diff --git a/CHANGELOG b/CHANGELOG index bd9cb326db..0d65af1c94 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,10 @@ +git-annex (6.20170520) UNRELEASED; urgency=medium + + * initremote, enableremote: Support gpg subkeys suffixed with an + exclamation mark, which forces gpg to use a specific subkey. + + -- Joey Hess Wed, 24 May 2017 14:03:40 -0400 + git-annex (6.20170519) unstable; urgency=medium * Ssh password prompting improved when using -J for concurrency. diff --git a/Utility/Gpg.hs b/Utility/Gpg.hs index 336711b3ff..c20be754f9 100644 --- a/Utility/Gpg.hs +++ b/Utility/Gpg.hs @@ -157,7 +157,11 @@ pipeLazy (GpgCmd cmd) params feeder reader = do - a key id, or a name; See the section 'HOW TO SPECIFY A USER ID' of - GnuPG's manpage.) -} findPubKeys :: GpgCmd -> String -> IO KeyIds -findPubKeys cmd for = KeyIds . parse . lines <$> readStrict cmd params +findPubKeys cmd for + -- "subkey!" tells gpg to force use of a specific subkey, + -- so pass it through as-is rather than looking up the master key. + | "!" `isSuffixOf` for = return $ KeyIds [for] + | otherwise = KeyIds . parse . lines <$> readStrict cmd params where params = [Param "--with-colons", Param "--list-public-keys", Param for] parse = mapMaybe (keyIdField . splitc ':') diff --git a/doc/encryption/comment_10_6416ee43ffad1c306ef71247ae71a6c5._comment b/doc/encryption/comment_10_6416ee43ffad1c306ef71247ae71a6c5._comment new file mode 100644 index 0000000000..ae2fb88a49 --- /dev/null +++ b/doc/encryption/comment_10_6416ee43ffad1c306ef71247ae71a6c5._comment @@ -0,0 +1,17 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 10""" + date="2017-05-24T17:47:46Z" + content=""" +@Yurt, git-annex will let you specify the gpg key id using anything that gpg +accepts, including a keyid with a appended '!'. However, when I tried that, +gpg seemed to still pick the master key instead of the subkey. That +happens because git-annex runs the input through `gpg --list-public-keys` +(in order to convert eg, email addresses to key ids) +which always lists the master key even when given a subkey. + +I made a small change to git-annex to special case this '!' suffix +behavior. Seems to work in my very limited testing. + +Please file bug reports about this kind of thing! +"""]]