Re: [PATCHv2] push: heed user.signingkey for signed pushes

[Junio C Hamano <gitster@pobox.com>]

Michael J Gruber <git@drmicha.warpmail.net> writes:

> push --signed promises to take user.signingkey as the signing key but
> fails to read the config.
>
> Make it do so.
>
> Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
> ---
> Okay, I guess this is nicer. We do have the committer info in the env. Sorry.
>
>  builtin/push.c         |  13 ++++++++++++-
>  t/lib-gpg/trustdb.gpg  | Bin 1360 -> 1360 bytes
>  t/t5534-push-signed.sh |  44 ++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 56 insertions(+), 1 deletion(-)

Hmph, I simply forgot about that configuration, I guess.

What is this change to trustdb about, though?  The log message does
not say anything about it.

>
> diff --git a/builtin/push.c b/builtin/push.c
> index ae56f73..a076b19 100644
> --- a/builtin/push.c
> +++ b/builtin/push.c
> @@ -471,6 +471,17 @@ static int option_parse_recurse_submodules(const struct option *opt,
>  	return 0;
>  }
>  
> +static int git_push_config(const char *k, const char *v, void *cb)
> +{
> +	struct wt_status *s = cb;
> +	int status;
> +
> +	status = git_gpg_config(k, v, NULL);
> +	if (status)
> +		return status;
> +	return git_default_config(k, v, s);
> +}
> +
>  int cmd_push(int argc, const char **argv, const char *prefix)
>  {
>  	int flags = 0;
> @@ -511,7 +522,7 @@ int cmd_push(int argc, const char **argv, const char *prefix)
>  	};
>  
>  	packet_trace_identity("push");
> -	git_config(git_default_config, NULL);
> +	git_config(git_push_config, NULL);
>  	argc = parse_options(argc, argv, prefix, options, push_usage, 0);
>  
>  	if (deleterefs && (tags || (flags & (TRANSPORT_PUSH_ALL | TRANSPORT_PUSH_MIRROR))))
> diff --git a/t/lib-gpg/trustdb.gpg b/t/lib-gpg/trustdb.gpg
> index 4879ae9a84650a93a4d15bd6560c5d1b89eb4c2f..c11b1464b3d13b45966a493e2174fc0e253ddd0c 100644
> GIT binary patch
> delta 47
> ncmcb>b%9HOF})z2nVFH5k%@sJ#C^}~iH71E)x}wb7%%_;=xPS!
>
> delta 51
> tcmcb>b%9HSF})z2nVFH5k%@sJ&}Z5*1_lPkiGso#)x}wb*nk{V008$D2C@JE
>
> diff --git a/t/t5534-push-signed.sh b/t/t5534-push-signed.sh
> index 2786346..ecb8d44 100755
> --- a/t/t5534-push-signed.sh
> +++ b/t/t5534-push-signed.sh
> @@ -124,4 +124,48 @@ test_expect_success GPG 'signed push sends push certificate' '
>  	test_cmp expect dst/push-cert-status
>  '
>  
> +test_expect_success GPG 'fail without key and heed user.signingkey' '
> +	prepare_dst &&
> +	mkdir -p dst/.git/hooks &&
> +	git -C dst config receive.certnonceseed sekrit &&
> +	write_script dst/.git/hooks/post-receive <<-\EOF &&
> +	# discard the update list
> +	cat >/dev/null
> +	# record the push certificate
> +	if test -n "${GIT_PUSH_CERT-}"
> +	then
> +		git cat-file blob $GIT_PUSH_CERT >../push-cert
> +	fi &&
> +
> +	cat >../push-cert-status <<E_O_F
> +	SIGNER=${GIT_PUSH_CERT_SIGNER-nobody}
> +	KEY=${GIT_PUSH_CERT_KEY-nokey}
> +	STATUS=${GIT_PUSH_CERT_STATUS-nostatus}
> +	NONCE_STATUS=${GIT_PUSH_CERT_NONCE_STATUS-nononcestatus}
> +	NONCE=${GIT_PUSH_CERT_NONCE-nononce}
> +	E_O_F
> +
> +	EOF
> +
> +	unset GIT_COMMITTER_EMAIL &&
> +	git config user.email hasnokey@nowhere.com &&
> +	test_must_fail git push --signed dst noop ff +noff &&
> +	git config user.signingkey committer@example.com &&
> +	git push --signed dst noop ff +noff &&
> +
> +	(
> +		cat <<-\EOF &&
> +		SIGNER=C O Mitter <committer@example.com>
> +		KEY=13B6F51ECDDE430D
> +		STATUS=G
> +		NONCE_STATUS=OK
> +		EOF
> +		sed -n -e "s/^nonce /NONCE=/p" -e "/^$/q" dst/push-cert
> +	) >expect &&
> +
> +	grep "$(git rev-parse noop ff) refs/heads/ff" dst/push-cert &&
> +	grep "$(git rev-parse noop noff) refs/heads/noff" dst/push-cert &&
> +	test_cmp expect dst/push-cert-status
> +'
> +
>  test_done