"Robin H. Johnson" <robbat2@xxxxxxxxxx> writes: > On Mon, Feb 01, 2016 at 02:49:09PM -0800, Junio C Hamano wrote: >> Are you talking about something other than prepare_push_cert_sha1()? > I went and verified it, and what was reported to me was slightly wrong. Only > some of the field are empty, notably CERT_KEY and SIGNER. > > Signed push with an unknown key: > === > remote: No signature found > remote: Your push was not signed with a known key. > remote: You MUST use git push --signed with a known key. > remote: If you just updated your key, please wait 15 minutes for sync. > remote: git-receive-pack variables: > remote: GIT_PUSH_CERT='1c471177906014e65e2825ee71572bf749970c16' > remote: GIT_PUSH_CERT_KEY='' > remote: GIT_PUSH_CERT_NONCE='1454372558-35db7be4533958f14731' > remote: GIT_PUSH_CERT_NONCE_SLOP='' > remote: GIT_PUSH_CERT_NONCE_STATUS='OK' > remote: GIT_PUSH_CERT_SIGNER='' > remote: GIT_PUSH_CERT_STATUS='N' OK, this matches my expectation, and my earlier response to you is consistent with the above output, so there isn't much to add to the discussion from me. I was primarily worried about GIT_PUSH_CERT not being passed, but that does not seem to be the case, which is good. We still give GIT_PUSH_CERT, which makes it possible to write a validation hook that lazily fetches unknown keys as needed to implement its own more advanced checks, while allowing validation hooks that rely on a set of a-priori known keys to be written in a less error-prone way by saying "N" for "unknown" case. Thanks. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html