diff options
| author | Justin Tobler <jltobler@gmail.com> | 2026-03-26 14:14:11 -0500 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2026-03-26 12:42:57 -0700 |
| commit | 4c36345e04cbef7edb94557119acba9f9a38c26f (patch) | |
| tree | 88a1c65ff664d9496c69064d9c34ae2d4707e771 /builtin | |
| parent | 6d35cc472e24394edb21a9b4d0abe25f5b2a91f2 (diff) | |
| download | git-4c36345e04cbef7edb94557119acba9f9a38c26f.tar.xz | |
fast-import: add 'abort-if-invalid' mode to '--signed-commits=<mode>'
The '--signed-commits=<mode>' option for git-fast-import(1) configures
how signed commits are handled when encountered. In cases where an
invalid commit signature is encountered, a user may wish to abort the
operation entirely. Introduce an 'abort-if-invalid' mode to do so.
Signed-off-by: Justin Tobler <jltobler@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin')
| -rw-r--r-- | builtin/fast-export.c | 2 | ||||
| -rw-r--r-- | builtin/fast-import.c | 10 |
2 files changed, 10 insertions, 2 deletions
diff --git a/builtin/fast-export.c b/builtin/fast-export.c index a30fb90b6e..2eb43a28da 100644 --- a/builtin/fast-export.c +++ b/builtin/fast-export.c @@ -65,7 +65,7 @@ static int parse_opt_sign_mode(const struct option *opt, return 0; if (parse_sign_mode(arg, val, NULL) || (*val == SIGN_STRIP_IF_INVALID) || - (*val == SIGN_SIGN_IF_INVALID)) + (*val == SIGN_SIGN_IF_INVALID) || (*val == SIGN_ABORT_IF_INVALID)) return error(_("unknown %s mode: %s"), opt->long_name, arg); return 0; diff --git a/builtin/fast-import.c b/builtin/fast-import.c index 9fc6c35b74..08ea27242d 100644 --- a/builtin/fast-import.c +++ b/builtin/fast-import.c @@ -2892,6 +2892,9 @@ static void handle_signature_if_invalid(struct strbuf *new_data, ret = verify_commit_buffer(tmp_buf.buf, tmp_buf.len, &signature_check); if (ret) { + if (mode == SIGN_ABORT_IF_INVALID) + die(_("aborting due to invalid signature")); + warn_invalid_signature(&signature_check, msg->buf, mode); if (mode == SIGN_SIGN_IF_INVALID) { @@ -2983,6 +2986,7 @@ static void parse_new_commit(const char *arg) case SIGN_VERBATIM: case SIGN_STRIP_IF_INVALID: case SIGN_SIGN_IF_INVALID: + case SIGN_ABORT_IF_INVALID: import_one_signature(&sig_sha1, &sig_sha256, v); break; @@ -3068,7 +3072,8 @@ static void parse_new_commit(const char *arg) encoding); if ((signed_commit_mode == SIGN_STRIP_IF_INVALID || - signed_commit_mode == SIGN_SIGN_IF_INVALID) && + signed_commit_mode == SIGN_SIGN_IF_INVALID || + signed_commit_mode == SIGN_ABORT_IF_INVALID) && (sig_sha1.hash_algo || sig_sha256.hash_algo)) handle_signature_if_invalid(&new_data, &sig_sha1, &sig_sha256, &msg, signed_commit_mode); @@ -3115,6 +3120,9 @@ static void handle_tag_signature(struct strbuf *msg, const char *name) case SIGN_ABORT: die(_("encountered signed tag; use " "--signed-tags=<mode> to handle it")); + case SIGN_ABORT_IF_INVALID: + die(_("'abort-if-invalid' is not a valid mode for " + "git fast-import with --signed-tags=<mode>")); case SIGN_STRIP_IF_INVALID: die(_("'strip-if-invalid' is not a valid mode for " "git fast-import with --signed-tags=<mode>")); |