Configure signed push verification on a per-project basis
Add a new inheritable boolean "enableSignedPush" to configure the
hook for each project, assuming it is enabled for the server. For the
default case, where it is not configured on the server, do not
surface this value in the UI at all.
Change-Id: I51baab5bfc15607a3c47ee8752b10d4972e8550e
diff --git a/Documentation/config-project-config.txt b/Documentation/config-project-config.txt
index 276117b..0d3ff58 100644
--- a/Documentation/config-project-config.txt
+++ b/Documentation/config-project-config.txt
@@ -154,6 +154,16 @@
+
The default value for this is true, false disables the checks.
+[[receive.enableSignedPush]]receive.enableSignedPush::
++
+Controls whether server-side signed push validation is enabled on the
+project. Only has an effect if signed push validation is enabled on the
+server; see the link:config-gerrit.html#receive.enableSignedPush[global
+configuration] for details.
++
+Default is `INHERIT`, which means that this property is inherited from
+the parent project.
+
[[submit-section]]
=== Submit section
diff --git a/Documentation/rest-api-config.txt b/Documentation/rest-api-config.txt
index 88aec2e..7b5dd44 100644
--- a/Documentation/rest-api-config.txt
+++ b/Documentation/rest-api-config.txt
@@ -1277,6 +1277,20 @@
The number of open files.
|============================
+[[receive-info]]
+=== ReceiveInfo
+The `ReceiveInfo` entity contains information about the configuration
+of git-receive-pack behavior on the server.
+
+[options="header",cols="1,^1,5"]
+|=======================================
+|Field Name ||Description
+|`enableSignedPush`|optional|
+Whether signed push validation support is enabled on the server; see the
+link:config-gerrit.html#receive.certNonceSeed[global configuration] for
+details.
+|=======================================
+
[[server-info]]
=== ServerInfo
The `ServerInfo` entity contains information about the configuration of
@@ -1306,6 +1320,9 @@
|`gitweb ` |optional|
Information about the link:config-gerrit.html#gitweb[gitweb]
configuration as link:#git-web-info[GitwebInfo] entity.
+|`receive` |optional|
+Information about the receive-pack configuration as a
+link:#receive-info[ReceiveInfo] entity.
|`sshd` |optional|
Information about the configuration from the
link:config-gerrit.html#sshd[sshd] section as link:#sshd-info[SshdInfo]
diff --git a/Documentation/rest-api-projects.txt b/Documentation/rest-api-projects.txt
index a25c7bb..4658e2c 100644
--- a/Documentation/rest-api-projects.txt
+++ b/Documentation/rest-api-projects.txt
@@ -731,6 +731,7 @@
"use_content_merge": "INHERIT",
"use_signed_off_by": "INHERIT",
"create_new_change_for_all_not_in_target": "INHERIT",
+ "enable_signed_push": "INHERIT",
"require_change_id": "TRUE",
"max_object_size_limit": "10m",
"submit_type": "REBASE_IF_NECESSARY",
@@ -774,6 +775,11 @@
"configured_value": "TRUE",
"inherited_value": true
},
+ "enable_signed_push": {
+ "value": true,
+ "configured_value": "INHERIT",
+ "inherited_value": false
+ },
"max_object_size_limit": {
"value": "10m",
"configured_value": "10m",
@@ -1902,6 +1908,9 @@
valid link:user-changeid.html[Change-Id] footer in any commit uploaded
for review is required. This does not apply to commits pushed directly
to a branch or tag.
