initremote, enableremote: Support gpg subkeys suffixed with an exclamation mark, which forces gpg to use a specific subkey.

This commit was sponsored by Peter Hogg on Patreon.
2017-05-24 14:08:02 -04:00 · 2017-05-24 14:08:02 -04:00 · 35465b6062
commit 35465b6062
parent dd65ea52c3
3 changed files with 29 additions and 1 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+git-annex (6.20170520) UNRELEASED; urgency=medium
+
+  * initremote, enableremote: Support gpg subkeys suffixed with an
+    exclamation mark, which forces gpg to use a specific subkey.
+
+ -- Joey Hess <id@joeyh.name>  Wed, 24 May 2017 14:03:40 -0400
+
 git-annex (6.20170519) unstable; urgency=medium

  * Ssh password prompting improved when using -J for concurrency.
--- a/Utility/Gpg.hs
+++ b/Utility/Gpg.hs
@ -157,7 +157,11 @@ pipeLazy (GpgCmd cmd) params feeder reader = do
 - a key id, or a name; See the section 'HOW TO SPECIFY A USER ID' of
 - GnuPG's manpage.) -}
 findPubKeys :: GpgCmd -> String -> IO KeyIds
-findPubKeys cmd for = KeyIds . parse . lines <$> readStrict cmd params
+findPubKeys cmd for
+	-- "subkey!" tells gpg to force use of a specific subkey,
+	-- so pass it through as-is rather than looking up the master key.
+	| "!" `isSuffixOf` for = return $ KeyIds [for]
+	| otherwise = KeyIds . parse . lines <$> readStrict cmd params
  where
 	params = [Param "--with-colons", Param "--list-public-keys", Param for]
 	parse = mapMaybe (keyIdField . splitc ':')
--- a/doc/encryption/comment_10_6416ee43ffad1c306ef71247ae71a6c5._comment
+++ b/doc/encryption/comment_10_6416ee43ffad1c306ef71247ae71a6c5._comment
@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 10"""
+ date="2017-05-24T17:47:46Z"
+ content="""
+@Yurt, git-annex will let you specify the gpg key id using anything that gpg
+accepts, including a keyid with a appended '!'. However, when I tried that,
+gpg seemed to still pick the master key instead of the subkey. That
+happens because git-annex runs the input through `gpg --list-public-keys`
+(in order to convert eg, email addresses to key ids)
+which always lists the master key even when given a subkey.
+
+I made a small change to git-annex to special case this '!' suffix
+behavior. Seems to work in my very limited testing.
+
+Please file bug reports about this kind of thing!
+"""]]