make configuring the hmac secret optional if no webhook is involved

diff --git a/README.md b/README.md
index 21285ee7aa7954096b7cb2e28c8ca5abe58fa737..4c0f35815fbc2fe8543006354b6e177a6e5f60a3 100644 (file)
--- a/README.md
+++ b/README.md
@@ -98,7 +98,8 @@ The next step is to add this as a webhook to the GitHub repository you want to
 sync with, to create a fresh SSH key and configure it as deployment key for the 
 repository, and to configure git-mirror accordingly. For additional security, 
 one should also configure a shared HMAC secret, such that the webhook can verify 
-that the data indeed comes from GitHub.
+that the data indeed comes from GitHub.  On the git-mirror side, the HMAC secret
+is configured with the `hmac-secret` repository option.
 
 To make your job easier, there is a script `github-add-hooks.py` that can do 
 all this for you. It assumes that the repository exists on the GitHub side, but 

diff --git a/git_mirror.py b/git_mirror.py
index 859b3768cad7db5e3d16231efa96a1ed906a4909..23f6545518993bff13e8cad2c4a84e8f3c931833 100644 (file)
--- a/git_mirror.py
+++ b/git_mirror.py
@@ -84,7 +84,7 @@ class Repo:
         self.name = name
         self.local = conf['local']
         self.owner = conf['owner'] # email address to notify in case of problems
-        self.hmac_secret = conf['hmac-secret'].encode('utf-8')
+        self.hmac_secret = conf['hmac-secret'].encode('utf-8') if 'hmac-secret' in conf else None
         self.deploy_key = conf['deploy-key'] # the SSH ky used for authenticating against remote hosts
         self.mirrors = {} # maps mirrors to their URLs
         mirror_prefix = 'mirror-'
@@ -97,6 +97,7 @@ class Repo:
         send_mail("git-mirror {}".format(self.name), msg, recipients = [self.owner], sender = mail_sender)
 
     def compute_hmac(self, data):
+        assert self.hmac_secret is not None
         h = hmac.new(self.hmac_secret, digestmod = hashlib.sha1)
         h.update(data)
         return h.hexdigest()