+|`enable_signed_push` |optional|
+link:#inherited-boolean-info[InheritedBooleanInfo] that tells whether
+signed push validation is enabled on the project.
|`max_object_size_limit` ||
The link:config-gerrit.html#receive.maxObjectSizeLimit[max object size
limit] of this project as a link:#max-object-size-limit-info[
diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.java
index 86f543a..6fbd678 100644
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.java
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.java
@@ -42,6 +42,7 @@
String useContributorAgreements();
String useSignedOffBy();
String createNewChangeForAllNotInTarget();
+ String enableSignedPush();
String requireChangeID();
String headingMaxObjectSizeLimit();
String headingGroupOptions();
diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
index affbe61..8aaa95e 100644
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/AdminConstants.properties
@@ -24,6 +24,7 @@
useContributorAgreements = Require a valid contributor agreement to upload
useSignedOffBy = Require <code>Signed-off-by</code> in commit message
createNewChangeForAllNotInTarget = Create a new change for every commit not in the target branch
+enableSignedPush = Enable signed push
requireChangeID = Require <code>Change-Id</code> in commit message
headingMaxObjectSizeLimit = Maximum Git object size limit
headingGroupOptions = Group Options
diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/ProjectInfoScreen.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/ProjectInfoScreen.java
index 104ef93..e6f262c 100644
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/ProjectInfoScreen.java
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/admin/ProjectInfoScreen.java
@@ -82,6 +82,7 @@
private ListBox state;
private ListBox contentMerge;
private ListBox newChangeForAllNotInTarget;
+ private ListBox enableSignedPush;
private NpTextBox maxObjectSizeLimit;
private Label effectiveMaxObjectSizeLimit;
private Map<String, Map<String, HasEnabled>> pluginConfigWidgets;
@@ -162,6 +163,9 @@
submitType.setEnabled(isOwner);
setEnabledForUseContentMerge();
newChangeForAllNotInTarget.setEnabled(isOwner);
+ if (enableSignedPush != null) {
+ enableSignedPush.setEnabled(isOwner);
+ }
descTxt.setEnabled(isOwner);
contributorAgreements.setEnabled(isOwner);
signedOffBy.setEnabled(isOwner);
@@ -226,6 +230,12 @@
saveEnabler.listenTo(requireChangeID);
grid.addHtml(Util.C.requireChangeID(), requireChangeID);
+ if (Gerrit.info().receive().enableSignedPush()) {
+ enableSignedPush = newInheritedBooleanBox();
+ saveEnabler.listenTo(enableSignedPush);
+ grid.add(Util.C.enableSignedPush(), enableSignedPush);
+ }
+
maxObjectSizeLimit = new NpTextBox();
saveEnabler.listenTo(maxObjectSizeLimit);
effectiveMaxObjectSizeLimit = new Label();
@@ -349,6 +359,9 @@
setBool(contentMerge, result.useContentMerge());
setBool(newChangeForAllNotInTarget, result.createNewChangeForAllNotInTarget());
setBool(requireChangeID, result.requireChangeId());
+ if (enableSignedPush != null) {
+ setBool(enableSignedPush, result.enableSignedPush());
+ }
setSubmitType(result.submitType());
setState(result.state());
maxObjectSizeLimit.setText(result.maxObjectSizeLimit().configuredValue());
@@ -618,9 +631,12 @@
private void doSave() {
enableForm(false);
saveProject.setEnabled(false);
+ InheritableBoolean sp = enableSignedPush != null
+ ? getBool(enableSignedPush) : null;
ProjectApi.setConfig(getProjectKey(), descTxt.getText().trim(),
getBool(contributorAgreements), getBool(contentMerge),
getBool(signedOffBy), getBool(newChangeForAllNotInTarget), getBool(requireChangeID),
+ sp,
maxObjectSizeLimit.getText().trim(),
SubmitType.valueOf(submitType.getValue(submitType.getSelectedIndex())),
ProjectState.valueOf(state.getValue(state.getSelectedIndex())),
diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/config/ServerInfo.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/config/ServerInfo.java
index 72b1f4b..1030f81 100644
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/config/ServerInfo.java
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/config/ServerInfo.java
@@ -26,6 +26,7 @@
public final native SshdInfo sshd() /*-{ return this.sshd; }-*/;
public final native SuggestInfo suggest() /*-{ return this.suggest; }-*/;
public final native UserConfigInfo user() /*-{ return this.user; }-*/;
+ public final native ReceiveInfo receive() /*-{ return this.receive; }-*/;
public final boolean hasContactStore() {
return contactStore() != null;
@@ -74,4 +75,12 @@
protected UserConfigInfo() {
}
}
+
+ public static class ReceiveInfo extends JavaScriptObject {
+ public final native boolean enableSignedPush()
+ /*-{ return this.enable_signed_push || false; }-*/;
+
+ protected ReceiveInfo() {
+ }
+ }
}
diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/projects/ConfigInfo.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/projects/ConfigInfo.java
index b91c5de..2c0bab3 100644
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/projects/ConfigInfo.java
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/projects/ConfigInfo.java
@@ -50,6 +50,9 @@
public final native InheritedBooleanInfo useSignedOffBy()
/*-{ return this.use_signed_off_by; }-*/;
+ public final native InheritedBooleanInfo enableSignedPush()
+ /*-{ return this.enable_signed_push; }-*/;
+
public final SubmitType submitType() {
return SubmitType.valueOf(submitTypeRaw());
}
diff --git a/gerrit-gwtui/src/main/java/com/google/gerrit/client/projects/ProjectApi.java b/gerrit-gwtui/src/main/java/com/google/gerrit/client/projects/ProjectApi.java
index d81dfe5..53eba42 100644
--- a/gerrit-gwtui/src/main/java/com/google/gerrit/client/projects/ProjectApi.java
+++ b/gerrit-gwtui/src/main/java/com/google/gerrit/client/projects/ProjectApi.java
@@ -99,7 +99,9 @@
InheritableBoolean useContributorAgreements,
InheritableBoolean useContentMerge, InheritableBoolean useSignedOffBy,
InheritableBoolean createNewChangeForAllNotInTarget,
- InheritableBoolean requireChangeId, String maxObjectSizeLimit,
+ InheritableBoolean requireChangeId,
+ InheritableBoolean enableSignedPush,
+ String maxObjectSizeLimit,
SubmitType submitType, ProjectState state,
Map<String, Map<String, ConfigParameterValue>> pluginConfigValues,
AsyncCallback<ConfigInfo> cb) {
@@ -110,6 +112,9 @@
in.setUseSignedOffBy(useSignedOffBy);
in.setRequireChangeId(requireChangeId);
in.setCreateNewChangeForAllNotInTarget(createNewChangeForAllNotInTarget);
+ if (enableSignedPush != null) {
+ in.setEnableSignedPush(enableSignedPush);
+ }
in.setMaxObjectSizeLimit(maxObjectSizeLimit);
in.setSubmitType(submitType);
in.setState(state);
@@ -230,6 +235,12 @@
private final native void setCreateNewChangeForAllNotInTargetRaw(String v)
/*-{ if(v)this.create_new_change_for_all_not_in_target=v; }-*/;
+ final void setEnableSignedPush(InheritableBoolean v) {
+ setEnableSignedPushRaw(v.name());
+ }
+ private final native void setEnableSignedPushRaw(String v)
+ /*-{ if(v)this.enable_signed_push=v; }-*/;
+
final native void setMaxObjectSizeLimit(String l)
/*-{ if(l)this.max_object_size_limit=l; }-*/;
diff --git a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/Project.java b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/Project.java
index 209998a..ce1b27f 100644
--- a/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/Project.java
+++ b/gerrit-reviewdb/src/main/java/com/google/gerrit/reviewdb/client/Project.java
@@ -96,6 +96,8 @@
protected InheritableBoolean createNewChangeForAllNotInTarget;
+ protected InheritableBoolean enableSignedPush;
