aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoey Hess <joey@kitenet.net>2013-09-19 13:00:58 -0400
committerJoey Hess <joey@kitenet.net>2013-09-19 13:00:58 -0400
commit29ed089ccee73925eb34d35f5ebdfb5706a8d7d7 (patch)
tree95450c5105cbef1a050dbef21dece7a9e7c5bf0e
parent6ddc0589819f6366d4ffc7b650a4957a040d2979 (diff)
parent4f9883421653a8a3c5ebe3c8f7507af183af0b94 (diff)
downloadgit-remote-gcrypt-29ed089ccee73925eb34d35f5ebdfb5706a8d7d7.zip
git-remote-gcrypt-29ed089ccee73925eb34d35f5ebdfb5706a8d7d7.tar.gz
git-remote-gcrypt-29ed089ccee73925eb34d35f5ebdfb5706a8d7d7.tar.bz2
Merge branch 'better_signature_validation' of https://github.com/jburnham/git-remote-gcrypt
-rwxr-xr-xgit-remote-gcrypt15
1 files changed, 10 insertions, 5 deletions
diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index 67b0f67..87db2a1 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -388,7 +388,7 @@ make_new_repo()
# $1 return var for goodsig match, $2 return var for signers text
read_config()
{
- local recp_= r_keyinfo= cap_= conf_part= good_sig= signers_=
+ local recp_= r_keyinfo= r_keyfpr= gpg_list= cap_= conf_part= good_sig= signers_=
Conf_signkey=$(git config --get "remote.$NAME.gcrypt-signingkey" '.+' ||
git config --path user.signingkey || :)
conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' ||
@@ -407,16 +407,21 @@ read_config()
for recp_ in $conf_part
do
- filter_to @r_keyinfo "pub*" \
- "$(gpg --with-colons --fast-list -k "$recp_")"
+ gpg_list=$(gpg --with-colons --fast-list --fingerprint -k "$recp_")
+ filter_to @r_keyinfo "pub*" "$gpg_list"
+ filter_to @r_keyfpr "fpr*" "$gpg_list"
isnull "$r_keyinfo" || isnonnull "${r_keyinfo##*"$Newline"*}" ||
echo_info "WARNING: '$recp_' matches multiple keys, using one"
+ isnull "$r_keyfpr" || isnonnull "${r_keyfpr##*"$Newline"*}" ||
+ echo_info "WARNING: '$recp_' matches multiple fingerprints, using one"
r_keyinfo=${r_keyinfo%%"$Newline"*}
+ r_keyfpr=${r_keyfpr%%"$Newline"*}
keyid_=$(xfeed "$r_keyinfo" cut -f 5 -d :)
+ fprid_=$(xfeed "$r_keyfpr" cut -f 10 -d :)
- isnonnull "$keyid_" &&
+ isnonnull "$fprid_" &&
signers_="$signers_ $keyid_" &&
- append_to @good_sig "^\[GNUPG:\] GOODSIG $keyid_" || {
+ append_to @good_sig "^\[GNUPG:\] VALIDSIG .*$fprid_$" || {
echo_info "WARNING: Skipping missing key $recp_"
continue
}