c5861d81cb
Add a simple pre-receive hook using JGit's new signed push support to verify certificates. The hook checks the nonce status and validates the signature against a stored public key. Public keys are stored in a special notes branch refs/gpg-keys[1], where the annotated "object" is the GPG key ID right-padded with zeroes to SHA-1 length.This allows us to easily reuse the existing notes fanout code for read/write; this is appropriate since key IDs should be more or less uniformly distributed across the 64-bit space. (A future implementation may not require right-padding of these values, but this storage formatting change should not be hard to introduce.) This change does not address sitewide configuration of signed push and nonce verification; it depends on the existing receive.certNonceSeed configuration option in each repository. Likewise, it does not address adding keys to All-Users or establishing trust. Adventurous admins will have to populate that ref by hand for now. Tests for this functionality will be difficult, since the JGit client does not yet have client support for signed push. (And it's unclear when it will, since upstream probably does not want a Bouncy Castle dependency.) For now, it is only manually tested. [1] Although the technical name in RFC 4880 is "OpenPGP", we use "GPG" for consistency with C git, which uses the gpg tool by default and uses "gpg" in config option names. Change-Id: I9f75b132ca242b5cbce65e66f5e4904c92bcae8f