From d69b41ab01721d4e2b5ee79c08c42a57ca151450 Mon Sep 17 00:00:00 2001 From: Wolfgang Wiedmeyer Date: Thu, 17 Mar 2016 21:48:05 +0100 Subject: add debian folder from latest debian release (0.20130908-8) Signed-off-by: Wolfgang Wiedmeyer --- debian/changelog | 65 ++++++++ debian/compat | 1 + debian/control | 23 +++ debian/copyright | 19 +++ debian/gbp.conf | 10 ++ debian/lintian-overrides | 2 + debian/patches/0001-joeyh-patches.patch | 260 ++++++++++++++++++++++++++++++++ debian/patches/series | 1 + debian/rules | 11 ++ debian/source/format | 1 + debian/source/lintian-overrides | 1 + 11 files changed, 394 insertions(+) create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/gbp.conf create mode 100644 debian/lintian-overrides create mode 100644 debian/patches/0001-joeyh-patches.patch create mode 100644 debian/patches/series create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 debian/source/lintian-overrides diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..4882397 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,65 @@ +git-remote-gcrypt (0.20130908-8) unstable; urgency=medium + + * Adopt git-remote-gcrypt package (Closes: #771020). + * Install man page using rst2man, rather than just installing README.rst + (Closes: #725455). + * Add Vcs-Git: & Vcs-Browser: pointing at my repository. + * Switch dpkg-source format to 3.0 (quilt). + * Move changes by Joey Hess into a quilt patch. + Update debian/copyright accordingly. + * Bump Standards-Version. + * Add debian/gbp.conf. + * Override Lintian tags no-upstream-changelog & debian-watch-file-is-missing. + + -- Sean Whitton Thu, 07 Jan 2016 11:03:01 -0700 + +git-remote-gcrypt (0.20130908-7) unstable; urgency=medium + + * Added gcrypt.publish-participants configuration setting. + + -- Joey Hess Tue, 15 Jul 2014 17:40:22 -0400 + +git-remote-gcrypt (0.20130908-6) unstable; urgency=medium + + * Fix to work when there is no controlling terminal, but GPG_AGENT_INFO + is set. Pass --no-tty to gpg in this situation. This is needed + to interoperate with the git-annex assistant, which often runs without + a controlling terminal, and will in a new version always do so. + + -- Joey Hess Thu, 15 May 2014 14:35:03 -0400 + +git-remote-gcrypt (0.20130908-5) unstable; urgency=low + + * Better signature validation for subkeys. + Closes https://github.com/blake2-ppc/git-remote-gcrypt/pull/7 + * Stop passing --fast-list to gpg as this sometimes causes it to not + display key fingerprints, which git-remote-gcrpyt needs. + Closes https://github.com/blake2-ppc/git-remote-gcrypt/issues/8 + + -- Joey Hess Thu, 26 Sep 2013 15:58:52 -0400 + +git-remote-gcrypt (0.20130908-4) unstable; urgency=low + + * Added --check option. + + -- Joey Hess Thu, 19 Sep 2013 12:10:24 -0400 + +git-remote-gcrypt (0.20130908-3) unstable; urgency=low + + * Add remote..gcrypt-signingkey config. + + -- Joey Hess Tue, 17 Sep 2013 15:33:35 -0400 + +git-remote-gcrypt (0.20130908-2) unstable; urgency=low + + * Set --trust-model=always when encrypting. + Needed to interoperate with git-annex. + Closes https://github.com/blake2-ppc/git-remote-gcrypt/issues/3 + + -- Joey Hess Mon, 16 Sep 2013 15:49:16 -0400 + +git-remote-gcrypt (0.20130908-1) unstable; urgency=low + + * Initial release. + + -- Joey Hess Sun, 08 Sep 2013 20:08:23 -0400 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..ae8f9d2 --- /dev/null +++ b/debian/control @@ -0,0 +1,23 @@ +Source: git-remote-gcrypt +Section: vcs +Priority: optional +Build-Depends: debhelper (>= 9), python-docutils (>= 0.12+dfsg) +Maintainer: Sean Whitton +Standards-Version: 3.9.6 +Homepage: https://github.com/bluss/git-remote-gcrypt +Vcs-Git: https://git.spwhitton.name/git-remote-gcrypt +Vcs-Browser: https://git.spwhitton.name/?p=git-remote-gcrypt.git;a=summary + +Package: git-remote-gcrypt +Architecture: all +Depends: git, gnupg | gnupg2, ${misc:Depends} +Recommends: rsync, curl +Description: encrypted git repositories + This lets git store git repositories in encrypted form. + It supports storing repositories on rsync or sftp servers. + It can also store the encrypted git repository inside a remote git + repository. All the regular git commands like git push and git pull + can be used to operate on such an encrypted repository. + . + The aim is to provide confidential, authenticated git storage and + collaboration using typical untrusted file hosts or services. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..8eca5c0 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,19 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Source: https://github.com/bluss/git-remote-gcrypt + +Files: * +Copyright: (C) 2013 engla +License: GPL-2+ + +Files: debian/* +Copyright: (C) 2015 Sean Whitton + (C) 2013, 2014 Joey Hess +License: GPL-2+ + +Files: debian/patches/0001-joeyh-patches.patch +Copyright: (C) 2013, 2014 Joey Hess +License: GPL-2+ + +License: GPL-2+ + On Debian systems, the complete text of the GPL-2 can be found in + /usr/share/common-licenses/GPL-2. diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..4f39baa --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,10 @@ +[DEFAULT] +upstream-branch = upstream +debian-branch = master +upstream-tag = %(version)s +debian-tag = debian/%(version)s + +#postbuild = lintian $GBP_CHANGES_FILE +color = on +compression = gz +compression-level = 9 diff --git a/debian/lintian-overrides b/debian/lintian-overrides new file mode 100644 index 0000000..0aa67ea --- /dev/null +++ b/debian/lintian-overrides @@ -0,0 +1,2 @@ +no-upstream-changelog + diff --git a/debian/patches/0001-joeyh-patches.patch b/debian/patches/0001-joeyh-patches.patch new file mode 100644 index 0000000..14db716 --- /dev/null +++ b/debian/patches/0001-joeyh-patches.patch @@ -0,0 +1,260 @@ +From: Sean Whitton +Date: Sat, 12 Dec 2015 16:06:55 -0700 +Subject: joeyh-patches + +--- + README.rst | 32 +++++++++++++++++-- + git-remote-gcrypt | 93 +++++++++++++++++++++++++++++++++++++++++-------------- + 2 files changed, 98 insertions(+), 27 deletions(-) + +diff --git a/README.rst b/README.rst +index f177913..ba06259 100644 +--- a/README.rst ++++ b/README.rst +@@ -60,10 +60,25 @@ The following ``git-config(1)`` variables are supported: + The ``gcrypt-participants`` setting on the remote takes precedence + over the repository variable ``gcrypt.participants``. + ++``remote..gcrypt-publish-participants`` ++ .. ++``gcrypt.publish-participants`` ++ By default, the gpg key ids of the participants are obscured by ++ encrypting using `gpg -R`. Setting this option to `true` disables ++ that security measure. ++ ++ The problem with using `gpg -R` is that to decrypt, gpg tries each ++ available secret key in turn until it finds a usable key. ++ This can result in unncessary passphrase prompts. ++ ++``remote..gcrypt-signingkey`` ++ .. + ``user.signingkey`` +- (From regular git configuration) The key to use for signing. You +- should set ``user.signingkey`` if your default signing key is not +- part of the participant list. ++ (The latter from regular git configuration) The key to use for signing. ++ You should set ``user.signingkey`` if your default signing key is not ++ part of the participant list. You may use the per-remote version ++ to sign different remotes using different keys. ++ + + Environment Variables + ===================== +@@ -170,6 +185,17 @@ Each item extends until newline, and matches one of the following: + ``extn ...`` + Extension field, preserved but unused. + ++Detecting gcrypt repos ++====================== ++ ++To detect if a git url is a gcrypt repo, use: git-remote-gcrypt --check url ++Exit status if 0 if the repo exists and can be decrypted, 1 if the repo ++uses gcrypt but could not be decrypted, and 100 if the repo is not ++encrypted with gcrypt (or could not be accessed). ++ ++Note that this has to fetch the repo contents into the local git ++repository, the same as is done when using a gcrypt repo. ++ + See Also + ======== + +diff --git a/git-remote-gcrypt b/git-remote-gcrypt +index bb19652..8d68669 100755 +--- a/git-remote-gcrypt ++++ b/git-remote-gcrypt +@@ -18,7 +18,6 @@ + # See README.rst for usage instructions + + set -e # errexit +-set -u # nounset + set -f # noglob + set -C # noclobber + +@@ -177,8 +176,10 @@ update_tree() + { + local tab_=" " + # $2 is a filename from the repo format +- (git ls-tree "$1" | xgrep -v -E '\b'"$2"'$'; +- xecho "100644 blob $3$tab_$2") | git mktree ++ (set +e; ++ git ls-tree "$1" | xgrep -v -E '\b'"$2"'$'; ++ xecho "100644 blob $3$tab_$2" ++ ) | git mktree + } + + # Put giturl $1, file $2 +@@ -313,14 +314,14 @@ CLEAN_FINAL() + + ENCRYPT() + { +- gpg --batch --force-mdc --compress-algo none --passphrase-fd 3 -c 3<&1 && +- status_=$(gpg --status-fd 3 -q -d 3>&1 1>&4) && ++ status_=$(rungpg --status-fd 3 -q -d 3>&1 1>&4) && + xfeed "$status_" grep "^\[GNUPG:\] ENC_TO " >/dev/null && + (xfeed "$status_" grep -e "$1" >/dev/null || { + echo_info "Failed to verify manifest signature!" && +@@ -353,17 +354,29 @@ PRIVDECRYPT() + # Generate $1 random bytes + genkey() + { +- gpg --armor --gen-rand 1 "$1" ++ rungpg --armor --gen-rand 1 "$1" + } + + gpg_hash() + { + local hash_= +- hash_=$(gpg --with-colons --print-md "$1" | tr A-F a-f) ++ hash_=$(rungpg --with-colons --print-md "$1" | tr A-F a-f) + hash_=${hash_#:*:} + xecho "${hash_%:}" + } + ++rungpg() ++{ ++ # gpg will fail to run when there is no controlling tty, ++ # due to trying to print messages to it, even if a gpg agent is set ++ # up. --no-tty fixes this. ++ if [ "x$GPG_AGENT_INFO" != "x" ]; then ++ gpg --no-tty "$@" ++ else ++ gpg "$@" ++ fi ++} ++ + # Pass the branch/ref by pipe to git + safe_git_rev_parse() + { +@@ -388,10 +401,13 @@ make_new_repo() + # $1 return var for goodsig match, $2 return var for signers text + read_config() + { +- local recp_= r_keyinfo= cap_= conf_part= good_sig= signers_= +- Conf_signkey=$(git config --path user.signingkey || :) ++ local recp_= r_keyinfo= r_keyfpr= gpg_list= cap_= conf_part= good_sig= signers_= ++ Conf_signkey=$(git config --get "remote.$NAME.gcrypt-signingkey" '.