags);
 	argc = parse_options(argc, argv, prefix, options, push_usage, 0);
 
+	set_push_cert_flags_from_config(&flags);
+
 	if (deleterefs && (tags || (flags & (TRANSPORT_PUSH_ALL | TRANSPORT_PUSH_MIRROR))))
 		die(_("--delete is incompatible with --all, --mirror and --tags"));
 	if (deleterefs && argc < 2)
diff --git a/builtin/send-pack.c b/builtin/send-pack.c
index 8eebbf4..9c8b7de 100644
--- a/builtin/send-pack.c
+++ b/builtin/send-pack.c
@@ -92,6 +92,31 @@ static void print_helper_status(struct ref *ref)
 	strbuf_release(&buf);
 }
 
+static int send_pack_config(const char *k, const char *v, void *cb)
+{
+	git_gpg_config(k, v, NULL);
+
+	if (!strcmp(k, "push.gpgsign")) {
+		const char *value;
+		if (!git_config_get_value("push.gpgsign", &value)) {
+			switch (git_config_maybe_bool("push.gpgsign", value)) {
+			case 0:
+				args.push_cert = SEND_PACK_PUSH_CERT_NEVER;
+				break;
+			case 1:
+				args.push_cert = SEND_PACK_PUSH_CERT_ALWAYS;
+				break;
+			default:
+				if (value && !strcasecmp(value, "if-possible"))
+					args.push_cert = SEND_PACK_PUSH_CERT_IF_POSSIBLE;
+				else
+					return error("Invalid value for '%s'", k);
+			}
+		}
+	}
+	return 0;
+}
+
 int cmd_send_pack(int argc, const char **argv, const char *prefix)
 {
 	int i, nr_refspecs = 0;
@@ -114,7 +139,7 @@ int cmd_send_pack(int argc, const char **argv, const char *prefix)
 	int from_stdin = 0;
 	struct push_cas_option cas = {0};
 
-	git_config(git_gpg_config, NULL);
+	git_config(send_pack_config, NULL);
 
 	argv++;
 	for (i = 1; i < argc; i++, argv++) {
-- 
2.5.0.276.gf5e568e