+
protected Project() {
}
@@ -108,6 +110,7 @@
requireChangeID = InheritableBoolean.INHERIT;
useContentMerge = InheritableBoolean.INHERIT;
createNewChangeForAllNotInTarget = InheritableBoolean.INHERIT;
+ enableSignedPush = InheritableBoolean.INHERIT;
}
public Project.NameKey getNameKey() {
@@ -171,6 +174,14 @@
this.createNewChangeForAllNotInTarget = useAllNotInTarget;
}
+ public InheritableBoolean getEnableSignedPush() {
+ return enableSignedPush;
+ }
+
+ public void setEnableSignedPush(InheritableBoolean enable) {
+ enableSignedPush = enable;
+ }
+
public void setMaxObjectSizeLimit(final String limit) {
maxObjectSizeLimit = limit;
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/config/GetServerInfo.java b/gerrit-server/src/main/java/com/google/gerrit/server/config/GetServerInfo.java
index 673147f..7c39e6d 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/config/GetServerInfo.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/config/GetServerInfo.java
@@ -29,6 +29,7 @@
import com.google.gerrit.server.account.Realm;
import com.google.gerrit.server.change.ArchiveFormat;
import com.google.gerrit.server.change.GetArchive;
+import com.google.gerrit.server.git.SignedPushModule;
import com.google.inject.Inject;
import org.eclipse.jgit.lib.Config;
@@ -93,6 +94,7 @@
info.sshd = getSshdInfo(config);
info.suggest = getSuggestInfo(config);
info.user = getUserInfo(anonymousCowardName);
+ info.receive = getReceiveInfo(config);
return info;
}
@@ -266,6 +268,12 @@
return info;
}
+ private ReceiveInfo getReceiveInfo(Config cfg) {
+ ReceiveInfo info = new ReceiveInfo();
+ info.enableSignedPush = SignedPushModule.isEnabled(cfg);
+ return info;
+ }
+
private static Boolean toBoolean(boolean v) {
return v ? v : null;
}
@@ -280,6 +288,7 @@
public SshdInfo sshd;
public SuggestInfo suggest;
public UserConfigInfo user;
+ public ReceiveInfo receive;
}
public static class AuthInfo {
@@ -343,4 +352,8 @@
public static class UserConfigInfo {
public String anonymousCowardName;
}
+
+ public static class ReceiveInfo {
+ public Boolean enableSignedPush;
+ }
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/git/ProjectConfig.java b/gerrit-server/src/main/java/com/google/gerrit/server/git/ProjectConfig.java
index b25c024..b0107cc 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/git/ProjectConfig.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/git/ProjectConfig.java
@@ -118,6 +118,7 @@
private static final String KEY_REQUIRE_CONTRIBUTOR_AGREEMENT =
"requireContributorAgreement";
private static final String KEY_CHECK_RECEIVED_OBJECTS = "checkReceivedObjects";
+ private static final String KEY_ENABLE_SIGNED_PUSH = "enableSignedPush";
private static final String SUBMIT = "submit";
private static final String KEY_ACTION = "action";
@@ -418,6 +419,8 @@
p.setUseSignedOffBy(getEnum(rc, RECEIVE, null, KEY_REQUIRE_SIGNED_OFF_BY, InheritableBoolean.INHERIT));
p.setRequireChangeID(getEnum(rc, RECEIVE, null, KEY_REQUIRE_CHANGE_ID, InheritableBoolean.INHERIT));
p.setCreateNewChangeForAllNotInTarget(getEnum(rc, RECEIVE, null, KEY_USE_ALL_NOT_IN_TARGET, InheritableBoolean.INHERIT));
+ p.setEnableSignedPush(getEnum(rc, RECEIVE, null,
+ KEY_ENABLE_SIGNED_PUSH, InheritableBoolean.INHERIT));
p.setMaxObjectSizeLimit(rc.getString(RECEIVE, null, KEY_MAX_OBJECT_SIZE_LIMIT));
p.setSubmitType(getEnum(rc, SUBMIT, null, KEY_ACTION, defaultSubmitAction));
@@ -815,6 +818,8 @@
set(rc, RECEIVE, null, KEY_REQUIRE_CHANGE_ID, p.getRequireChangeID(), InheritableBoolean.INHERIT);
set(rc, RECEIVE, null, KEY_USE_ALL_NOT_IN_TARGET, p.getCreateNewChangeForAllNotInTarget(), InheritableBoolean.INHERIT);
set(rc, RECEIVE, null, KEY_MAX_OBJECT_SIZE_LIMIT, validMaxObjectSizeLimit(p.getMaxObjectSizeLimit()));
+ set(rc, RECEIVE, null, KEY_ENABLE_SIGNED_PUSH,
+ p.getEnableSignedPush(), InheritableBoolean.INHERIT);
set(rc, SUBMIT, null, KEY_ACTION, p.getSubmitType(), defaultSubmitAction);
set(rc, SUBMIT, null, KEY_MERGE_CONTENT, p.getUseContentMerge(), InheritableBoolean.INHERIT);
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/git/SignedPushModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/git/SignedPushModule.java
index e6a7394..88a918d 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/git/SignedPushModule.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/git/SignedPushModule.java
@@ -19,6 +19,8 @@
import com.google.gerrit.extensions.registration.DynamicSet;
import com.google.gerrit.reviewdb.client.Project;
import com.google.gerrit.server.config.GerritServerConfig;
+import com.google.gerrit.server.project.ProjectCache;
+import com.google.gerrit.server.project.ProjectState;
import com.google.gerrit.server.util.BouncyCastleUtil;
import com.google.inject.AbstractModule;
import com.google.inject.Inject;
@@ -58,11 +60,14 @@
private static class Initializer implements ReceivePackInitializer {
private final SignedPushConfig signedPushConfig;
private final SignedPushPreReceiveHook hook;
+ private final ProjectCache projectCache;
@Inject
Initializer(@GerritServerConfig Config cfg,
- SignedPushPreReceiveHook hook) {
+ SignedPushPreReceiveHook hook,
+ ProjectCache projectCache) {
this.hook = hook;
+ this.projectCache = projectCache;
if (isEnabled(cfg)) {
String seed = cfg.getString("receive", null, "certNonceSeed");
@@ -80,11 +85,19 @@
@Override
public void init(Project.NameKey project, ReceivePack rp) {
- rp.setSignedPushConfig(signedPushConfig);
- if (signedPushConfig != null) {
- rp.setPreReceiveHook(PreReceiveHookChain.newChain(Lists.newArrayList(
- hook, rp.getPreReceiveHook())));
+ ProjectState ps = projectCache.get(project);
+ if (!ps.isEnableSignedPush()) {
+ rp.setSignedPushConfig(null);
+ return;
}
+ if (signedPushConfig == null) {
+ log.error("receive.enableSignedPush is true for project {} but"
+ + " false in gerrit.config, so signed push verification is"
+ + " disabled", project.get());
+ }
+ rp.setSignedPushConfig(signedPushConfig);
+ rp.setPreReceiveHook(PreReceiveHookChain.newChain(Lists.newArrayList(
+ hook, rp.getPreReceiveHook())));
}
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/ConfigInfo.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/ConfigInfo.java
index 1c6782c..28700b3 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ConfigInfo.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ConfigInfo.java
@@ -30,9 +30,12 @@
import com.google.gerrit.server.config.PluginConfigFactory;
import com.google.gerrit.server.config.ProjectConfigEntry;
import com.google.gerrit.server.extensions.webui.UiActions;
+import com.google.gerrit.server.git.SignedPushModule;
import com.google.gerrit.server.git.TransferConfig;
import com.google.inject.util.Providers;
+import org.eclipse.jgit.lib.Config;
+
import java.util.Arrays;
import java.util.List;
import java.util.Map;
@@ -45,6 +48,7 @@
public InheritedBooleanInfo useSignedOffBy;
public InheritedBooleanInfo createNewChangeForAllNotInTarget;
public InheritedBooleanInfo requireChangeId;
+ public InheritedBooleanInfo enableSignedPush;
public MaxObjectSizeLimitInfo maxObjectSizeLimit;
public SubmitType submitType;
public com.google.gerrit.extensions.client.ProjectState state;
@@ -54,7 +58,8 @@
public Map<String, CommentLinkInfo> commentlinks;
public ThemeInfo theme;
- public ConfigInfo(ProjectControl control,
+ public ConfigInfo(Config gerritConfig,
+ ProjectControl control,
TransferConfig config,
DynamicMap<ProjectConfigEntry> pluginConfigEntries,
PluginConfigFactory cfgFactory,
@@ -71,6 +76,7 @@
InheritedBooleanInfo requireChangeId = new InheritedBooleanInfo();
InheritedBooleanInfo createNewChangeForAllNotInTarget =
new InheritedBooleanInfo();
+ InheritedBooleanInfo enableSignedPush = new InheritedBooleanInfo();
useContributorAgreements.value = projectState.isUseContributorAgreements();
useSignedOffBy.value = projectState.isUseSignedOffBy();
@@ -86,6 +92,7 @@
requireChangeId.configuredValue = p.getRequireChangeID();
createNewChangeForAllNotInTarget.configuredValue =
p.getCreateNewChangeForAllNotInTarget();
+ enableSignedPush.configuredValue = p.getEnableSignedPush();
ProjectState parentState = Iterables.getFirst(projectState
.parents(), null);
@@ -97,6 +104,7 @@
requireChangeId.inheritedValue = parentState.isRequireChangeID();
createNewChangeForAllNotInTarget.inheritedValue =
parentState.isCreateNewChangeForAllNotInTarget();
+ enableSignedPush.inheritedValue = projectState.isEnableSignedPush();
}
this.useContributorAgreements = useContributorAgreements;
@@ -104,6 +112,9 @@
this.useContentMerge = useContentMerge;
this.requireChangeId = requireChangeId;
this.createNewChangeForAllNotInTarget = createNewChangeForAllNotInTarget;
+ if (SignedPushModule.isEnabled(gerritConfig)) {
+ this.enableSignedPush = enableSignedPush;
+ }
MaxObjectSizeLimitInfo maxObjectSizeLimit = new MaxObjectSizeLimitInfo();
maxObjectSizeLimit.value =
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/GetConfig.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/GetConfig.java
index bb91097..2ab10c9 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/GetConfig.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/GetConfig.java
@@ -18,15 +18,18 @@
import com.google.gerrit.extensions.restapi.RestReadView;
import com.google.gerrit.extensions.restapi.RestView;
import com.google.gerrit.server.config.AllProjectsNameProvider;
+import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.config.PluginConfigFactory;
import com.google.gerrit.server.config.ProjectConfigEntry;
import com.google.gerrit.server.git.TransferConfig;
import com.google.inject.Inject;
import com.google.inject.Singleton;
+import org.eclipse.jgit.lib.Config;
+
@Singleton
public class GetConfig implements RestReadView<ProjectResource> {
-
+ private final Config gerritConfig;
private final TransferConfig config;
private final DynamicMap<ProjectConfigEntry> pluginConfigEntries;
private final PluginConfigFactory cfgFactory;
@@ -34,11 +37,13 @@
private final DynamicMap<RestView<ProjectResource>> views;
@Inject
- public GetConfig(TransferConfig config,
+ public GetConfig(@GerritServerConfig Config gerritConfig,
+ TransferConfig config,
DynamicMap<ProjectConfigEntry> pluginConfigEntries,
PluginConfigFactory cfgFactory,
AllProjectsNameProvider allProjects,
DynamicMap<RestView<ProjectResource>> views) {
+ this.gerritConfig = gerritConfig;
this.config = config;
this.pluginConfigEntries = pluginConfigEntries;
this.allProjects = allProjects;
@@ -48,7 +53,7 @@
@Override
public ConfigInfo apply(ProjectResource resource) {
- return new ConfigInfo(resource.getControl(), config,
+ return new ConfigInfo(gerritConfig, resource.getControl(), config,
pluginConfigEntries, cfgFactory, allProjects, views);
}
}
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectState.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectState.java
index 2f031a0..1dae042 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectState.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/ProjectState.java
@@ -406,6 +406,15 @@
});
}
+ public boolean isEnableSignedPush() {
+ return getInheritableBoolean(new Function<Project, InheritableBoolean>() {
+ @Override
+ public InheritableBoolean apply(Project input) {
+ return input.getEnableSignedPush();
+ }
+ });
+ }
+
public LabelTypes getLabelTypes() {
Map<String, LabelType> types = Maps.newLinkedHashMap();
for (ProjectState s : treeInOrder()) {
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/project/PutConfig.java b/gerrit-server/src/main/java/com/google/gerrit/server/project/PutConfig.java
index f212f67..da7df8c 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/project/PutConfig.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/project/PutConfig.java
@@ -33,6 +33,7 @@
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.config.AllProjectsNameProvider;
+import com.google.gerrit.server.config.GerritServerConfig;
import com.google.gerrit.server.config.PluginConfig;
import com.google.gerrit.server.config.PluginConfigFactory;
import com.google.gerrit.server.config.ProjectConfigEntry;
@@ -47,6 +48,7 @@
import org.eclipse.jgit.errors.ConfigInvalidException;
import org.eclipse.jgit.errors.RepositoryNotFoundException;
+import org.eclipse.jgit.lib.Config;
import org.eclipse.jgit.lib.ObjectId;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -61,6 +63,7 @@
@Singleton
public class PutConfig implements RestModifyView<ProjectResource, Input> {
private static final Logger log = LoggerFactory.getLogger(PutConfig.class);
+
public static class Input {
public String description;
public InheritableBoolean useContributorAgreements;
@@ -68,12 +71,14 @@
public InheritableBoolean useSignedOffBy;
public InheritableBoolean createNewChangeForAllNotInTarget;
public InheritableBoolean requireChangeId;
+ public InheritableBoolean enableSignedPush;
public String maxObjectSizeLimit;
public SubmitType submitType;
public com.google.gerrit.extensions.client.ProjectState state;
public Map<String, Map<String, ConfigValue>> pluginConfigValues;
}
+ private final Config gerritConfig;
private final MetaDataUpdate.User metaDataUpdateFactory;
private final ProjectCache projectCache;
private final GitRepositoryManager gitMgr;
@@ -87,7 +92,8 @@
private final ChangeHooks hooks;
@Inject
- PutConfig(MetaDataUpdate.User metaDataUpdateFactory,
+ PutConfig(@GerritServerConfig Config gerritConfig,
+ MetaDataUpdate.User metaDataUpdateFactory,
ProjectCache projectCache,
GitRepositoryManager gitMgr,
ProjectState.Factory projectStateFactory,
@@ -98,6 +104,7 @@
DynamicMap<RestView<ProjectResource>> views,
ChangeHooks hooks,
Provider<CurrentUser> currentUser) {
+ this.gerritConfig = gerritConfig;
this.metaDataUpdateFactory = metaDataUpdateFactory;
this.projectCache = projectCache;
this.gitMgr = gitMgr;
@@ -161,6 +168,10 @@
p.setRequireChangeID(input.requireChangeId);
}
+ if (input.enableSignedPush != null) {
+ p.setEnableSignedPush(input.enableSignedPush);
+ }
+
if (input.maxObjectSizeLimit != null) {
p.setMaxObjectSizeLimit(input.maxObjectSizeLimit);
}
@@ -203,8 +214,8 @@
}
ProjectState state = projectStateFactory.create(projectConfig);
- return new ConfigInfo(state.controlFor(currentUser.get()), config,
- pluginConfigEntries, cfgFactory, allProjects, views);
+ return new ConfigInfo(gerritConfig, state.controlFor(currentUser.get()),
+ config, pluginConfigEntries, cfgFactory, allProjects, views);
} catch (ConfigInvalidException err) {
throw new ResourceConflictException("Cannot read project " + projectName, err);
} catch (IOException err) {
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java b/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java
index 1198176..b142bb0 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/schema/AllProjectsCreator.java
@@ -139,6 +139,7 @@
p.setUseContentMerge(InheritableBoolean.TRUE);
p.setUseContributorAgreements(InheritableBoolean.FALSE);
p.setUseSignedOffBy(InheritableBoolean.FALSE);
+ p.setEnableSignedPush(InheritableBoolean.FALSE);
AccessSection cap = config.getAccessSection(AccessSection.GLOBAL_CAPABILITIES, true);
AccessSection all = config.getAccessSection(AccessSection.ALL, true);