+' || ++ git config --path user.signingkey || :) + conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' || + git config --get gcrypt.participants '.+' || :) ++ Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' || ++ git config --get --bool gcrypt.publish-participants || :) + + # Figure out which keys we should encrypt to or accept signatures from + if isnull "$conf_part" || iseq "$conf_part" simple +@@ -406,22 +422,33 @@ read_config() + + for recp_ in $conf_part + do +- filter_to @r_keyinfo "pub*" \ +- "$(gpg --with-colons --fast-list -k "$recp_")" ++ gpg_list=$(rungpg --with-colons --fingerprint -k "$recp_") ++ filter_to @r_keyinfo "pub*" "$gpg_list" ++ filter_to @r_keyfpr "fpr*" "$gpg_list" + isnull "$r_keyinfo" || isnonnull "${r_keyinfo##*"$Newline"*}" || + echo_info "WARNING: '$recp_' matches multiple keys, using one" ++ isnull "$r_keyfpr" || isnonnull "${r_keyfpr##*"$Newline"*}" || ++ echo_info "WARNING: '$recp_' matches multiple fingerprints, using one" + r_keyinfo=${r_keyinfo%%"$Newline"*} ++ r_keyfpr=${r_keyfpr%%"$Newline"*} + keyid_=$(xfeed "$r_keyinfo" cut -f 5 -d :) ++ fprid_=$(xfeed "$r_keyfpr" cut -f 10 -d :) + +- isnonnull "$keyid_" && ++ isnonnull "$fprid_" && + signers_="$signers_ $keyid_" && +- append_to @good_sig "^\[GNUPG:\] GOODSIG $keyid_" || { ++ append_to @good_sig "^\[GNUPG:\] VALIDSIG .*$fprid_$" || { + echo_info "WARNING: Skipping missing key $recp_" + continue + } + # Check 'E'ncrypt capability + cap_=$(xfeed "$r_keyinfo" cut -f 12 -d :) +- iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_" ++ if ! iseq "${cap_#*E}" "$cap_"; then ++ if [ "$Conf_pubish_participants" = true ]; then ++ Recipients="$Recipients -r $keyid_" ++ else ++ Recipients="$Recipients -R $keyid_" ++ fi ++ fi + done + + if isnull "$Recipients" +@@ -778,14 +805,8 @@ cleanup_tmpfiles() + rm -r -f -- "${Tempdir}" >&2 + } + +-# handle git-remote-helpers protocol +-gcrypt_main_loop() ++setup() + { +- local input_= input_inner= r_args= temp_key= +- +- NAME=$1 # Remote name +- URL=$2 # Remote URL +- + mkdir -p "$Localdir" + + # Set up a subdirectory in /tmp +@@ -797,6 +818,17 @@ gcrypt_main_loop() + trap 'exit 1' 1 2 3 15 + + echo_info "Development version -- Repository format MAY CHANGE" ++} ++ ++# handle git-remote-helpers protocol ++gcrypt_main_loop() ++{ ++ local input_= input_inner= r_args= temp_key= ++ ++ NAME=$1 # Remote name ++ URL=$2 # Remote URL ++ ++ setup + + while read input_ + do +@@ -848,4 +880,17 @@ gcrypt_main_loop() + done + } + +-gcrypt_main_loop "$@" ++if [ "x$1" = x--check ] ++then ++ NAME=dummy-gcrypt-check ++ URL=$2 ++ setup ++ ensure_connected ++ git remote remove $NAME 2>/dev/null || true ++ if iseq "$Did_find_repo" "no" ++ then ++ exit 100 ++ fi ++else ++ gcrypt_main_loop "$@" ++fi diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..945da4e --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +0001-joeyh-patches.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..26ba625 --- /dev/null +++ b/debian/rules @@ -0,0 +1,11 @@ +#!/usr/bin/make -f +%: + dh $@ + +override_dh_auto_build: + true +override_dh_auto_clean: + true + +override_dh_auto_install: + prefix=/usr DESTDIR=debian/git-remote-gcrypt ./install.sh diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..45d1f2a --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1 @@ +debian-watch-file-is-missing -- cgit v1.1