aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoey Hess <joey@kitenet.net>2014-07-15 17:16:32 -0400
committerJoey Hess <joey@kitenet.net>2014-07-15 17:16:32 -0400
commit5dcc77f507d497fe4023e94a47b6a7a1f1146bce (patch)
tree06bebf1b614dea06f77e31a7d61380f6ee47dfad
parent0ce768c4ddc4f28d18f0b00dd6798f19fd1f7f8e (diff)
downloadgit-remote-gcrypt-5dcc77f507d497fe4023e94a47b6a7a1f1146bce.zip
git-remote-gcrypt-5dcc77f507d497fe4023e94a47b6a7a1f1146bce.tar.gz
git-remote-gcrypt-5dcc77f507d497fe4023e94a47b6a7a1f1146bce.tar.bz2
added gcrypt.publish-participants configuration
Fixes https://github.com/blake2-ppc/git-remote-gcrypt/issues/9
-rw-r--r--README.rst12
-rwxr-xr-xgit-remote-gcrypt10
2 files changed, 21 insertions, 1 deletions
diff --git a/README.rst b/README.rst
index fedd6b0..ba06259 100644
--- a/README.rst
+++ b/README.rst
@@ -60,6 +60,17 @@ The following ``git-config(1)`` variables are supported:
The ``gcrypt-participants`` setting on the remote takes precedence
over the repository variable ``gcrypt.participants``.
+``remote.<name>.gcrypt-publish-participants``
+ ..
+``gcrypt.publish-participants``
+ By default, the gpg key ids of the participants are obscured by
+ encrypting using `gpg -R`. Setting this option to `true` disables
+ that security measure.
+
+ The problem with using `gpg -R` is that to decrypt, gpg tries each
+ available secret key in turn until it finds a usable key.
+ This can result in unncessary passphrase prompts.
+
``remote.<name>.gcrypt-signingkey``
..
``user.signingkey``
@@ -68,6 +79,7 @@ The following ``git-config(1)`` variables are supported:
part of the participant list. You may use the per-remote version
to sign different remotes using different keys.
+
Environment Variables
=====================
diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index 2295111..8d68669 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -406,6 +406,8 @@ read_config()
git config --path user.signingkey || :)
conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' ||
git config --get gcrypt.participants '.+' || :)
+ Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' ||
+ git config --get --bool gcrypt.publish-participants || :)
# Figure out which keys we should encrypt to or accept signatures from
if isnull "$conf_part" || iseq "$conf_part" simple
@@ -440,7 +442,13 @@ read_config()
}
# Check 'E'ncrypt capability
cap_=$(xfeed "$r_keyinfo" cut -f 12 -d :)
- iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_"
+ if ! iseq "${cap_#*E}" "$cap_"; then
+ if [ "$Conf_pubish_participants" = true ]; then
+ Recipients="$Recipients -r $keyid_"
+ else
+ Recipients="$Recipients -R $keyid_"
+ fi
+ fi
done
if isnull "$Recipients"