aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorroot <root@localhost>2013-02-14 00:00:00 +0000
committerroot <root@localhost>2013-02-14 00:00:00 +0000
commit7aa54e1ae6079e81ffaf1d172a942d4543b13eff (patch)
tree823dd8c503868df3cde44c944b1ada43036d4a6a
parent6173d0ffe0c93d0ff962e6ad12d9d170c7a6bb01 (diff)
downloadgit-remote-gcrypt-7aa54e1ae6079e81ffaf1d172a942d4543b13eff.zip
git-remote-gcrypt-7aa54e1ae6079e81ffaf1d172a942d4543b13eff.tar.gz
git-remote-gcrypt-7aa54e1ae6079e81ffaf1d172a942d4543b13eff.tar.bz2
Use config gcrypt.participants for GPG key ids
Instead of using a separate keyring file (gcrypt.keyring is now deprecated!), use a simple list of key ids. Extract all keyids and use these to match GOODSIG <keyid> manually on the gpg status output. The gcrypt.keyring variable is still used, but it will be removed later.
-rw-r--r--README.rst25
-rwxr-xr-xgit-remote-gcrypt85
2 files changed, 60 insertions, 50 deletions
diff --git a/README.rst b/README.rst
index 828c834..ad62ee4 100644
--- a/README.rst
+++ b/README.rst
@@ -29,12 +29,11 @@ Quickstart
Install as `git-remote-gcrypt` in `$PATH`.
-Configure a keyring:
+Configure the list of participant gpg keys:
::
- gpg --export KEY1 KEY2 > $PWD/.git/keyring.gpg
- git config --path gcrypt.keyring $PWD/.git/keyring.gpg
+ git config --global gcrypt.participants YOURKEYID
Create an encrypted remote by pushing to it:
@@ -50,7 +49,7 @@ Create an encrypted remote by pushing to it:
> To gcrypt::[...]
> * [new branch] master -> master
-Share the updated Repository URL with everyone in the keyring.
+Share the updated Repository URL with all participants.
(The generated Repository ID is not secret, it only exists to ensure
that two repositories signed by the same user can not be maliciously
@@ -68,16 +67,17 @@ evaluate how well we meet this design goal!
Configuration
=============
-*gcrypt.keyring*
- Path to the GPG keyring file containing the public keys of all
- participants. This file can be created using ``gpg --export``.
+*gcrypt.participants*
+ Space-separated list of GPG key identifiers. The remote is
+ encrypted to these participants and only signatures from these
+ are accepted. ``gpg -k`` lists all public keys you know.
-git-remote-gcrypt respects the variable *user.signingkey*.
+You should set *user.signingkey* if your default signing key is not part
+of the participant list.
The encryption of the manifest is updated for each push. The pusher must
-have the public keys of all collaborators in the keyring. You can
-commit the keyring to the repo, further key management features do not
-yet exist.
+have the public keys of all collaborators. You can commit a keyring to
+the repo, further key management features do not yet exist.
GPG configuration applies to public-key encryption, symmetric
encryption, and signing. See `man gpg` for more information.
