From ffb3814093db608e2b8c2d04767e826126c106ee Mon Sep 17 00:00:00 2001 From: Wolfgang Wiedmeyer Date: Thu, 17 Mar 2016 21:53:27 +0100 Subject: remove joeyh patch It's already his version, so patch is not needed. Signed-off-by: Wolfgang Wiedmeyer --- debian/patches/0001-joeyh-patches.patch | 260 -------------------------------- debian/patches/series | 1 - 2 files changed, 261 deletions(-) delete mode 100644 debian/patches/0001-joeyh-patches.patch delete mode 100644 debian/patches/series diff --git a/debian/patches/0001-joeyh-patches.patch b/debian/patches/0001-joeyh-patches.patch deleted file mode 100644 index 14db716..0000000 --- a/debian/patches/0001-joeyh-patches.patch +++ /dev/null @@ -1,260 +0,0 @@ -From: Sean Whitton -Date: Sat, 12 Dec 2015 16:06:55 -0700 -Subject: joeyh-patches - ---- - README.rst | 32 +++++++++++++++++-- - git-remote-gcrypt | 93 +++++++++++++++++++++++++++++++++++++++++-------------- - 2 files changed, 98 insertions(+), 27 deletions(-) - -diff --git a/README.rst b/README.rst -index f177913..ba06259 100644 ---- a/README.rst -+++ b/README.rst -@@ -60,10 +60,25 @@ The following ``git-config(1)`` variables are supported: - The ``gcrypt-participants`` setting on the remote takes precedence - over the repository variable ``gcrypt.participants``. - -+``remote..gcrypt-publish-participants`` -+ .. -+``gcrypt.publish-participants`` -+ By default, the gpg key ids of the participants are obscured by -+ encrypting using `gpg -R`. Setting this option to `true` disables -+ that security measure. -+ -+ The problem with using `gpg -R` is that to decrypt, gpg tries each -+ available secret key in turn until it finds a usable key. -+ This can result in unncessary passphrase prompts. -+ -+``remote..gcrypt-signingkey`` -+ .. - ``user.signingkey`` -- (From regular git configuration) The key to use for signing. You -- should set ``user.signingkey`` if your default signing key is not -- part of the participant list. -+ (The latter from regular git configuration) The key to use for signing. -+ You should set ``user.signingkey`` if your default signing key is not -+ part of the participant list. You may use the per-remote version -+ to sign different remotes using different keys. -+ - - Environment Variables - ===================== -@@ -170,6 +185,17 @@ Each item extends until newline, and matches one of the following: - ``extn ...`` - Extension field, preserved but unused. - -+Detecting gcrypt repos -+====================== -+ -+To detect if a git url is a gcrypt repo, use: git-remote-gcrypt --check url -+Exit status if 0 if the repo exists and can be decrypted, 1 if the repo -+uses gcrypt but could not be decrypted, and 100 if the repo is not -+encrypted with gcrypt (or could not be accessed). -+ -+Note that this has to fetch the repo contents into the local git -+repository, the same as is done when using a gcrypt repo. -+ - See Also - ======== - -diff --git a/git-remote-gcrypt b/git-remote-gcrypt -index bb19652..8d68669 100755 ---- a/git-remote-gcrypt -+++ b/git-remote-gcrypt -@@ -18,7 +18,6 @@ - # See README.rst for usage instructions - - set -e # errexit --set -u # nounset - set -f # noglob - set -C # noclobber - -@@ -177,8 +176,10 @@ update_tree() - { - local tab_=" " - # $2 is a filename from the repo format -- (git ls-tree "$1" | xgrep -v -E '\b'"$2"'$'; -- xecho "100644 blob $3$tab_$2") | git mktree -+ (set +e; -+ git ls-tree "$1" | xgrep -v -E '\b'"$2"'$'; -+ xecho "100644 blob $3$tab_$2" -+ ) | git mktree - } - - # Put giturl $1, file $2 -@@ -313,14 +314,14 @@ CLEAN_FINAL() - - ENCRYPT() - { -- gpg --batch --force-mdc --compress-algo none --passphrase-fd 3 -c 3<&1 && -- status_=$(gpg --status-fd 3 -q -d 3>&1 1>&4) && -+ status_=$(rungpg --status-fd 3 -q -d 3>&1 1>&4) && - xfeed "$status_" grep "^\[GNUPG:\] ENC_TO " >/dev/null && - (xfeed "$status_" grep -e "$1" >/dev/null || { - echo_info "Failed to verify manifest signature!" && -@@ -353,17 +354,29 @@ PRIVDECRYPT() - # Generate $1 random bytes - genkey() - { -- gpg --armor --gen-rand 1 "$1" -+ rungpg --armor --gen-rand 1 "$1" - } - - gpg_hash() - { - local hash_= -- hash_=$(gpg --with-colons --print-md "$1" | tr A-F a-f) -+ hash_=$(rungpg --with-colons --print-md "$1" | tr A-F a-f) - hash_=${hash_#:*:} - xecho "${hash_%:}" - } - -+rungpg() -+{ -+ # gpg will fail to run when there is no controlling tty, -+ # due to trying to print messages to it, even if a gpg agent is set -+ # up. --no-tty fixes this. -+ if [ "x$GPG_AGENT_INFO" != "x" ]; then -+ gpg --no-tty "$@" -+ else -+ gpg "$@" -+ fi -+} -+ - # Pass the branch/ref by pipe to git - safe_git_rev_parse() - { -@@ -388,10 +401,13 @@ make_new_repo() - # $1 return var for goodsig match, $2 return var for signers text - read_config() - { -- local recp_= r_keyinfo= cap_= conf_part= good_sig= signers_= -- Conf_signkey=$(git config --path user.signingkey || :) -+ local recp_= r_keyinfo= r_keyfpr= gpg_list= cap_= conf_part= good_sig= signers_= -+ Conf_signkey=$(git config --get "remote.$NAME.gcrypt-signingkey" '.+' || -+ git config --path user.signingkey || :) - conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' || - git config --get gcrypt.participants '.+' || :) -+ Conf_pubish_participants=$(git config --get --bool "remote.$NAME.gcrypt-publish-participants" '.+' || -+ git config --get --bool gcrypt.publish-participants || :) - - # Figure out which keys we should encrypt to or accept signatures from - if isnull "$conf_part" || iseq "$conf_part" simple -@@ -406,22 +422,33 @@ read_config() - - for recp_ in $conf_part - do -- filter_to @r_keyinfo "pub*" \ -- "$(gpg --with-colons --fast-list -k "$recp_")" -+ gpg_list=$(rungpg --with-colons --fingerprint -k "$recp_") -+ filter_to @r_keyinfo "pub*" "$gpg_list" -+ filter_to @r_keyfpr "fpr*" "$gpg_list" - isnull "$r_keyinfo" || isnonnull "${r_keyinfo##*"$Newline"*}" || - echo_info "WARNING: '$recp_' matches multiple keys, using one" -+ isnull "$r_keyfpr" || isnonnull "${r_keyfpr##*"$Newline"*}" || -+ echo_info "WARNING: '$recp_' matches multiple fingerprints, using one" - r_keyinfo=${r_keyinfo%%"$Newline"*} -+ r_keyfpr=${r_keyfpr%%"$Newline"*} - keyid_=$(xfeed "$r_keyinfo" cut -f 5 -d :) -+ fprid_=$(xfeed "$r_keyfpr" cut -f 10 -d :) - -- isnonnull "$keyid_" && -+ isnonnull "$fprid_" && - signers_="$signers_ $keyid_" && -- append_to @good_sig "^\[GNUPG:\] GOODSIG $keyid_" || { -+ append_to @good_sig "^\[GNUPG:\] VALIDSIG .*$fprid_$" || { - echo_info "WARNING: Skipping missing key $recp_" - continue - } - # Check 'E'ncrypt capability - cap_=$(xfeed "$r_keyinfo" cut -f 12 -d :) -- iseq "${cap_#*E}" "$cap_" || Recipients="$Recipients -R $keyid_" -+ if ! iseq "${cap_#*E}" "$cap_"; then -+ if [ "$Conf_pubish_participants" = true ]; then -+ Recipients="$Recipients -r $keyid_" -+ else -+ Recipients="$Recipients -R $keyid_" -+ fi -+ fi - done - - if isnull "$Recipients" -@@ -778,14 +805,8 @@ cleanup_tmpfiles() - rm -r -f -- "${Tempdir}" >&2 - } - --# handle git-remote-helpers protocol --gcrypt_main_loop() -+setup() - { -- local input_= input_inner= r_args= temp_key= -- -- NAME=$1 # Remote name -- URL=$2 # Remote URL -- - mkdir -p "$Localdir" - - # Set up a subdirectory in /tmp -@@ -797,6 +818,17 @@ gcrypt_main_loop() - trap 'exit 1' 1 2 3 15 - - echo_info "Development version -- Repository format MAY CHANGE" -+} -+ -+# handle git-remote-helpers protocol -+gcrypt_main_loop() -+{ -+ local input_= input_inner= r_args= temp_key= -+ -+ NAME=$1 # Remote name -+ URL=$2 # Remote URL -+ -+ setup - - while read input_ - do -@@ -848,4 +880,17 @@ gcrypt_main_loop() - done - } - --gcrypt_main_loop "$@" -+if [ "x$1" = x--check ] -+then -+ NAME=dummy-gcrypt-check -+ URL=$2 -+ setup -+ ensure_connected -+ git remote remove $NAME 2>/dev/null || true -+ if iseq "$Did_find_repo" "no" -+ then -+ exit 100 -+ fi -+else -+ gcrypt_main_loop "$@" -+fi diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 945da4e..0000000 --- a/debian/patches/series +++ /dev/null @@ -1 +0,0 @@ -0001-joeyh-patches.patch -- cgit v1.1