[PATCH v6 00/23] Signed push

[Junio C Hamano <gitster@pobox.com>]

No changes to the earlier 20 patches in the series since the last
round ($gmane/257087).  The last three patches in the series have
been reworked and reordered to:

 - plug a small leak in replay prevention code;
 - smart HTTP integration and test are in a single patch;
 - handling of a stale nonce in smart HTTP mode was reworked.

I think this round is ready for 'next'.  Those who work on various
reimplementations of Git may want to start thinking about adding
support for the "push-cert" feature in their receive-pack, and those
who use server-side pre-receive/post-receive hooks (Gitolite, I am
looking at you ;-) may want to start planning to take advantage of
it.

Junio C Hamano (23):
  receive-pack: do not overallocate command structure
  receive-pack: parse feature request a bit earlier
  receive-pack: do not reuse old_sha1[] for other things
  receive-pack: factor out queueing of command
  send-pack: move REF_STATUS_REJECT_NODELETE logic a bit higher
  send-pack: refactor decision to send update per ref
  send-pack: always send capabilities
  send-pack: factor out capability string generation
  receive-pack: factor out capability string generation
  send-pack: rename "new_refs" to "need_pack_data"
  send-pack: refactor inspecting and resetting status and sending commands
  send-pack: clarify that cmds_sent is a boolean
  gpg-interface: move parse_gpg_output() to where it should be
  gpg-interface: move parse_signature() to where it should be
  pack-protocol doc: typofix for PKT-LINE
  push: the beginning of "git push --signed"
  receive-pack: GPG-validate push certificates
  send-pack: send feature request on push-cert packet
  signed push: remove duplicated protocol info
  signed push: add "pushee" header to push certificate
  signed push: fortify against replay attacks
  signed push: teach smart-HTTP to pass "git push --signed" around
  signed push: allow stale nonce in stateless mode

 Documentation/config.txt                          |  19 ++
 Documentation/git-push.txt                        |   9 +-
 Documentation/git-receive-pack.txt                |  65 +++-
 Documentation/technical/pack-protocol.txt         |  49 ++-
 Documentation/technical/protocol-capabilities.txt |  13 +-
 builtin/push.c                                    |   1 +
 builtin/receive-pack.c                            | 393 +++++++++++++++++++---
 builtin/send-pack.c                               |   4 +
 commit.c                                          |  36 --
 gpg-interface.c                                   |  57 ++++
 gpg-interface.h                                   |  17 +-
 remote-curl.c                                     |  13 +-
 send-pack.c                                       | 201 ++++++++---
 send-pack.h                                       |   2 +
 t/lib-httpd/apache.conf                           |   1 +
 t/t5534-push-signed.sh                            | 127 +++++++
 t/t5541-http-push-smart.sh                        |  41 +++
 t/test-lib.sh                                     |   3 +-
 tag.c                                             |  20 --
 tag.h                                             |   1 -
 transport-helper.c                                |   9 +-
 transport.c                                       |   5 +
 transport.h                                       |   5 +
 23 files changed, 932 insertions(+), 159 deletions(-)
 create mode 100755 t/t5534-push-signed.sh

-- 
2.1.0-403-g099cf47