@@ -88,8 +88,7 @@ Examples
::
- gpg --export YOURKEYID > $PWD/.git/keyring.gpg
- git config gcrypt.keyring $PWD/.git/keyring.gpg
+ git config gcrypt.participants YOURKEYID
git remote add cryptremote gcrypt::ssh://example.com:repo
git push cryptremote HEAD
diff --git a/git-remote-gcrypt b/git-remote-gcrypt
index cc92378..935218a 100755
--- a/git-remote-gcrypt
+++ b/git-remote-gcrypt
@@ -23,6 +23,10 @@ Branchlist=
Packlist=
Extension_list=
+Recipients=
+Signers=
+Goodsig=
+
# compat/utility functions
xecho()
{
@@ -232,19 +236,19 @@ EOF
# Encrypt to recipients $1
PRIVENCRYPT()
{
- addsignkeyparam gpg --no-default-keyring --keyring "$Conf_keyring" \
- --compress-algo none -se $1
+ addsignkeyparam gpg --compress-algo none -se $1
}
PRIVDECRYPT()
{
local status_=
exec 4>&1 &&
- status_=$(gpg --no-default-keyring --keyring "$Conf_keyring" \
- --status-fd 3 -q -d 3>&1 1>&4) &&
+ status_=$(gpg --status-fd 3 -q -d 3>&1 1>&4) &&
xecho "$status_" | grep "^\[GNUPG:\] ENC_TO " >/dev/null &&
- (xecho "$status_" | grep "^\[GNUPG:\] GOODSIG " >/dev/null || {
- echo_info "Failed to verify manifest signature!" && return 1
+ (xecho "$status_" | grep -e "$Goodsig" >/dev/null || {
+ echo_info "Failed to verify manifest signature!" &&
+ echo_info "Only accepting signatories: ${Signers:-(none)}" &&
+ return 1
})
}
@@ -269,26 +273,6 @@ safe_git_rev_parse()
xgrep -v "missing" | cut -f 1 -d ' '
}
-check_recipients()
-{
- # Find which keys in the keyring we can encrypt to
- Recipients=$(gpg --no-default-keyring --keyring "$Conf_keyring" \
- --with-colons --fast-list -k | xgrep ^pub | \
- while read rc_line; do
- cap_=$(xecho "$rc_line" | cut -f 12 -d :)
- keyid_=$(xecho "$rc_line" | cut -f 5 -d :)
- iseq "${cap_#*E}" "$cap_" || xecho_n "-R $keyid_ "
- done)
- if isnull "$Recipients"
- then
- echo_info "You must configure a keyring for the repository."
- echo_info "Use ::"
- echo_info " gpg --export KEYID1 > <path-to-keyring>"
- echo_info " git config gcrypt.keyring <path-to-keyring>"
- exit 1
- fi
-}
-
make_new_repo()
{
local urlid_= fix_config=
@@ -314,8 +298,43 @@ make_new_repo()
read_config()
{
- Conf_keyring=$(git config --path gcrypt.keyring || xecho "/dev/null")
+ local recp_= key_line= cap_= conf_keyring= conf_part=
Conf_signkey=$(git config --path user.signingkey || :)
+ conf_keyring=$(git config --path gcrypt.keyring || :)
+ conf_part=$(git config --get gcrypt.participants '.+' || :)
+
+ # Figure out which keys we should encrypt to or accept signatures from
+ if isnonnull "$conf_keyring" && isnull "$conf_part"
+ then
+ echo_info "WARNING: Setting gcrypt.keyring is deprecated," \
+ "use gcrypt.participants instead."
+ conf_part=$(gpg --no-default-keyring --keyring "$conf_keyring" \
+ --with-colons --fast-list -k | grep ^pub | cut -f 5 -d :)
+ fi
+
+ for recp_ in $conf_part
+ do
+ key_line=$(gpg --with-colons --fast-list -k "$recp_" | xgrep ^pub)
+ keyid_=$(xecho "$key_line" | cut -f 5 -d :)
+
+ isnonnull "$keyid_" &&
+ Signers="$Signers $keyid_" &&
+ Goodsig=$(append "$Goodsig" "^\[GNUPG:\] GOODSIG $keyid_") || {
+ echo_info "WARNING: Skipping missing key $recp_"
+ continue
+ }
+ # Check 'E'ncrypt capability
+ cap_=$(xecho "$key_line" | cut -f 12 -d :)
+ iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_"
+ done
+
+ if isnull "$Recipients"
+ then
+ echo_info "You have not configured any keys to encrypt to for this repository"
+ echo_info "Use ::"
+ echo_info " git config gcrypt.participants YOURKEYID"
+ exit 1
+ fi
}
ensure_connected()
@@ -347,15 +366,8 @@ ensure_connected()
Did_find_repo=yes
echo_info "Decrypting manifest"
manifest_=$(PRIVDECRYPT < "$TmpManifest_Enc") &&
- isnonnull "$manifest_" || {
- echo_info "Failed to decrypt manifest!"
- echo_info "Using keyring $Conf_keyring"
- if iseq "$Conf_keyring" "/dev/null"
- then
- echo_info "NOTE: Please configure gcrypt.keyring"
- fi
- exit 1
- }
+ isnonnull "$manifest_" ||
+ echo_die "Failed to decrypt manifest!"
rm -f "$TmpManifest_Enc"
trap - EXIT
@@ -453,7 +465,6 @@ do_push()
del_hash=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ensure_connected
- check_recipients
if iseq "$Did_find_repo" "no"
then