opendev/gerrit
Code Issues Proposed changes

Configure signed push globally in Gerrit config

Browse Source 
Instead of depending on the standard C git option
receive.certNonceSeed to enable signed push, require a separate option
receive.enableSignedPush. This avoids tying enabling the functionality
to a particular implementation of nonce validation, and in the common
case we can just use a new random seed on startup.

The standard C git keys receive.certNonceSeed and
receive.certNonceSlop are supported, but read them from the global
Gerrit config (preferably secure.config).

Change-Id: Ib38d16052e8896e860e4d9639c62b2023784ef97
This commit is contained in:
Dave Borowitz
2015-06-18 20:28:22 -04:00
parent 90ed9414c2
commit 532342bf0e
3 changed files with 85 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gerrit-server/src/test/java/com/google/gerrit/testutil/InMemoryModule.java
View File

@@ -94,6 +94,8 @@ public class InMemoryModule extends FactoryModule {
cfg.setInt("index", "lucene", "testVersion",
ChangeSchemas.getLatest().getVersion());
cfg.setInt("sendemail", null, "threadPoolSize", 0);
cfg.setBoolean("receive", null, "enableSignedPush", false);
cfg.setString("receive", null, "certNonceSeed", "sekret");
}
private final Config cfg;