deal with old repositories with non-encrypted creds
See 2f3c3aa01f for backstory about how a repo
could be in this state.
When decryption fails, the repo must be using non-encrypted creds. Note
that creds are encrypted/decrypted using the encryption cipher which is
stored in the repo, so the decryption cannot fail due to missing gpg keys
etc. (For !shared encryptiom, the cipher is iteself encrypted using some
gpg key(s), and the decryption of the cipher happens earlier, so not
affected by this change.
Print a warning message for !shared repos, and continue on using the
cipher. Wrote a page explaining what users hit by this bug should do.
This commit was sponsored by Samuel Tardieu.
This commit is contained in:
Joey Hess
parent
2f3c3aa01f
commit
0ed33c8b74
4 changed files with 64 additions and 11 deletions
3
debian/changelog
vendored
3
debian/changelog
vendored
|
|
@ -3,6 +3,9 @@ git-annex (5.20140916) UNRELEASED; urgency=medium
|
|||
* Security fix for S3 and glacier when using embedcreds=yes with
|
||||
encryption=pubkey or encryption=hybrid.
|
||||
The creds embedded in the git repo were *not* encrypted.
|
||||
git-annex enableremote will warn when used on a remote that has
|
||||
this problem. For details, see:
|
||||
https://git-annex.branchable.com/upgrades/insecure_embedded_creds/
|
||||
* assistant: Detect when repository has been deleted or moved, and
|
||||
automatically shut down the assistant. Closes: #761261
|
||||
* Windows: Avoid crashing trying to list gpg secret keys, for gcrypt
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue