Fossil SCM
Use the new certificate bundle management for https connections, and deactivate the old environment variable code. Added support for specifying certificate/key bundle to clone/push/pull/sync commands.
Commit
1a1aa98a4091d6552e0645dfaa9e44fbb8887883
Parent
1156ad25dbb67ce…
4 files changed
+3
+80
+1
+19
-3
+3
| --- src/clone.c | ||
| +++ src/clone.c | ||
| @@ -37,19 +37,22 @@ | ||
| 37 | 37 | ** |
| 38 | 38 | ** Options: |
| 39 | 39 | ** |
| 40 | 40 | ** --admin-user|-A USERNAME Make USERNAME the administrator |
| 41 | 41 | ** --private Also clone private branches |
| 42 | +** --certgroup NAME Use certificate group NAME for https | |
| 43 | +** connections | |
| 42 | 44 | ** |
| 43 | 45 | */ |
| 44 | 46 | void clone_cmd(void){ |
| 45 | 47 | char *zPassword; |
| 46 | 48 | const char *zDefaultUser; /* Optional name of the default user */ |
| 47 | 49 | int nErr = 0; |
| 48 | 50 | int bPrivate; /* Also clone private branches */ |
| 49 | 51 | |
| 50 | 52 | bPrivate = find_option("private",0,0)!=0; |
| 53 | + g.urlCertGroup = find_option("certgroup",0,1); | |
| 51 | 54 | url_proxy_options(); |
| 52 | 55 | if( g.argc < 4 ){ |
| 53 | 56 | usage("?OPTIONS? FILE-OR-URL NEW-REPOSITORY"); |
| 54 | 57 | } |
| 55 | 58 | db_open_config(0); |
| 56 | 59 |
| --- src/clone.c | |
| +++ src/clone.c | |
| @@ -37,19 +37,22 @@ | |
| 37 | ** |
| 38 | ** Options: |
| 39 | ** |
| 40 | ** --admin-user|-A USERNAME Make USERNAME the administrator |
| 41 | ** --private Also clone private branches |
| 42 | ** |
| 43 | */ |
| 44 | void clone_cmd(void){ |
| 45 | char *zPassword; |
| 46 | const char *zDefaultUser; /* Optional name of the default user */ |
| 47 | int nErr = 0; |
| 48 | int bPrivate; /* Also clone private branches */ |
| 49 | |
| 50 | bPrivate = find_option("private",0,0)!=0; |
| 51 | url_proxy_options(); |
| 52 | if( g.argc < 4 ){ |
| 53 | usage("?OPTIONS? FILE-OR-URL NEW-REPOSITORY"); |
| 54 | } |
| 55 | db_open_config(0); |
| 56 |
| --- src/clone.c | |
| +++ src/clone.c | |
| @@ -37,19 +37,22 @@ | |
| 37 | ** |
| 38 | ** Options: |
| 39 | ** |
| 40 | ** --admin-user|-A USERNAME Make USERNAME the administrator |
| 41 | ** --private Also clone private branches |
| 42 | ** --certgroup NAME Use certificate group NAME for https |
| 43 | ** connections |
| 44 | ** |
| 45 | */ |
| 46 | void clone_cmd(void){ |
| 47 | char *zPassword; |
| 48 | const char *zDefaultUser; /* Optional name of the default user */ |
| 49 | int nErr = 0; |
| 50 | int bPrivate; /* Also clone private branches */ |
| 51 | |
| 52 | bPrivate = find_option("private",0,0)!=0; |
| 53 | g.urlCertGroup = find_option("certgroup",0,1); |
| 54 | url_proxy_options(); |
| 55 | if( g.argc < 4 ){ |
| 56 | usage("?OPTIONS? FILE-OR-URL NEW-REPOSITORY"); |
| 57 | } |
| 58 | db_open_config(0); |
| 59 |
+80
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -289,10 +289,11 @@ | ||
| 289 | 289 | pContent = (void*)&((char*)pContent)[got]; |
| 290 | 290 | } |
| 291 | 291 | return total; |
| 292 | 292 | } |
| 293 | 293 | |
| 294 | +#if 0 | |
| 294 | 295 | /* |
| 295 | 296 | ** Read client certificate and key, if set, and store them in the SSL context |
| 296 | 297 | ** to allow communication with servers which are configured to verify client |
| 297 | 298 | ** certificates and certificate chains. |
| 298 | 299 | ** We only support PEM and don't support password protected keys. |
| @@ -352,11 +353,88 @@ | ||
| 352 | 353 | free(keyfile); |
| 353 | 354 | free(certfile); |
| 354 | 355 | free(capath); |
| 355 | 356 | free(cafile); |
| 356 | 357 | } |
| 358 | +#endif | |
| 359 | + | |
| 360 | +/* | |
| 361 | +** If an certgroup has been specified on the command line, then use it to look | |
| 362 | +** up certificates and keys, and then store the URL-certgroup association in | |
| 363 | +** the global database. If no certgroup has been specified on the command line, | |
| 364 | +** see if there's an entry for the url in global_config, and use it if | |
| 365 | +** applicable. | |
| 366 | +*/ | |
| 367 | +void ssl_load_client_authfiles(void){ | |
| 368 | + char *zGroupName = NULL; | |
| 369 | + char *cafile; | |
| 370 | + char *capath; | |
| 371 | + char *certfile; | |
| 372 | + char *keyfile; | |
| 373 | + | |
| 374 | + if( g.urlCertGroup ){ | |
| 375 | + char *zName; | |
| 376 | + zName = mprintf("certgroup:%s", g.urlName); | |
| 377 | + db_set(zName, g.urlCertGroup, 1); | |
| 378 | + free(zName); | |
| 379 | + zGroupName = strdup(g.urlCertGroup); | |
| 380 | + }else{ | |
| 381 | + db_swap_connections(); | |
| 382 | + zGroupName = db_text(0, "SELECT value FROM global_config" | |
| 383 | + " WHERE name='certgroup:%q'", g.urlName); | |
| 384 | + db_swap_connections(); | |
| 385 | + } | |
| 386 | + if( !zGroupName ){ | |
| 387 | + /* No cert group specified or found cached */ | |
| 388 | + return; | |
| 389 | + } | |
| 390 | + | |
| 391 | + db_swap_connections(); | |
| 392 | + cafile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" | |
| 393 | + " AND type='cafile'", zGroupName); | |
| 394 | + capath = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" | |
| 395 | + " AND type='capath'", zGroupName); | |
| 396 | + db_swap_connections(); | |
| 397 | + | |
| 398 | + if( cafile || capath ){ | |
| 399 | + /* The OpenSSL documentation warns that if several CA certificates match | |
| 400 | + ** the same name, key identifier and serial number conditions, only the | |
| 401 | + ** first will be examined. The caveat situation occurs when one stores an | |
| 402 | + ** expired CA certificate among the valid ones. | |
| 403 | + ** Simply put: Do not mix expired and valid certificates. | |
| 404 | + */ | |
| 405 | + if( SSL_CTX_load_verify_locations(sslCtx, cafile, capath)==0 ){ | |
| 406 | + fossil_fatal("SSL: Unable to load CA verification file/path"); | |
| 407 | + } | |
| 408 | + } | |
| 409 | + | |
| 410 | + db_swap_connections(); | |
| 411 | + keyfile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" | |
| 412 | + " AND type='ckey'", zGroupName); | |
| 413 | + certfile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" | |
| 414 | + " AND type='ccert'", zGroupName); | |
| 415 | + db_swap_connections(); | |
| 416 | + | |
| 417 | + if( SSL_CTX_use_certificate_file(sslCtx, certfile, SSL_FILETYPE_PEM)<=0 ){ | |
| 418 | + fossil_fatal("SSL: Unable to open client certificate in %s.", certfile); | |
| 419 | + } | |
| 420 | + if( SSL_CTX_use_PrivateKey_file(sslCtx, keyfile, SSL_FILETYPE_PEM)<=0 ){ | |
| 421 | + fossil_fatal("SSL: Unable to open client key in %s.", keyfile); | |
| 422 | + } | |
| 423 | + | |
| 424 | + if( !SSL_CTX_check_private_key(sslCtx) ){ | |
| 425 | + fossil_fatal("SSL: Private key does not match the certificate public " | |
| 426 | + "key."); | |
| 427 | + } | |
| 428 | + | |
| 429 | + free(keyfile); | |
| 430 | + free(certfile); | |
| 431 | + free(capath); | |
| 432 | + free(cafile); | |
| 433 | +} | |
| 357 | 434 | |
| 435 | +#if 0 | |
| 358 | 436 | /* |
| 359 | 437 | ** Get SSL authentication file reference from environment variable. If set, |
| 360 | 438 | ** then store varaible in global config. If environment variable was not set, |
| 361 | 439 | ** attempt to get variable from global config. |
| 362 | 440 | **/ |
| @@ -378,10 +456,11 @@ | ||
| 378 | 456 | } |
| 379 | 457 | free(zTmp); |
| 380 | 458 | |
| 381 | 459 | return zVar; |
| 382 | 460 | } |
| 461 | +#endif | |
| 383 | 462 | |
| 384 | 463 | /* |
| 385 | 464 | ** COMMAND: cert |
| 386 | 465 | ** |
| 387 | 466 | ** Usage: %fossil cert SUBCOMMAND ... |
| @@ -408,10 +487,11 @@ | ||
| 408 | 487 | ** |
| 409 | 488 | ** %fossil cert delete NAME |
| 410 | 489 | ** |
| 411 | 490 | ** Remove the credential group NAME and all it's associated URL |
| 412 | 491 | ** associations. |
| 492 | +** | |
| 413 | 493 | */ |
| 414 | 494 | void cert_cmd(void){ |
| 415 | 495 | int n; |
| 416 | 496 | const char *zCmd = "list"; |
| 417 | 497 | if( g.argc>=3 ){ |
| 418 | 498 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -289,10 +289,11 @@ | |
| 289 | pContent = (void*)&((char*)pContent)[got]; |
| 290 | } |
| 291 | return total; |
| 292 | } |
| 293 | |
| 294 | /* |
| 295 | ** Read client certificate and key, if set, and store them in the SSL context |
| 296 | ** to allow communication with servers which are configured to verify client |
| 297 | ** certificates and certificate chains. |
| 298 | ** We only support PEM and don't support password protected keys. |
| @@ -352,11 +353,88 @@ | |
| 352 | free(keyfile); |
| 353 | free(certfile); |
| 354 | free(capath); |
| 355 | free(cafile); |
| 356 | } |
| 357 | |
| 358 | /* |
| 359 | ** Get SSL authentication file reference from environment variable. If set, |
| 360 | ** then store varaible in global config. If environment variable was not set, |
| 361 | ** attempt to get variable from global config. |
| 362 | **/ |
| @@ -378,10 +456,11 @@ | |
| 378 | } |
| 379 | free(zTmp); |
| 380 | |
| 381 | return zVar; |
| 382 | } |
| 383 | |
| 384 | /* |
| 385 | ** COMMAND: cert |
| 386 | ** |
| 387 | ** Usage: %fossil cert SUBCOMMAND ... |
| @@ -408,10 +487,11 @@ | |
| 408 | ** |
| 409 | ** %fossil cert delete NAME |
| 410 | ** |
| 411 | ** Remove the credential group NAME and all it's associated URL |
| 412 | ** associations. |
| 413 | */ |
| 414 | void cert_cmd(void){ |
| 415 | int n; |
| 416 | const char *zCmd = "list"; |
| 417 | if( g.argc>=3 ){ |
| 418 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -289,10 +289,11 @@ | |
| 289 | pContent = (void*)&((char*)pContent)[got]; |
| 290 | } |
| 291 | return total; |
| 292 | } |
| 293 | |
| 294 | #if 0 |
| 295 | /* |
| 296 | ** Read client certificate and key, if set, and store them in the SSL context |
| 297 | ** to allow communication with servers which are configured to verify client |
| 298 | ** certificates and certificate chains. |
| 299 | ** We only support PEM and don't support password protected keys. |
| @@ -352,11 +353,88 @@ | |
| 353 | free(keyfile); |
| 354 | free(certfile); |
| 355 | free(capath); |
| 356 | free(cafile); |
| 357 | } |
| 358 | #endif |
| 359 | |
| 360 | /* |
| 361 | ** If an certgroup has been specified on the command line, then use it to look |
| 362 | ** up certificates and keys, and then store the URL-certgroup association in |
| 363 | ** the global database. If no certgroup has been specified on the command line, |
| 364 | ** see if there's an entry for the url in global_config, and use it if |
| 365 | ** applicable. |
| 366 | */ |
| 367 | void ssl_load_client_authfiles(void){ |
| 368 | char *zGroupName = NULL; |
| 369 | char *cafile; |
| 370 | char *capath; |
| 371 | char *certfile; |
| 372 | char *keyfile; |
| 373 | |
| 374 | if( g.urlCertGroup ){ |
| 375 | char *zName; |
| 376 | zName = mprintf("certgroup:%s", g.urlName); |
| 377 | db_set(zName, g.urlCertGroup, 1); |
| 378 | free(zName); |
| 379 | zGroupName = strdup(g.urlCertGroup); |
| 380 | }else{ |
| 381 | db_swap_connections(); |
| 382 | zGroupName = db_text(0, "SELECT value FROM global_config" |
| 383 | " WHERE name='certgroup:%q'", g.urlName); |
| 384 | db_swap_connections(); |
| 385 | } |
| 386 | if( !zGroupName ){ |
| 387 | /* No cert group specified or found cached */ |
| 388 | return; |
| 389 | } |
| 390 | |
| 391 | db_swap_connections(); |
| 392 | cafile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" |
| 393 | " AND type='cafile'", zGroupName); |
| 394 | capath = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" |
| 395 | " AND type='capath'", zGroupName); |
| 396 | db_swap_connections(); |
| 397 | |
| 398 | if( cafile || capath ){ |
| 399 | /* The OpenSSL documentation warns that if several CA certificates match |
| 400 | ** the same name, key identifier and serial number conditions, only the |
| 401 | ** first will be examined. The caveat situation occurs when one stores an |
| 402 | ** expired CA certificate among the valid ones. |
| 403 | ** Simply put: Do not mix expired and valid certificates. |
| 404 | */ |
| 405 | if( SSL_CTX_load_verify_locations(sslCtx, cafile, capath)==0 ){ |
| 406 | fossil_fatal("SSL: Unable to load CA verification file/path"); |
| 407 | } |
| 408 | } |
| 409 | |
| 410 | db_swap_connections(); |
| 411 | keyfile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" |
| 412 | " AND type='ckey'", zGroupName); |
| 413 | certfile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" |
| 414 | " AND type='ccert'", zGroupName); |
| 415 | db_swap_connections(); |
| 416 | |
| 417 | if( SSL_CTX_use_certificate_file(sslCtx, certfile, SSL_FILETYPE_PEM)<=0 ){ |
| 418 | fossil_fatal("SSL: Unable to open client certificate in %s.", certfile); |
| 419 | } |
| 420 | if( SSL_CTX_use_PrivateKey_file(sslCtx, keyfile, SSL_FILETYPE_PEM)<=0 ){ |
| 421 | fossil_fatal("SSL: Unable to open client key in %s.", keyfile); |
| 422 | } |
| 423 | |
| 424 | if( !SSL_CTX_check_private_key(sslCtx) ){ |
| 425 | fossil_fatal("SSL: Private key does not match the certificate public " |
| 426 | "key."); |
| 427 | } |
| 428 | |
| 429 | free(keyfile); |
| 430 | free(certfile); |
| 431 | free(capath); |
| 432 | free(cafile); |
| 433 | } |
| 434 | |
| 435 | #if 0 |
| 436 | /* |
| 437 | ** Get SSL authentication file reference from environment variable. If set, |
| 438 | ** then store varaible in global config. If environment variable was not set, |
| 439 | ** attempt to get variable from global config. |
| 440 | **/ |
| @@ -378,10 +456,11 @@ | |
| 456 | } |
| 457 | free(zTmp); |
| 458 | |
| 459 | return zVar; |
| 460 | } |
| 461 | #endif |
| 462 | |
| 463 | /* |
| 464 | ** COMMAND: cert |
| 465 | ** |
| 466 | ** Usage: %fossil cert SUBCOMMAND ... |
| @@ -408,10 +487,11 @@ | |
| 487 | ** |
| 488 | ** %fossil cert delete NAME |
| 489 | ** |
| 490 | ** Remove the credential group NAME and all it's associated URL |
| 491 | ** associations. |
| 492 | ** |
| 493 | */ |
| 494 | void cert_cmd(void){ |
| 495 | int n; |
| 496 | const char *zCmd = "list"; |
| 497 | if( g.argc>=3 ){ |
| 498 |
+1
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -102,10 +102,11 @@ | ||
| 102 | 102 | char *urlPasswd; /* Password for http: */ |
| 103 | 103 | char *urlCanonical; /* Canonical representation of the URL */ |
| 104 | 104 | char *urlProxyAuth; /* Proxy-Authorizer: string */ |
| 105 | 105 | char *urlFossil; /* The path of the ?fossil=path suffix on ssh: */ |
| 106 | 106 | int dontKeepUrl; /* Do not persist the URL */ |
| 107 | + const char *urlCertGroup; /* Which ceritificate group to use for URL */ | |
| 107 | 108 | |
| 108 | 109 | const char *zLogin; /* Login name. "" if not logged in. */ |
| 109 | 110 | int useLocalauth; /* No login required if from 127.0.0.1 */ |
| 110 | 111 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 111 | 112 | int userUid; /* Integer user id */ |
| 112 | 113 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -102,10 +102,11 @@ | |
| 102 | char *urlPasswd; /* Password for http: */ |
| 103 | char *urlCanonical; /* Canonical representation of the URL */ |
| 104 | char *urlProxyAuth; /* Proxy-Authorizer: string */ |
| 105 | char *urlFossil; /* The path of the ?fossil=path suffix on ssh: */ |
| 106 | int dontKeepUrl; /* Do not persist the URL */ |
| 107 | |
| 108 | const char *zLogin; /* Login name. "" if not logged in. */ |
| 109 | int useLocalauth; /* No login required if from 127.0.0.1 */ |
| 110 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 111 | int userUid; /* Integer user id */ |
| 112 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -102,10 +102,11 @@ | |
| 102 | char *urlPasswd; /* Password for http: */ |
| 103 | char *urlCanonical; /* Canonical representation of the URL */ |
| 104 | char *urlProxyAuth; /* Proxy-Authorizer: string */ |
| 105 | char *urlFossil; /* The path of the ?fossil=path suffix on ssh: */ |
| 106 | int dontKeepUrl; /* Do not persist the URL */ |
| 107 | const char *urlCertGroup; /* Which ceritificate group to use for URL */ |
| 108 | |
| 109 | const char *zLogin; /* Login name. "" if not logged in. */ |
| 110 | int useLocalauth; /* No login required if from 127.0.0.1 */ |
| 111 | int noPswd; /* Logged in without password (on 127.0.0.1) */ |
| 112 | int userUid; /* Integer user id */ |
| 113 |
+19
-3
| --- src/sync.c | ||
| +++ src/sync.c | ||
| @@ -96,10 +96,11 @@ | ||
| 96 | 96 | const char *zPw = 0; |
| 97 | 97 | int configSync = 0; |
| 98 | 98 | int urlOptional = find_option("autourl",0,0)!=0; |
| 99 | 99 | g.dontKeepUrl = find_option("once",0,0)!=0; |
| 100 | 100 | *pPrivate = find_option("private",0,0)!=0; |
| 101 | + g.urlCertGroup = find_option("certgroup",0,1); | |
| 101 | 102 | url_proxy_options(); |
| 102 | 103 | db_find_and_open_repository(0, 0); |
