Slightly re-rolled from last night. - Marked push-certificate format as version 0 while we are still experimenting; - The push certificate records new object name and the refname; - Add support for an external hook "pre-receive-signature". One issue internally debated was if we want to list the refs that matched the pushing criteria but were found to be already up to date, and this can be argued both ways. - You can say that you are making assertion that you want to have a certain object at that ref, in which case you would want to include them. - On the other hand, for the purpose of leaving audit-trail, if the ref you tried to push already had the object you wanted to see at the tip of a ref, you weren't the person who made the ref point at the object, and it would be sensible not to include them. Taking the latter stance is slightly easier on the end users, because "Everything up-to-date" case becomes a no-op as the natural consequence, and we do not have to ask them to unlock their GPG key in such a case. It however makes it impossible to say "Earlier I pushed that object to the tip of my branch but forgot to sign the push, and I want to make a signed push, even though I didn't add anything to my history." People who configured to push out more than one branches with "git push" often work on one branch, run "git push" which ends up pushing that branch but not other branches, then work on another branch and run "git push" to push out that other branch, while the branch he earlier pushed out stays the same since his last push. For such people, the first "push" is not necessarily even an assertion that he wants to have both branches pointing at certain commits, and from that point of view, not including the latter branch he hasn't worked on (and stayed up-to-date) in the push certifiate is a sensible thing to do. As there is no single right answer, this round of re-roll keeps the latter semantics to record only what you pushed out as the original series. Junio C Hamano (7): send-pack: typofix error message Split GPG interface into its own helper library push -s: skeleton push -s: send signed push certificate push -s: receiving end refactor run_receive_hook() push -s: support pre-receive-signature hook Makefile | 2 + builtin/push.c | 1 + builtin/receive-pack.c | 206 +++++++++++++++++++++++++++++++++++++++++++----- builtin/send-pack.c | 61 +++++++++++++- builtin/tag.c | 60 ++------------ builtin/verify-tag.c | 35 +-------- gpg-interface.c | 94 ++++++++++++++++++++++ gpg-interface.h | 11 +++ send-pack.h | 1 + transport.c | 4 + transport.h | 4 + 11 files changed, 369 insertions(+), 110 deletions(-) create mode 100644 gpg-interface.c create mode 100644 gpg-interface.h -- 1.7.7.rc0.188.g3793ac -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html