| 103 | 104 | db_open_config(0); |
| 104 | 105 | if( g.argc==2 ){ |
| 105 | 106 | zUrl = db_get("last-sync-url", 0); |
| @@ -150,11 +151,16 @@ | ||
| 150 | 151 | ** saved. |
| 151 | 152 | ** |
| 152 | 153 | ** Use the --private option to pull private branches from the |
| 153 | 154 | ** remote repository. |
| 154 | 155 | ** |
| 155 | -** See also: clone, push, sync, remote-url | |
| 156 | +** Use the "--certgroup NAME" option to specify the name of the | |
| 157 | +** certificate/key bundle to use for https connections. If this option | |
| 158 | +** is not specified, a cached value associated with the URL will be | |
| 159 | +** used if it exists. | |
| 160 | +** | |
| 161 | +** See also: cert, clone, push, sync, remote-url | |
| 156 | 162 | */ |
| 157 | 163 | void pull_cmd(void){ |
| 158 | 164 | int syncFlags; |
| 159 | 165 | int bPrivate; |
| 160 | 166 | process_sync_args(&syncFlags, &bPrivate); |
| @@ -179,11 +185,16 @@ | ||
| 179 | 185 | ** saved. |
| 180 | 186 | ** |
| 181 | 187 | ** Use the --private option to push private branches to the |
| 182 | 188 | ** remote repository. |
| 183 | 189 | ** |
| 184 | -** See also: clone, pull, sync, remote-url | |
| 190 | +** Use the "--certgroup NAME" option to specify the name of the | |
| 191 | +** certificate/key bundle to use for https connections. If this option | |
| 192 | +** is not specified, a cached value associated with the URL will be | |
| 193 | +** used if it exists. | |
| 194 | +** | |
| 195 | +** See also: cert, clone, pull, sync, remote-url | |
| 185 | 196 | */ |
| 186 | 197 | void push_cmd(void){ |
| 187 | 198 | int syncFlags; |
| 188 | 199 | int bPrivate; |
| 189 | 200 | process_sync_args(&syncFlags, &bPrivate); |
| @@ -214,11 +225,16 @@ | ||
| 214 | 225 | ** saved. |
| 215 | 226 | ** |
| 216 | 227 | ** Use the --private option to sync private branches with the |
| 217 | 228 | ** remote repository. |
| 218 | 229 | ** |
| 219 | -** See also: clone, push, pull, remote-url | |
| 230 | +** Use the "--certgroup NAME" option to specify the name of the | |
| 231 | +** certificate/key bundle to use for https connections. If this option | |
| 232 | +** is not specified, a cached value associated with the URL will be | |
| 233 | +** used if it exists. | |
| 234 | +** | |
| 235 | +** See also: cert, clone, push, pull, remote-url | |
| 220 | 236 | */ |
| 221 | 237 | void sync_cmd(void){ |
| 222 | 238 | int syncFlags; |
| 223 | 239 | int bPrivate; |
| 224 | 240 | process_sync_args(&syncFlags, &bPrivate); |
| 225 | 241 |
| --- src/sync.c | |
| +++ src/sync.c | |
| @@ -96,10 +96,11 @@ | |
| 96 | const char *zPw = 0; |
| 97 | int configSync = 0; |
| 98 | int urlOptional = find_option("autourl",0,0)!=0; |
| 99 | g.dontKeepUrl = find_option("once",0,0)!=0; |
| 100 | *pPrivate = find_option("private",0,0)!=0; |
| 101 | url_proxy_options(); |
| 102 | db_find_and_open_repository(0, 0); |
| 103 | db_open_config(0); |
| 104 | if( g.argc==2 ){ |
| 105 | zUrl = db_get("last-sync-url", 0); |
| @@ -150,11 +151,16 @@ | |
| 150 | ** saved. |
| 151 | ** |
| 152 | ** Use the --private option to pull private branches from the |
| 153 | ** remote repository. |
| 154 | ** |
| 155 | ** See also: clone, push, sync, remote-url |
| 156 | */ |
| 157 | void pull_cmd(void){ |
| 158 | int syncFlags; |
| 159 | int bPrivate; |
| 160 | process_sync_args(&syncFlags, &bPrivate); |
| @@ -179,11 +185,16 @@ | |
| 179 | ** saved. |
| 180 | ** |
| 181 | ** Use the --private option to push private branches to the |
| 182 | ** remote repository. |
| 183 | ** |
| 184 | ** See also: clone, pull, sync, remote-url |
| 185 | */ |
| 186 | void push_cmd(void){ |
| 187 | int syncFlags; |
| 188 | int bPrivate; |
| 189 | process_sync_args(&syncFlags, &bPrivate); |
| @@ -214,11 +225,16 @@ | |
| 214 | ** saved. |
| 215 | ** |
| 216 | ** Use the --private option to sync private branches with the |
| 217 | ** remote repository. |
| 218 | ** |
| 219 | ** See also: clone, push, pull, remote-url |
| 220 | */ |
| 221 | void sync_cmd(void){ |
| 222 | int syncFlags; |
| 223 | int bPrivate; |
| 224 | process_sync_args(&syncFlags, &bPrivate); |
| 225 |
| --- src/sync.c | |
| +++ src/sync.c | |
| @@ -96,10 +96,11 @@ | |
| 96 | const char *zPw = 0; |
| 97 | int configSync = 0; |
| 98 | int urlOptional = find_option("autourl",0,0)!=0; |
| 99 | g.dontKeepUrl = find_option("once",0,0)!=0; |
| 100 | *pPrivate = find_option("private",0,0)!=0; |
| 101 | g.urlCertGroup = find_option("certgroup",0,1); |
| 102 | url_proxy_options(); |
| 103 | db_find_and_open_repository(0, 0); |
| 104 | db_open_config(0); |
| 105 | if( g.argc==2 ){ |
| 106 | zUrl = db_get("last-sync-url", 0); |
| @@ -150,11 +151,16 @@ | |
| 151 | ** saved. |
| 152 | ** |
| 153 | ** Use the --private option to pull private branches from the |
| 154 | ** remote repository. |
| 155 | ** |
| 156 | ** Use the "--certgroup NAME" option to specify the name of the |
| 157 | ** certificate/key bundle to use for https connections. If this option |
| 158 | ** is not specified, a cached value associated with the URL will be |
| 159 | ** used if it exists. |
| 160 | ** |
| 161 | ** See also: cert, clone, push, sync, remote-url |
| 162 | */ |
| 163 | void pull_cmd(void){ |
| 164 | int syncFlags; |
| 165 | int bPrivate; |
| 166 | process_sync_args(&syncFlags, &bPrivate); |
| @@ -179,11 +185,16 @@ | |
| 185 | ** saved. |
| 186 | ** |
| 187 | ** Use the --private option to push private branches to the |
| 188 | ** remote repository. |
| 189 | ** |
| 190 | ** Use the "--certgroup NAME" option to specify the name of the |
| 191 | ** certificate/key bundle to use for https connections. If this option |
| 192 | ** is not specified, a cached value associated with the URL will be |
| 193 | ** used if it exists. |
| 194 | ** |
| 195 | ** See also: cert, clone, pull, sync, remote-url |
| 196 | */ |
| 197 | void push_cmd(void){ |
| 198 | int syncFlags; |
| 199 | int bPrivate; |
| 200 | process_sync_args(&syncFlags, &bPrivate); |
| @@ -214,11 +225,16 @@ | |
| 225 | ** saved. |
| 226 | ** |
| 227 | ** Use the --private option to sync private branches with the |
| 228 | ** remote repository. |
| 229 | ** |
| 230 | ** Use the "--certgroup NAME" option to specify the name of the |
| 231 | ** certificate/key bundle to use for https connections. If this option |
| 232 | ** is not specified, a cached value associated with the URL will be |
| 233 | ** used if it exists. |
| 234 | ** |
| 235 | ** See also: cert, clone, push, pull, remote-url |
| 236 | */ |
| 237 | void sync_cmd(void){ |
| 238 | int syncFlags; |
| 239 | int bPrivate; |
| 240 | process_sync_args(&syncFlags, &bPrivate); |
| 241 |